summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrunge <runge@karlrunge.com>2010-03-21 00:05:51 -0400
committerrunge <runge@karlrunge.com>2010-03-21 00:05:51 -0400
commit97540de56ca8a975ed31d86879d0e5c4cf169173 (patch)
tree6c8c0a28c3559a15c6a76bed92dc2a4c62630914
parentedb79ae2b1d39bc12d489bcded74ab966e019994 (diff)
downloadlibtdevnc-97540de56ca8a975ed31d86879d0e5c4cf169173.tar.gz
libtdevnc-97540de56ca8a975ed31d86879d0e5c4cf169173.zip
classes/ssl: Many improvements to Java SSL applet, onetimekey
serverCert param, debugging printout, user dialogs, catch socket exceptions, autodetect x11vnc for GET=1. x11vnc: misc/scripts: desktop.cgi, inet6to4, panner.pl. X11VNC_HTTPS_DOWNLOAD_WAIT_TIME, -unixpw %xxx documented, and can run user cmd in UNIXPW_CMD. FD_XDMCP_IF for create script, autodetect dm on udp6 only. Queries: pointer_x, pointer_y, pointer_same, pointer_root. Switch on -xkd if keysyms per key > 4 in all cases. daemon mode improvements for connect_switch, inet6to4, ultravnc_repeater.pl. Dynamic change of -clip do not create new fb if WxH is unchanged.
-rw-r--r--classes/ssl/README67
-rw-r--r--classes/ssl/SignedUltraViewerSSL.jarbin108090 -> 112002 bytes
-rw-r--r--classes/ssl/SignedVncViewer.jarbin84103 -> 88016 bytes
-rw-r--r--classes/ssl/UltraViewerSSL.jarbin105068 -> 108926 bytes
-rw-r--r--classes/ssl/VncViewer.jarbin81177 -> 85036 bytes
-rwxr-xr-xclasses/ssl/onetimekey20
-rw-r--r--classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch620
-rw-r--r--classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch638
-rw-r--r--x11vnc/ChangeLog13
-rw-r--r--x11vnc/README3218
-rw-r--r--x11vnc/cursor.c3
-rw-r--r--x11vnc/help.c84
-rw-r--r--x11vnc/keyboard.c6
-rw-r--r--x11vnc/misc/Makefile.am2
-rw-r--r--x11vnc/misc/README11
-rwxr-xr-xx11vnc/misc/connect_switch276
-rwxr-xr-xx11vnc/misc/desktop.cgi1134
-rwxr-xr-xx11vnc/misc/inet6to4400
-rwxr-xr-xx11vnc/misc/panner.pl117
-rwxr-xr-xx11vnc/misc/ultravnc_repeater.pl131
-rw-r--r--x11vnc/remote.c50
-rw-r--r--x11vnc/sslhelper.c49
-rw-r--r--x11vnc/ssltools.h35
-rw-r--r--x11vnc/user.c14
-rw-r--r--x11vnc/x11vnc.192
-rw-r--r--x11vnc/x11vnc.c25
-rw-r--r--x11vnc/x11vnc_defs.c2
27 files changed, 5094 insertions, 1913 deletions
diff --git a/classes/ssl/README b/classes/ssl/README
index 0767ce9..b244cf1 100644
--- a/classes/ssl/README
+++ b/classes/ssl/README
@@ -137,6 +137,15 @@ Both TightVNC and UltraVNC Java viewers:
number, default: 50
Milliseconds delay
+ PASSWORD
+ string, default: none
+ VNC session password in plain text.
+
+ ENCPASSWORD
+ string, default: none
+ VNC session password in encrypted in DES with KNOWN FIXED
+ key. It is a hex string. This is like the ~/.vnc/passwd format.
+
The following are added by x11vnc and/or ssvnc project
@@ -173,16 +182,47 @@ Both TightVNC and UltraVNC Java viewers:
oneTimeKey
string, default: none
- set a special hex "key" to correspond to an SSL X.509 cert.
- See the 'onetimekey' helper script. Can also be PROMPT to
- prompt the user to paste the hex key string in.
+ set a special hex "key" to correspond to an SSL X.509 cert+key.
+ See the 'onetimekey' helper script. Can also be PROMPT to prompt
+ the user to paste the hex key string in.
+
+ This provides a Client-Side cert+key that the client will use to
+ authenticate itself by SSL To the VNC Server.
+
+ This is to try to work around the problem that the Java applet
+ cannot keep an SSL keystore on disk, etc. E.g. if they log
+ into an HTTPS website via password they are authenticated and
+ encrypted, then the website can safely put oneTimeKey=... on the
+ URL. The Vncviewer authenticates the VNC server with this key.
+
+ Note that there is currently a problem in that if x11vnc requires
+ Client Certificates the user cannot download the index.vnc HTML
+ and VncViewer.jar from the same x11vnc. Those need to come from
+ a different x11vnc or from a web server.
+
+ Note that the HTTPS website can also put the VNC Password
+ (e.g. a temporary/one-time one) in the parameter PASSWORD.
+ The Java Applet will automatically supply this VNC password
+ instead of prompting.
+
+ serverCert
+ string, default: none
+ set a special hex "cert" to correspond to an SSL X.509 cert
+ See the 'onetimekey -certonly' helper script.
- This is to try to work around the problem that the Java
- applet cannot keep an SSL keystore on disk, etc.
- E.g. if they log into an HTTPS website via password they
- are authenticated and encrypted, then the website can
- safely put oneTimeKey=... on the URL. The Vncviewer
- authenticates the VNC server with this key.
+ This provides a Server-Side cert that the client will authenticate
+ the VNC Server against by SSL.
+
+ This is to try to work around the problem that the Java applet
+ cannot keep an SSL keystore on disk, etc. E.g. if they log
+ into an HTTPS website via password they are authenticated and
+ encrypted, then the website can safely put serverCert=... on the
+ URL.
+
+ Of course the VNC Server is sending this string to the Java
+ Applet, so this is only reasonable security if the VNC Viewer
+ already trusts the HTTPS retrieval of the URL + serverCert param
+ that it gets. This should be done over HTTPS not HTTP.
proxyHost
string, default: none
@@ -238,15 +278,8 @@ TightVNC Java viewer only:
UltraVNC Java viewer only:
- PASSWORD
- string, default: none
- VNC session password in plain text.
+ None.
- ENCPASSWORD
- string, default: none
- VNC session password in encrypted in DES with KNOWN FIXED
- key. It is a hex string. This is like the ~/.vnc/passwd format.
-
The following are added by x11vnc and/or ssvnc project
ftpDropDown
diff --git a/classes/ssl/SignedUltraViewerSSL.jar b/classes/ssl/SignedUltraViewerSSL.jar
index 5a562ff..e32079f 100644
--- a/classes/ssl/SignedUltraViewerSSL.jar
+++ b/classes/ssl/SignedUltraViewerSSL.jar
Binary files differ
diff --git a/classes/ssl/SignedVncViewer.jar b/classes/ssl/SignedVncViewer.jar
index a795e57..8e54308 100644
--- a/classes/ssl/SignedVncViewer.jar
+++ b/classes/ssl/SignedVncViewer.jar
Binary files differ
diff --git a/classes/ssl/UltraViewerSSL.jar b/classes/ssl/UltraViewerSSL.jar
index 15f6867..c037905 100644
--- a/classes/ssl/UltraViewerSSL.jar
+++ b/classes/ssl/UltraViewerSSL.jar
Binary files differ
diff --git a/classes/ssl/VncViewer.jar b/classes/ssl/VncViewer.jar
index a93d323..862bb20 100644
--- a/classes/ssl/VncViewer.jar
+++ b/classes/ssl/VncViewer.jar
Binary files differ
diff --git a/classes/ssl/onetimekey b/classes/ssl/onetimekey
index 5c0c26d..bf57c8f 100755
--- a/classes/ssl/onetimekey
+++ b/classes/ssl/onetimekey
@@ -1,6 +1,7 @@
#!/bin/sh
#
# usage: onetimekey path/to/mycert.pem
+# onetimekey -certonly path/to/mycert.pem
#
# Takes an openssl cert+key pem file and turns into a long string
# for the x11vnc SSL VNC Java Viewer.
@@ -14,6 +15,19 @@
# in it. Also, as the name implies, an HTTPS server can create
# a one time key to send to the applet (the user has already
# logged in via password to the HTTPS server).
+#
+# Note oneTimeKey is to provide a CLIENT Certificate for the viewer
+# to authenticate itself to the VNC Server.
+#
+# There is also the serverCert=<str> Applet parameter. This is
+# a cert to authenticate the VNC server against. To create that
+# string with this tool specify -certonly as the first argument.
+
+certonly=""
+if [ "X$1" = "X-certonly" ]; then
+ shift
+ certonly=1
+fi
in=$1
der=/tmp/1time$$.der
@@ -43,5 +57,9 @@ rm -f "$der"
n=`grep -n 'BEGIN CERTIFICATE' $in | awk -F: '{print $1}' | head -1`
str2=`tail +$n $in | $pbinhex`
-echo "$str1,$str2"
+if [ "X$certonly" = "X1" ]; then
+ echo "$str2"
+else
+ echo "$str1,$str2"
+fi
rm -f $pbinhex
diff --git a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
index f35a4e9..be5a22a 100644
--- a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
+++ b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
@@ -73,8 +73,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto
serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0');
diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java
--- vnc_javasrc.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500
-+++ vnc_javasrc/SSLSocketToMe.java 2010-02-22 20:03:11.000000000 -0500
-@@ -0,0 +1,1712 @@
++++ vnc_javasrc/SSLSocketToMe.java 2010-03-19 12:52:08.000000000 -0400
+@@ -0,0 +1,2055 @@
+/*
+ * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer.
+ *
@@ -118,7 +118,9 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ String host;
+ int port;
+ VncViewer viewer;
++
+ boolean debug = true;
++ boolean debug_certs = false;
+
+ /* sockets */
+ SSLSocket socket = null;
@@ -126,11 +128,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+
+ /* fallback for Proxy connection */
+ boolean proxy_in_use = false;
-+ boolean proxy_is_https = false;
+ boolean proxy_failure = false;
+ public DataInputStream is = null;
+ public OutputStream os = null;
+
++ /* strings from user WRT proxy: */
+ String proxy_auth_string = null;
+ String proxy_dialog_host = null;
+ int proxy_dialog_port = 0;
@@ -142,21 +144,28 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ /* trust contexts */
+ SSLContext trustloc_ctx;
+ SSLContext trustall_ctx;
++ SSLContext trustsrv_ctx;
+ SSLContext trusturl_ctx;
+ SSLContext trustone_ctx;
+
++ /* corresponding trust managers */
+ TrustManager[] trustAllCerts;
++ TrustManager[] trustSrvCert;
+ TrustManager[] trustUrlCert;
+ TrustManager[] trustOneCert;
+
-+ boolean use_url_cert_for_auth = true;
++ /* client-side SSL auth key (oneTimeKey=...) */
++ KeyManager[] mykey = null;
++
+ boolean user_wants_to_see_cert = true;
-+ boolean debug_certs = false;
++ String cert_fail = null;
+
-+ /* cert(s) we retrieve from VNC server */
++ /* cert(s) we retrieve from Web server, VNC server, or serverCert param: */
+ java.security.cert.Certificate[] trustallCerts = null;
++ java.security.cert.Certificate[] trustsrvCerts = null;
+ java.security.cert.Certificate[] trusturlCerts = null;
+
++ /* utility to decode hex oneTimeKey=... and serverCert=... */
+ byte[] hex2bytes(String s) {
+ byte[] bytes = new byte[s.length()/2];
+ for (int i=0; i<s.length()/2; i++) {
@@ -189,11 +198,15 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+
+ dbg("SSL startup: " + host + " " + port);
+
-+ /* create trust managers used if initial handshake fails: */
++
++ /* create trust managers to be used if initial handshake fails: */
+
+ trustAllCerts = new TrustManager[] {
+ /*
-+ * this one accepts everything.
++ * this one accepts everything. Only used if user
++ * has disabled checking (trustAllVncCerts=yes)
++ * or when we grab the cert to show it to them in
++ * a dialog and ask them to manually verify/accept it.
+ */
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[]
@@ -216,8 +229,9 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+
+ trustUrlCert = new TrustManager[] {
+ /*
-+ * this one accepts only the retrieved server cert
-+ * by SSLSocket by this applet.
++ * this one accepts only the retrieved server
++ * cert by SSLSocket by this applet and stored in
++ * trusturlCerts.
+ */
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[]
@@ -227,11 +241,12 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
-+ throw new CertificateException("No Clients");
++ throw new CertificateException("No Clients (URL)");
+ }
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
++ /* we want to check 'certs' against 'trusturlCerts' */
+ if (trusturlCerts == null) {
+ throw new CertificateException(
+ "No Trust url Certs array.");
@@ -259,6 +274,9 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ dbg("URL: cert mismatch at i=" + i);
+ dbg("URL: cert mismatch cert" + certs[i]);
+ dbg("URL: cert mismatch url" + trusturlCerts[i]);
++ if (cert_fail == null) {
++ cert_fail = "cert-mismatch";
++ }
+ }
+ if (debug_certs) {
+ dbg("\n***********************************************");
@@ -277,10 +295,86 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+ }
+ };
++
++ trustSrvCert = new TrustManager[] {
++ /*
++ * this one accepts cert given to us in the serverCert
++ * Applet Parameter we were started with. It is
++ * currently a fatal error if the VNC Server's cert
++ * doesn't match it.
++ */
++ new X509TrustManager() {
++ public java.security.cert.X509Certificate[]
++ getAcceptedIssuers() {
++ return null;
++ }
++ public void checkClientTrusted(
++ java.security.cert.X509Certificate[] certs,
++ String authType) throws CertificateException {
++ throw new CertificateException("No Clients (SRV)");
++ }
++ public void checkServerTrusted(
++ java.security.cert.X509Certificate[] certs,
++ String authType) throws CertificateException {
++ /* we want to check 'certs' against 'trustsrvCerts' */
++ if (trustsrvCerts == null) {
++ throw new CertificateException(
++ "No Trust srv Certs array.");
++ }
++ if (trustsrvCerts.length < 1) {
++ throw new CertificateException(
++ "No Trust srv Certs.");
++ }
++ if (certs == null) {
++ throw new CertificateException(
++ "No this-certs array.");
++ }
++ if (certs.length < 1) {
++ throw new CertificateException(
++ "No this-certs Certs.");
++ }
++ if (certs.length != trustsrvCerts.length) {
++ throw new CertificateException(
++ "certs.length != trustsrvCerts.length " + certs.length + " " + trustsrvCerts.length);
++ }
++ boolean ok = true;
++ for (int i = 0; i < certs.length; i++) {
++ if (! trustsrvCerts[i].equals(certs[i])) {
++ ok = false;
++ dbg("SRV: cert mismatch at i=" + i);
++ dbg("SRV: cert mismatch cert" + certs[i]);
++ dbg("SRV: cert mismatch srv" + trustsrvCerts[i]);
++ if (cert_fail == null) {
++ cert_fail = "server-cert-mismatch";
++ }
++ }
++ if (debug_certs) {
++ dbg("\n***********************************************");
++ dbg("SRV: cert info at i=" + i);
++ dbg("SRV: cert info cert" + certs[i]);
++ dbg("===============================================");
++ dbg("SRV: cert info srv" + trustsrvCerts[i]);
++ dbg("***********************************************");
++ }
++ }
++ if (!ok) {
++ throw new CertificateException(
++ "Server Cert Chain != serverCert Applet Parameter Cert Chain.");
++ }
++ dbg("SRV: trustsrvCerts[i] matches certs[i] i=0:" + (certs.length-1));
++ }
++ }
++ };
++
+ trustOneCert = new TrustManager[] {
+ /*
-+ * this one accepts only the retrieved server cert
-+ * by SSLSocket by this applet.
++ * this one accepts only the retrieved server
++ * cert by SSLSocket by this applet we stored in
++ * trustallCerts that user has accepted or applet
++ * parameter trustAllVncCerts=yes is set. This is
++ * for when we reconnect after the user has manually
++ * accepted the trustall cert in the dialog (or set
++ * trustAllVncCerts=yes applet param.)
+ */
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[]
@@ -290,11 +384,12 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
-+ throw new CertificateException("No Clients");
++ throw new CertificateException("No Clients (ONE)");
+ }
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
++ /* we want to check 'certs' against 'trustallCerts' */
+ if (trustallCerts == null) {
+ throw new CertificateException(
+ "No Trust All Server Certs array.");
@@ -342,20 +437,20 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ };
+
+ /*
-+ * They are used:
++ * The above TrustManagers are used:
+ *
+ * 1) to retrieve the server cert in case of failure to
-+ * display it to the user.
++ * display it to the user in a dialog.
+ * 2) to subsequently connect to the server if user agrees.
+ */
+
-+ KeyManager[] mykey = null;
-+
++ /*
++ * build oneTimeKey cert+key if supplied in applet parameter:
++ */
+ if (viewer.oneTimeKey != null && viewer.oneTimeKey.equals("PROMPT")) {
+ ClientCertDialog d = new ClientCertDialog();
+ viewer.oneTimeKey = d.queryUser();
+ }
-+
+ if (viewer.oneTimeKey != null && viewer.oneTimeKey.indexOf(",") > 0) {
+ int idx = viewer.oneTimeKey.indexOf(",");
+
@@ -367,15 +462,18 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
+ PrivateKey ff = kf.generatePrivate (keysp);
-+ //dbg("ff " + ff);
-+ String cert_str = new String(cert);
++ if (debug_certs) {
++ dbg("one time key " + ff);
++ }
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Collection c = cf.generateCertificates(new ByteArrayInputStream(cert));
+ Certificate[] certs = new Certificate[c.toArray().length];
+ if (c.size() == 1) {
+ Certificate tmpcert = cf.generateCertificate(new ByteArrayInputStream(cert));
-+ //dbg("tmpcert" + tmpcert);
++ if (debug_certs) {
++ dbg("one time cert" + tmpcert);
++ }
+ certs[0] = tmpcert;
+ } else {
+ certs = (Certificate[]) c.toArray();
@@ -391,12 +489,54 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ mykey = kmf.getKeyManagers();
+ }
+
++ /*
++ * build serverCert cert if supplied in applet parameter:
++ */
++ if (viewer.serverCert != null) {
++ CertificateFactory cf = CertificateFactory.getInstance("X.509");
++ byte[] cert = hex2bytes(viewer.serverCert);
++ Collection c = cf.generateCertificates(new ByteArrayInputStream(cert));
++ trustsrvCerts = new Certificate[c.toArray().length];
++ if (c.size() == 1) {
++ Certificate tmpcert = cf.generateCertificate(new ByteArrayInputStream(cert));
++ trustsrvCerts[0] = tmpcert;
++ } else {
++ trustsrvCerts = (Certificate[]) c.toArray();
++ }
++ }
+
-+ /* trust loc certs: */
++ /* the trust loc certs context: */
+ try {
+ trustloc_ctx = SSLContext.getInstance("SSL");
-+ trustloc_ctx.init(mykey, null, new
-+ java.security.SecureRandom());
++
++ /*
++ * below is a failed attempt to get jvm's default
++ * trust manager using null (below) makes it so
++ * for HttpsURLConnection the server cannot be
++ * verified (no prompting.)
++ */
++ if (false) {
++ boolean didit = false;
++ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
++ tmf.init((KeyStore) null);
++ TrustManager [] tml = tmf.getTrustManagers();
++ for (int i = 0; i < tml.length; i++) {
++ TrustManager tm = tml[i];
++ if (tm instanceof X509TrustManager) {
++ TrustManager tm1[] = new TrustManager[1];
++ tm1[0] = tm;
++ trustloc_ctx.init(mykey, tm1, null);
++ didit = true;
++ break;
++ }
++ }
++ if (!didit) {
++ trustloc_ctx.init(mykey, null, null);
++ }
++ } else {
++ /* we have to set trust manager to null */
++ trustloc_ctx.init(mykey, null, null);
++ }
+
+ } catch (Exception e) {
+ String msg = "SSL trustloc_ctx FAILED.";
@@ -404,7 +544,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ throw new Exception(msg);
+ }
+
-+ /* trust all certs: */
++ /* the trust all certs context: */
+ try {
+ trustall_ctx = SSLContext.getInstance("SSL");
+ trustall_ctx.init(mykey, trustAllCerts, new
@@ -416,7 +556,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ throw new Exception(msg);
+ }
+
-+ /* trust url certs: */
++ /* the trust url certs context: */
+ try {
+ trusturl_ctx = SSLContext.getInstance("SSL");
+ trusturl_ctx.init(mykey, trustUrlCert, new
@@ -428,99 +568,138 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ throw new Exception(msg);
+ }
+
-+ /* trust the one cert from server: */
++ /* the trust srv certs context: */
+ try {
-+ trustone_ctx = SSLContext.getInstance("SSL");
-+ trustone_ctx.init(mykey, trustOneCert, new
++ trustsrv_ctx = SSLContext.getInstance("SSL");
++ trustsrv_ctx.init(mykey, trustSrvCert, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
-+ String msg = "SSL trustone_ctx FAILED.";
++ String msg = "SSL trustsrv_ctx FAILED.";
+ dbg(msg);
+ throw new Exception(msg);
+ }
-+ }
-+
-+ boolean browser_cert_match() {
-+ String msg = "Browser URL accept previously accepted cert";
+
-+ if (user_wants_to_see_cert) {
-+ return false;
-+ }
++ /* the trust the one cert from server context: */
++ try {
++ trustone_ctx = SSLContext.getInstance("SSL");
++ trustone_ctx.init(mykey, trustOneCert, new
++ java.security.SecureRandom());
+
-+ if (trustallCerts != null && trusturlCerts != null) {
-+ if (trustallCerts.length == 1 && trusturlCerts.length == 1) {
-+ if (trustallCerts[0].equals(trusturlCerts[0])) {
-+ System.out.println(msg);
-+ return true;
-+ }
-+ }
++ } catch (Exception e) {
++ String msg = "SSL trustone_ctx FAILED.";
++ dbg(msg);
++ throw new Exception(msg);
+ }
-+ return false;
+ }
+
-+ public void check_for_proxy() {
++ /*
++ * we call this early on to 1) check for a proxy, 2) grab
++ * Browser/JVM accepted HTTPS cert.
++ */
++ public void check_for_proxy_and_grab_vnc_server_cert() {
+
-+ boolean result = false;
-+
+ trusturlCerts = null;
+ proxy_in_use = false;
++
+ if (viewer.ignoreProxy) {
++ /* applet param says skip it. */
++ /* the downside is we do not set trusturlCerts for comparison later... */
++ /* nor do we autodetect x11vnc for GET=1. */
+ return;
+ }
+
++ dbg("------------------------------------------------");
++ dbg("Into check_for_proxy_and_grab_vnc_server_cert():");
++
++ dbg("TRYING HTTPS:");
+ String ustr = "https://" + host + ":";
+ if (viewer.httpsPort != null) {
+ ustr += viewer.httpsPort;
+ } else {
-+ ustr += port; // hmmm
++ ustr += port;
+ }
+ ustr += viewer.urlPrefix + "/check.https.proxy.connection";
+ dbg("ustr is: " + ustr);
+
-+
+ try {
++ /* prepare for an HTTPS URL connection to host:port */
+ URL url = new URL(ustr);
-+ HttpsURLConnection https = (HttpsURLConnection)
-+ url.openConnection();
++ HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
++
++ if (mykey != null) {
++ /* with oneTimeKey (mykey) we can't use the default SSL context */
++ if (trustsrvCerts != null) {
++ dbg("passing trustsrv_ctx to HttpsURLConnection to provide client cert.");
++ https.setSSLSocketFactory(trustsrv_ctx.getSocketFactory());
++ } else if (trustloc_ctx != null) {
++ dbg("passing trustloc_ctx to HttpsURLConnection to provide client cert.");
++ https.setSSLSocketFactory(trustloc_ctx.getSocketFactory());
++ }
++ }
+
+ https.setUseCaches(false);
+ https.setRequestMethod("GET");
+ https.setRequestProperty("Pragma", "No-Cache");
-+ https.setRequestProperty("Proxy-Connection",
-+ "Keep-Alive");
++ https.setRequestProperty("Proxy-Connection", "Keep-Alive");
+ https.setDoInput(true);
+
++ dbg("trying https.connect()");
+ https.connect();
+
++ dbg("trying https.getServerCertificates()");
+ trusturlCerts = https.getServerCertificates();
++
+ if (trusturlCerts == null) {
-+ dbg("set trusturlCerts to null...");
++ dbg("set trusturlCerts to null!");
+ } else {
+ dbg("set trusturlCerts to non-null");
+ }
+
+ if (https.usingProxy()) {
+ proxy_in_use = true;
-+ proxy_is_https = true;
-+ dbg("HTTPS proxy in use. There may be connection problems.");
++ dbg("An HTTPS proxy is in use. There may be connection problems.");
+ }
++
++ dbg("trying https.getContent()");
+ Object output = https.getContent();
++ dbg("trying https.disconnect()");
+ https.disconnect();
-+ result = true;
++ if (! viewer.GET) {
++ String header = https.getHeaderField("VNC-Server");
++ if (header != null && header.startsWith("x11vnc")) {
++ dbg("detected x11vnc server (1), setting GET=1");
++ viewer.GET = true;
++ }
++ }
+
+ } catch(Exception e) {
+ dbg("HttpsURLConnection: " + e.getMessage());
+ }
+
+ if (proxy_in_use) {
++ dbg("exit check_for_proxy_and_grab_vnc_server_cert():");
++ dbg("------------------------------------------------");
++ return;
++ } else if (trusturlCerts != null && !viewer.forceProxy) {
++ /* Allow user to require HTTP check? use forceProxy for now. */
++ dbg("SKIPPING HTTP PROXY CHECK: got trusturlCerts, assuming proxy info is correct.");
++ dbg("exit check_for_proxy_and_grab_vnc_server_cert():");
++ dbg("------------------------------------------------");
+ return;
+ }
+
++ /*
++ * XXX need to remember scenario where this extra check
++ * gives useful info. User's Browser proxy settings?
++ */
++ dbg("TRYING HTTP:");
+ ustr = "http://" + host + ":" + port;
+ ustr += viewer.urlPrefix + "/index.vnc";
++ dbg("ustr is: " + ustr);
+
+ try {
++ /* prepare for an HTTP URL connection to the same host:port (but not httpsPort) */
+ URL url = new URL(ustr);
+ HttpURLConnection http = (HttpURLConnection)
+ url.openConnection();
@@ -528,45 +707,64 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ http.setUseCaches(false);
+ http.setRequestMethod("GET");
+ http.setRequestProperty("Pragma", "No-Cache");
-+ http.setRequestProperty("Proxy-Connection",
-+ "Keep-Alive");
++ http.setRequestProperty("Proxy-Connection", "Keep-Alive");
+ http.setDoInput(true);
+
++ dbg("trying http.connect()");
+ http.connect();
+
+ if (http.usingProxy()) {
+ proxy_in_use = true;
-+ proxy_is_https = false;
-+ dbg("HTTP proxy in use. There may be connection problems.");
++ dbg("An HTTP proxy is in use. There may be connection problems.");
+ }
++ dbg("trying http.getContent()");
+ Object output = http.getContent();
++ dbg("trying http.disconnect()");
+ http.disconnect();
-+
++ if (! viewer.GET) {
++ String header = http.getHeaderField("VNC-Server");
++ if (header != null && header.startsWith("x11vnc")) {
++ dbg("detected x11vnc server (2), setting GET=1");
++ viewer.GET = true;
++ }
++ }
+ } catch(Exception e) {
-+ dbg("HttpURLConnection: " + e.getMessage());
++ dbg("HttpURLConnection: " + e.getMessage());
+ }
++ dbg("exit check_for_proxy_and_grab_vnc_server_cert():");
++ dbg("------------------------------------------------");
+ }
+
+ public Socket connectSock() throws IOException {
-+
+ /*
+ * first try a https connection to detect a proxy, and
-+ * also grab the VNC server cert.
++ * grab the VNC server cert at the same time:
+ */
-+ check_for_proxy();
++ check_for_proxy_and_grab_vnc_server_cert();
++
++ boolean srv_cert = false;
+
-+ if (viewer.trustAllVncCerts) {
++ if (trustsrvCerts != null) {
++ /* applet parameter suppled serverCert */
++ dbg("viewer.trustSrvCert-0 using trustsrv_ctx");
++ factory = trustsrv_ctx.getSocketFactory();
++ srv_cert = true;
++ } else if (viewer.trustAllVncCerts) {
++ /* trust all certs (no checking) */
+ dbg("viewer.trustAllVncCerts-0 using trustall_ctx");
+ factory = trustall_ctx.getSocketFactory();
-+ } else if (use_url_cert_for_auth && trusturlCerts != null) {
++ } else if (trusturlCerts != null) {
++ /* trust certs the Browser/JVM accepted in check_for_proxy... */
+ dbg("using trusturl_ctx");
+ factory = trusturl_ctx.getSocketFactory();
+ } else {
++ /* trust the local defaults */
+ dbg("using trustloc_ctx");
+ factory = trustloc_ctx.getSocketFactory();
+ }
+
+ socket = null;
++
+ try {
+ if (proxy_in_use && viewer.forceProxy) {
+ throw new Exception("forcing proxy (forceProxy)");
@@ -585,7 +783,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+
+ } catch (Exception esock) {
-+ dbg("esock: " + esock.getMessage());
++ dbg("socket error: " + esock.getMessage());
+ if (proxy_in_use || viewer.CONNECT != null) {
+ proxy_failure = true;
+ if (proxy_in_use) {
@@ -596,14 +794,17 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ try {
+ socket = proxy_socket(factory);
+ } catch (Exception e) {
-+ dbg("err proxy_socket: " + e.getMessage());
++ dbg("proxy_socket error: " + e.getMessage());
+ }
++ } else {
++ /* n.b. socket is left in error state to cause ex. below. */
+ }
+ }
+
+ try {
+ socket.startHandshake();
-+ dbg("Server Connection Verified on 1st try.");
++
++ dbg("The Server Connection Verified OK on 1st try.");
+
+ java.security.cert.Certificate[] currentTrustedCerts;
+ BrowserCertsDialog bcd;
@@ -612,9 +813,13 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ currentTrustedCerts = sess.getPeerCertificates();
+
+ if (viewer.trustAllVncCerts) {
-+ dbg("viewer.trustAllVncCerts-1");
++ dbg("viewer.trustAllVncCerts-1 keeping socket.");
+ } else if (currentTrustedCerts == null || currentTrustedCerts.length < 1) {
-+ socket.close();
++ try {
++ socket.close();
++ } catch (Exception e) {
++ dbg("socket is grumpy.");
++ }
+ socket = null;
+ throw new SSLHandshakeException("no current certs");
+ }
@@ -628,20 +833,28 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+
+ if (viewer.trustAllVncCerts) {
-+ dbg("viewer.trustAllVncCerts-2");
++ dbg("viewer.trustAllVncCerts-2 skipping browser certs dialog");
++ user_wants_to_see_cert = false;
++ } else if (viewer.serverCert != null && trustsrvCerts != null) {
++ dbg("viewer.serverCert-1 skipping browser certs dialog");
+ user_wants_to_see_cert = false;
+ } else if (viewer.trustUrlVncCert) {
-+ dbg("viewer.trustUrlVncCert-1");
++ dbg("viewer.trustUrlVncCert-1 skipping browser certs dialog");
+ user_wants_to_see_cert = false;
+ } else {
++ /* have a dialog with the user: */
+ bcd = new BrowserCertsDialog(serv, host + ":" + port);
-+ dbg("browser certs dialog START");
++ dbg("browser certs dialog begin.");
+ bcd.queryUser();
-+ dbg("browser certs dialog DONE");
++ dbg("browser certs dialog finished.");
++
+ if (bcd.showCertDialog) {
+ String msg = "user wants to see cert";
+ dbg(msg);
+ user_wants_to_see_cert = true;
++ if (cert_fail == null) {
++ cert_fail = "user-view";
++ }
+ throw new SSLHandshakeException(msg);
+ } else {
+ user_wants_to_see_cert = false;
@@ -650,18 +863,37 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+
+ } catch (SSLHandshakeException eh) {
-+ dbg("Could not automatically verify Server.");
++ dbg("SSLHandshakeException: could not automatically verify Server.");
+ dbg("msg: " + eh.getMessage());
++
++
++ /* send a cleanup string just in case: */
+ String getoutstr = "GET /index.vnc HTTP/1.0\r\nConnection: close\r\n\r\n";
+
-+ OutputStream os = socket.getOutputStream();
-+ os.write(getoutstr.getBytes());
-+ socket.close();
++ try {
++ OutputStream os = socket.getOutputStream();
++ os.write(getoutstr.getBytes());
++ socket.close();
++ } catch (Exception e) {
++ dbg("socket is grumpy!");
++ }
++
++ /* reload */
++
+ socket = null;
+
++ String reason = null;
++
++ if (srv_cert) {
++ /* for serverCert usage we make this a fatal error. */
++ throw new IOException("Fatal: VNC Server's Cert does not match Applet Parameter 'serverCert=...'");
++ /* see below in TrustDialog were we describe this case to user anyway */
++ }
++
+ /*
+ * Reconnect, trusting any cert, so we can grab
-+ * the cert to show it to the user. The connection
++ * the cert to show it to the user in a dialog
++ * for him to manually accept. This connection
+ * is not used for anything else.
+ */
+ factory = trustall_ctx.getSocketFactory();
@@ -671,9 +903,18 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ socket = (SSLSocket) factory.createSocket(host, port);
+ }
+
++ if (debug_certs) {
++ dbg("trusturlCerts: " + trusturlCerts);
++ dbg("trustsrvCerts: " + trustsrvCerts);
++ }
++ if (trusturlCerts == null && cert_fail == null) {
++ cert_fail = "missing-certs";
++ }
++
+ try {
+ socket.startHandshake();
-+ dbg("TrustAll Server Connection Verified.");
++
++ dbg("The TrustAll Server Cert-grab Connection (trivially) Verified OK.");
+
+ /* grab the cert: */
+ try {
@@ -683,17 +924,24 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ throw new Exception("Could not get " +
+ "Peer Certificate");
+ }
++ if (debug_certs) {
++ dbg("trustallCerts: " + trustallCerts);
++ }
+
+ if (viewer.trustAllVncCerts) {
-+ dbg("viewer.trustAllVncCerts-3");
++ dbg("viewer.trustAllVncCerts-3. skipping dialog, trusting everything.");
+ } else if (! browser_cert_match()) {
+ /*
+ * close socket now, we will reopen after
+ * dialog if user agrees to use the cert.
+ */
-+ os = socket.getOutputStream();
-+ os.write(getoutstr.getBytes());
-+ socket.close();
++ try {
++ OutputStream os = socket.getOutputStream();
++ os.write(getoutstr.getBytes());
++ socket.close();
++ } catch (Exception e) {
++ dbg("socket is grumpy!!");
++ }
+ socket = null;
+
+ /* dialog with user to accept cert or not: */
@@ -701,7 +949,27 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ TrustDialog td= new TrustDialog(host, port,
+ trustallCerts);
+
-+ if (! td.queryUser()) {
++ if (cert_fail == null) {
++ ;
++ } else if (cert_fail.equals("user-view")) {
++ reason = "Reason for this Dialog:\n\n"
++ + " You Asked to View the Certificate.";
++ } else if (cert_fail.equals("server-cert-mismatch")) {
++ /* this is now fatal error, see above. */
++ reason = "Reason for this Dialog:\n\n"
++ + " The VNC Server's Certificate does not match the Certificate\n"
++ + " specified in the supplied 'serverCert' Applet Parameter.";
++ } else if (cert_fail.equals("cert-mismatch")) {
++ reason = "Reason for this Dialog:\n\n"
++ + " The VNC Server's Certificate does not match the Website's\n"
++ + " HTTPS Certificate (that you previously accepted; either\n"
++ + " manually or automatically via Certificate Authority.)";
++ } else if (cert_fail.equals("missing-certs")) {
++ reason = "Reason for this Dialog:\n\n"
++ + " Not all Certificates could be obtained to check.";
++ }
++
++ if (! td.queryUser(reason)) {
+ String msg = "User decided against it.";
+ dbg(msg);
+ throw new IOException(msg);
@@ -709,24 +977,26 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+
+ } catch (Exception ehand2) {
-+ dbg("** Could not TrustAll Verify Server.");
++ dbg("** Could not TrustAll Verify Server!");
+
+ throw new IOException(ehand2.getMessage());
+ }
+
++ /* reload again: */
++
+ if (socket != null) {
+ try {
+ socket.close();
+ } catch (Exception e) {
-+ ;
++ dbg("socket is grumpy!!!");
+ }
+ socket = null;
+ }
+
+ /*
+ * Now connect a 3rd time, using the cert
-+ * retrieved during connection 2 (that the user
-+ * likely blindly agreed to).
++ * retrieved during connection 2 (sadly, that
++ * the user likely blindly agreed to...)
+ */
+
+ factory = trustone_ctx.getSocketFactory();
@@ -738,15 +1008,18 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+
+ try {
+ socket.startHandshake();
-+ dbg("TrustAll Server Connection Verified #3.");
++ dbg("TrustAll/TrustOne Server Connection Verified #3.");
+
+ } catch (Exception ehand3) {
-+ dbg("** Could not TrustAll Verify Server #3.");
++ dbg("** Could not TrustAll/TrustOne Verify Server #3.");
+
+ throw new IOException(ehand3.getMessage());
+ }
+ }
+
++ /* we have socket (possibly null) at this point, so proceed: */
++
++ /* handle x11vnc GET=1, if applicable: */
+ if (socket != null && viewer.GET) {
+ String str = "GET ";
+ str += viewer.urlPrefix;
@@ -754,9 +1027,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ str += " HTTP/1.0\r\n";
+ str += "Pragma: No-Cache\r\n";
+ str += "\r\n";
++
+ System.out.println("sending GET: " + str);
+ OutputStream os = socket.getOutputStream();
+ String type = "os";
++
+ if (type == "os") {
+ os.write(str.getBytes());
+ os.flush();
@@ -787,9 +1062,56 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+
+ dbg("SSL returning socket to caller.");
++ dbg("");
++
++ /* could be null, let caller handle that. */
+ return (Socket) socket;
+ }
+
++ boolean browser_cert_match() {
++ String msg = "Browser URL accept previously accepted cert";
++
++ if (user_wants_to_see_cert) {
++ return false;
++ }
++
++ if (viewer.serverCert != null || trustsrvCerts != null) {
++ if (cert_fail == null) {
++ cert_fail = "server-cert-mismatch";
++ }
++ }
++ if (trustallCerts != null && trusturlCerts != null) {
++ if (trustallCerts.length == trusturlCerts.length) {
++ boolean ok = true;
++ /* check toath trustallCerts (socket) equals trusturlCerts (browser) */
++ for (int i = 0; i < trusturlCerts.length; i++) {
++ if (! trustallCerts[i].equals(trusturlCerts[i])) {
++ dbg("BCM: cert mismatch at i=" + i);
++ dbg("BCM: cert mismatch url" + trusturlCerts[i]);
++ dbg("BCM: cert mismatch all" + trustallCerts[i]);
++ ok = false;
++ }
++ }
++ if (ok) {
++ System.out.println(msg);
++ if (cert_fail == null) {
++ cert_fail = "did-not-fail";
++ }
++ return true;
++ } else {
++ if (cert_fail == null) {
++ cert_fail = "cert-mismatch";
++ }
++ return false;
++ }
++ }
++ }
++ if (cert_fail == null) {
++ cert_fail = "missing-certs";
++ }
++ return false;
++ }
++
+ private void dbg(String s) {
+ if (debug) {
+ System.out.println(s);
@@ -807,6 +1129,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ return n;
+ }
+
++ /* this will do the proxy CONNECT negotiation and hook us up. */
++
+ private void proxy_helper(String proxyHost, int proxyPort) {
+
+ boolean proxy_auth = false;
@@ -814,14 +1138,15 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ String hp = host + ":" + port;
+ dbg("proxy_helper: " + proxyHost + ":" + proxyPort + " hp: " + hp);
+
++ /* we loop here a few times trying for the password case */
+ for (int k=0; k < 2; k++) {
-+ dbg("proxy_in_use psocket:");
++ dbg("proxy_in_use psocket: " + k);
+
+ if (proxySock != null) {
+ try {
+ proxySock.close();
+ } catch (Exception e) {
-+ ;
++ dbg("proxy socket is grumpy.");
+ }
+ }
+
@@ -834,7 +1159,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ String req1 = "CONNECT " + hp + " HTTP/1.1\r\n"
+ + "Host: " + hp + "\r\n";
+
-+ dbg("requesting: " + req1);
++ dbg("requesting via proxy: " + req1);
+
+ if (proxy_auth) {
+ if (proxy_auth_string == null) {
@@ -843,10 +1168,13 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ proxy_auth_string = pp.getAuth();
+ }
+ //dbg("auth1: " + proxy_auth_string);
++
+ String auth2 = Base64Coder.encodeString(proxy_auth_string);
+ //dbg("auth2: " + auth2);
++
+ req1 += "Proxy-Authorization: Basic " + auth2 + "\r\n";
+ //dbg("req1: " + req1);
++
+ dbg("added Proxy-Authorization: Basic ... to request");
+ }
+ req1 += "\r\n";
@@ -869,9 +1197,10 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+ }
+ } catch(Exception e) {
-+ dbg("sock prob: " + e.getMessage());
++ dbg("some proxy socket problem: " + e.getMessage());
+ }
+
++ /* read the rest of the HTTP headers */
+ while (true) {
+ String line = readline(proxy_is);
+ dbg("proxy line: " + line.trim());
@@ -891,6 +1220,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+ }
+ if (!proxy_auth || proxy_auth_basic_realm.equals("")) {
++ /* we only try once for the non-password case: */
+ break;
+ }
+ }
@@ -908,6 +1238,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ try {
+ props = System.getProperties();
+ } catch (Exception e) {
++ /* sandboxed applet might not be able to read it. */
+ dbg("props failed: " + e.getMessage());
+ }
+ if (viewer.proxyHost != null) {
@@ -924,6 +1255,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ props.list(System.out);
+ dbg("\n---------------\n\n");
+
++ /* scrape throught properties looking for proxy info: */
++
+ for (Enumeration e = props.propertyNames(); e.hasMoreElements(); ) {
+ String s = (String) e.nextElement();
+ String v = System.getProperty(s);
@@ -1046,7 +1379,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ }
+ }
+ } catch(Exception e) {
-+ dbg("sock prob2: " + e.getMessage());
++ dbg("proxy socket problem-2: " + e.getMessage());
+ }
+
+ while (true) {
@@ -1130,7 +1463,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ msg = "VNC Server " + host + ":" + port + " Not Verified";
+ }
+
-+ public boolean queryUser() {
++ public boolean queryUser(String reason) {
+
+ /* create and display the dialog for unverified cert. */
+
@@ -1143,6 +1476,9 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ CertInfo ci = new CertInfo(trustallCerts[0]);
+ infostr = ci.get_certinfo("all");
+ }
++ if (reason != null) {
++ reason += "\n\n";
++ }
+
+ text = "\n"
++ "Unable to verify the identity of\n"
@@ -1153,28 +1489,38 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
++ "\n"
++ "as a trusted VNC server.\n"
++ "\n"
-++ "This may be due to:\n"
+++ reason
+++ "In General not being able to verify the VNC Server and/or your seeing this Dialog\n"
+++ "is due to one of the following:\n"
++ "\n"
++ " - Your requesting to View the Certificate before accepting.\n"
++ "\n"
-++ " - The VNC server using a Self-Signed Certificate.\n"
+++ " - The VNC server is using a Self-Signed Certificate or a Certificate\n"
+++ " Authority not recognized by your Web Browser or Java Plugin runtime.\n"
+++ "\n"
+++ " - The use of an Apache SSL portal scheme employing CONNECT proxying AND\n"
+++ " the Apache Web server has a certificate *different* from the VNC server's.\n"
++ "\n"
-++ " - The VNC server using a Certificate Authority not recognized by your\n"
-++ " Browser or Java Plugin runtime.\n"
+++ " - No previously accepted Certificate (via Web Broswer/Java Plugin) could be\n"
+++ " obtained by this applet to compare the VNC Server Certificate against.\n"
++ "\n"
-++ " - The use of an Apache SSL portal employing CONNECT proxying and the\n"
-++ " Apache web server has a certificate different from the VNC server's. \n"
+++ " - The VNC Server's Certificate does not match the one specified in the\n"
+++ " supplied 'serverCert' Java Applet Parameter.\n"
++ "\n"
-++ " - A Man-In-The-Middle attack impersonating as the VNC server you wish\n"
+++ " - A Man-In-The-Middle attack impersonating as the VNC server that you wish\n"
++ " to connect to. (Wouldn't that be exciting!!)\n"
++ "\n"
-++ "By safely copying the VNC server's Certificate (or using a common\n"
-++ "Certificate Authority certificate) you can configure your Web Browser or\n"
-++ "Java Plugin to automatically authenticate this Server.\n"
+++ "By safely copying the VNC server's Certificate (or using a common Certificate\n"
+++ "Authority certificate) you can configure your Web Browser and Java Plugin to\n"
+++ "automatically authenticate this VNC Server.\n"
+++ "\n"
+++ "If you do so, then you will only have to click \"Yes\" when this VNC Viewer\n"
+++ "applet asks you whether to trust your Browser/Java Plugin's acceptance of the\n"
+++ "certificate (except for the Apache portal case above where they don't match.)\n"
++ "\n"
-++ "If you do so, then you will only have to click \"Yes\" when this VNC\n"
-++ "Viewer applet asks you whether to trust your Browser/Java Plugin's\n"
-++ "acceptance of the certificate. (except for the Apache portal case above.)\n"
+++ "You can also set the applet parameter 'trustUrlVncCert=yes' to automatically\n"
+++ "accept certificates already accepted/trusted by your Web Browser/Java Plugin,\n"
+++ "and thereby see no dialog from this VNC Viewer applet.\n"
+;
+
+ /* the accept / do-not-accept radio buttons: */
@@ -1210,7 +1556,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+ label.setFont(new Font("Helvetica", Font.BOLD, 16));
+
+ /* textarea in the middle */
-+ textarea = new TextArea(text, 36, 64,
++ textarea = new TextArea(text, 38, 64,
+ TextArea.SCROLLBARS_VERTICAL_ONLY);
+ textarea.setEditable(false);
+
@@ -1562,22 +1908,19 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+m += "\n";
+m += "on its own.\n";
+m += "\n";
-+m += "However, it has noticed that your Web Browser or Java VM Plugin\n";
++m += "However, it has noticed that your Web Browser and/or Java VM Plugin\n";
+m += "has previously accepted the same certificate. You may have set\n";
+m += "this up permanently or just for this session, or the server\n";
+m += "certificate was signed by a CA cert that your Web Browser or\n";
+m += "Java VM Plugin has.\n";
+m += "\n";
++m += "If the VNC Server connection times out while you are reading this\n";
++m += "dialog, then restart the connection and try again.\n";
++m += "\n";
+m += "Should this VNC Viewer applet now connect to the above VNC server?\n";
+m += "\n";
+
-+// String m = "\nShould this VNC Viewer applet use your Browser/JVM certs to\n";
-+// m += "authenticate the VNC Server:\n";
-+// m += "\n " + hostport + "\n\n " + vncServer + "\n\n";
-+// m += "(NOTE: this *includes* any certs you have Just Now accepted in a\n";
-+// m += "dialog box with your Web Browser or Java Applet Plugin)\n\n";
-+
-+ TextArea textarea = new TextArea(m, 20, 64,
++ TextArea textarea = new TextArea(m, 22, 64,
+ TextArea.SCROLLBARS_VERTICAL_ONLY);
+ textarea.setEditable(false);
+ yes = new Button("Yes");
@@ -1789,8 +2132,16 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
+}
diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncViewer.java
--- vnc_javasrc.orig/VncViewer.java 2004-03-04 08:34:25.000000000 -0500
-+++ vnc_javasrc/VncViewer.java 2010-02-22 19:25:19.000000000 -0500
-@@ -80,7 +80,7 @@
++++ vnc_javasrc/VncViewer.java 2010-03-20 19:49:14.000000000 -0400
+@@ -29,6 +29,7 @@
+ import java.awt.event.*;
+ import java.io.*;
+ import java.net.*;
++import java.util.*;
+
+ public class VncViewer extends java.applet.Applet
+ implements java.lang.Runnable, WindowListener {
+@@ -80,7 +81,7 @@
// Variables read from parameter values.
String socketFactory;
String host;
@@ -1799,7 +2150,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
boolean showControls;
boolean offerRelogin;
boolean showOfflineDesktop;
-@@ -88,6 +88,20 @@
+@@ -88,6 +89,21 @@
int deferCursorUpdates;
int deferUpdateRequests;
@@ -1809,6 +2160,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+ String urlPrefix;
+ String httpsPort;
+ String oneTimeKey;
++ String serverCert;
+ String proxyHost;
+ String proxyPort;
+ boolean forceProxy;
@@ -1820,9 +2172,12 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
// Reference to this applet for inter-applet communication.
public static java.applet.Applet refApplet;
-@@ -591,8 +605,25 @@
+@@ -590,9 +606,28 @@
+ fatalError("HOST parameter not specified");
}
}
++ Date d = new Date();
++ System.out.println("-\nSSL VNC Java Applet starting. " + d);
- String str = readParameter("PORT", true);
- port = Integer.parseInt(str);
@@ -1848,7 +2203,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
if (inAnApplet) {
str = readParameter("Open New Window", false);
-@@ -626,6 +657,101 @@
+@@ -626,6 +661,106 @@
// SocketFactory.
socketFactory = readParameter("SocketFactory", false);
@@ -1891,7 +2246,12 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
+
+ oneTimeKey = readParameter("oneTimeKey", false);
+ if (oneTimeKey != null) {
-+ System.out.println("oneTimeKey: is set");
++ System.out.println("oneTimeKey is set.");
++ }
++
++ serverCert = readParameter("serverCert", false);
++ if (serverCert != null) {
++ System.out.println("serverCert is set.");
+ }
+
+ forceProxy = false;
diff --git a/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch b/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch
index 369a221..8bb6f85 100644
--- a/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch
+++ b/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch
@@ -2644,8 +2644,8 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
// }
diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
--- JavaViewer.orig/SSLSocketToMe.java 1969-12-31 19:00:00.000000000 -0500
-+++ JavaViewer/SSLSocketToMe.java 2010-02-22 20:03:11.000000000 -0500
-@@ -0,0 +1,1712 @@
++++ JavaViewer/SSLSocketToMe.java 2010-03-19 12:52:08.000000000 -0400
+@@ -0,0 +1,2055 @@
+/*
+ * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer.
+ *
@@ -2689,7 +2689,9 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ String host;
+ int port;
+ VncViewer viewer;
++
+ boolean debug = true;
++ boolean debug_certs = false;
+
+ /* sockets */
+ SSLSocket socket = null;
@@ -2697,11 +2699,11 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+
+ /* fallback for Proxy connection */
+ boolean proxy_in_use = false;
-+ boolean proxy_is_https = false;
+ boolean proxy_failure = false;
+ public DataInputStream is = null;
+ public OutputStream os = null;
+
++ /* strings from user WRT proxy: */
+ String proxy_auth_string = null;
+ String proxy_dialog_host = null;
+ int proxy_dialog_port = 0;
@@ -2713,21 +2715,28 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ /* trust contexts */
+ SSLContext trustloc_ctx;
+ SSLContext trustall_ctx;
++ SSLContext trustsrv_ctx;
+ SSLContext trusturl_ctx;
+ SSLContext trustone_ctx;
+
++ /* corresponding trust managers */
+ TrustManager[] trustAllCerts;
++ TrustManager[] trustSrvCert;
+ TrustManager[] trustUrlCert;
+ TrustManager[] trustOneCert;
+
-+ boolean use_url_cert_for_auth = true;
++ /* client-side SSL auth key (oneTimeKey=...) */
++ KeyManager[] mykey = null;
++
+ boolean user_wants_to_see_cert = true;
-+ boolean debug_certs = false;
++ String cert_fail = null;
+
-+ /* cert(s) we retrieve from VNC server */
++ /* cert(s) we retrieve from Web server, VNC server, or serverCert param: */
+ java.security.cert.Certificate[] trustallCerts = null;
++ java.security.cert.Certificate[] trustsrvCerts = null;
+ java.security.cert.Certificate[] trusturlCerts = null;
+
++ /* utility to decode hex oneTimeKey=... and serverCert=... */
+ byte[] hex2bytes(String s) {
+ byte[] bytes = new byte[s.length()/2];
+ for (int i=0; i<s.length()/2; i++) {
@@ -2760,11 +2769,15 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+
+ dbg("SSL startup: " + host + " " + port);
+
-+ /* create trust managers used if initial handshake fails: */
++
++ /* create trust managers to be used if initial handshake fails: */
+
+ trustAllCerts = new TrustManager[] {
+ /*
-+ * this one accepts everything.
++ * this one accepts everything. Only used if user
++ * has disabled checking (trustAllVncCerts=yes)
++ * or when we grab the cert to show it to them in
++ * a dialog and ask them to manually verify/accept it.
+ */
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[]
@@ -2787,8 +2800,9 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+
+ trustUrlCert = new TrustManager[] {
+ /*
-+ * this one accepts only the retrieved server cert
-+ * by SSLSocket by this applet.
++ * this one accepts only the retrieved server
++ * cert by SSLSocket by this applet and stored in
++ * trusturlCerts.
+ */
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[]
@@ -2798,11 +2812,12 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
-+ throw new CertificateException("No Clients");
++ throw new CertificateException("No Clients (URL)");
+ }
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
++ /* we want to check 'certs' against 'trusturlCerts' */
+ if (trusturlCerts == null) {
+ throw new CertificateException(
+ "No Trust url Certs array.");
@@ -2830,6 +2845,9 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ dbg("URL: cert mismatch at i=" + i);
+ dbg("URL: cert mismatch cert" + certs[i]);
+ dbg("URL: cert mismatch url" + trusturlCerts[i]);
++ if (cert_fail == null) {
++ cert_fail = "cert-mismatch";
++ }
+ }
+ if (debug_certs) {
+ dbg("\n***********************************************");
@@ -2848,10 +2866,86 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+ }
+ };
++
++ trustSrvCert = new TrustManager[] {
++ /*
++ * this one accepts cert given to us in the serverCert
++ * Applet Parameter we were started with. It is
++ * currently a fatal error if the VNC Server's cert
++ * doesn't match it.
++ */
++ new X509TrustManager() {
++ public java.security.cert.X509Certificate[]
++ getAcceptedIssuers() {
++ return null;
++ }
++ public void checkClientTrusted(
++ java.security.cert.X509Certificate[] certs,
++ String authType) throws CertificateException {
++ throw new CertificateException("No Clients (SRV)");
++ }
++ public void checkServerTrusted(
++ java.security.cert.X509Certificate[] certs,
++ String authType) throws CertificateException {
++ /* we want to check 'certs' against 'trustsrvCerts' */
++ if (trustsrvCerts == null) {
++ throw new CertificateException(
++ "No Trust srv Certs array.");
++ }
++ if (trustsrvCerts.length < 1) {
++ throw new CertificateException(
++ "No Trust srv Certs.");
++ }
++ if (certs == null) {
++ throw new CertificateException(
++ "No this-certs array.");
++ }
++ if (certs.length < 1) {
++ throw new CertificateException(
++ "No this-certs Certs.");
++ }
++ if (certs.length != trustsrvCerts.length) {
++ throw new CertificateException(
++ "certs.length != trustsrvCerts.length " + certs.length + " " + trustsrvCerts.length);
++ }
++ boolean ok = true;
++ for (int i = 0; i < certs.length; i++) {
++ if (! trustsrvCerts[i].equals(certs[i])) {
++ ok = false;
++ dbg("SRV: cert mismatch at i=" + i);
++ dbg("SRV: cert mismatch cert" + certs[i]);
++ dbg("SRV: cert mismatch srv" + trustsrvCerts[i]);
++ if (cert_fail == null) {
++ cert_fail = "server-cert-mismatch";
++ }
++ }
++ if (debug_certs) {
++ dbg("\n***********************************************");
++ dbg("SRV: cert info at i=" + i);
++ dbg("SRV: cert info cert" + certs[i]);
++ dbg("===============================================");
++ dbg("SRV: cert info srv" + trustsrvCerts[i]);
++ dbg("***********************************************");
++ }
++ }
++ if (!ok) {
++ throw new CertificateException(
++ "Server Cert Chain != serverCert Applet Parameter Cert Chain.");
++ }
++ dbg("SRV: trustsrvCerts[i] matches certs[i] i=0:" + (certs.length-1));
++ }
++ }
++ };
++
+ trustOneCert = new TrustManager[] {
+ /*
-+ * this one accepts only the retrieved server cert
-+ * by SSLSocket by this applet.
++ * this one accepts only the retrieved server
++ * cert by SSLSocket by this applet we stored in
++ * trustallCerts that user has accepted or applet
++ * parameter trustAllVncCerts=yes is set. This is
++ * for when we reconnect after the user has manually
++ * accepted the trustall cert in the dialog (or set
++ * trustAllVncCerts=yes applet param.)
+ */
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[]
@@ -2861,11 +2955,12 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
-+ throw new CertificateException("No Clients");
++ throw new CertificateException("No Clients (ONE)");
+ }
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs,
+ String authType) throws CertificateException {
++ /* we want to check 'certs' against 'trustallCerts' */
+ if (trustallCerts == null) {
+ throw new CertificateException(
+ "No Trust All Server Certs array.");
@@ -2913,20 +3008,20 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ };
+
+ /*
-+ * They are used:
++ * The above TrustManagers are used:
+ *
+ * 1) to retrieve the server cert in case of failure to
-+ * display it to the user.
++ * display it to the user in a dialog.
+ * 2) to subsequently connect to the server if user agrees.
+ */
+
-+ KeyManager[] mykey = null;
-+
++ /*
++ * build oneTimeKey cert+key if supplied in applet parameter:
++ */
+ if (viewer.oneTimeKey != null && viewer.oneTimeKey.equals("PROMPT")) {
+ ClientCertDialog d = new ClientCertDialog();
+ viewer.oneTimeKey = d.queryUser();
+ }
-+
+ if (viewer.oneTimeKey != null && viewer.oneTimeKey.indexOf(",") > 0) {
+ int idx = viewer.oneTimeKey.indexOf(",");
+
@@ -2938,15 +3033,18 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
+ PrivateKey ff = kf.generatePrivate (keysp);
-+ //dbg("ff " + ff);
-+ String cert_str = new String(cert);
++ if (debug_certs) {
++ dbg("one time key " + ff);
++ }
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Collection c = cf.generateCertificates(new ByteArrayInputStream(cert));
+ Certificate[] certs = new Certificate[c.toArray().length];
+ if (c.size() == 1) {
+ Certificate tmpcert = cf.generateCertificate(new ByteArrayInputStream(cert));
-+ //dbg("tmpcert" + tmpcert);
++ if (debug_certs) {
++ dbg("one time cert" + tmpcert);
++ }
+ certs[0] = tmpcert;
+ } else {
+ certs = (Certificate[]) c.toArray();
@@ -2962,12 +3060,54 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ mykey = kmf.getKeyManagers();
+ }
+
++ /*
++ * build serverCert cert if supplied in applet parameter:
++ */
++ if (viewer.serverCert != null) {
++ CertificateFactory cf = CertificateFactory.getInstance("X.509");
++ byte[] cert = hex2bytes(viewer.serverCert);
++ Collection c = cf.generateCertificates(new ByteArrayInputStream(cert));
++ trustsrvCerts = new Certificate[c.toArray().length];
++ if (c.size() == 1) {
++ Certificate tmpcert = cf.generateCertificate(new ByteArrayInputStream(cert));
++ trustsrvCerts[0] = tmpcert;
++ } else {
++ trustsrvCerts = (Certificate[]) c.toArray();
++ }
++ }
+
-+ /* trust loc certs: */
++ /* the trust loc certs context: */
+ try {
+ trustloc_ctx = SSLContext.getInstance("SSL");
-+ trustloc_ctx.init(mykey, null, new
-+ java.security.SecureRandom());
++
++ /*
++ * below is a failed attempt to get jvm's default
++ * trust manager using null (below) makes it so
++ * for HttpsURLConnection the server cannot be
++ * verified (no prompting.)
++ */
++ if (false) {
++ boolean didit = false;
++ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
++ tmf.init((KeyStore) null);
++ TrustManager [] tml = tmf.getTrustManagers();
++ for (int i = 0; i < tml.length; i++) {
++ TrustManager tm = tml[i];
++ if (tm instanceof X509TrustManager) {
++ TrustManager tm1[] = new TrustManager[1];
++ tm1[0] = tm;
++ trustloc_ctx.init(mykey, tm1, null);
++ didit = true;
++ break;
++ }
++ }
++ if (!didit) {
++ trustloc_ctx.init(mykey, null, null);
++ }
++ } else {
++ /* we have to set trust manager to null */
++ trustloc_ctx.init(mykey, null, null);
++ }
+
+ } catch (Exception e) {
+ String msg = "SSL trustloc_ctx FAILED.";
@@ -2975,7 +3115,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ throw new Exception(msg);
+ }
+
-+ /* trust all certs: */
++ /* the trust all certs context: */
+ try {
+ trustall_ctx = SSLContext.getInstance("SSL");
+ trustall_ctx.init(mykey, trustAllCerts, new
@@ -2987,7 +3127,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ throw new Exception(msg);
+ }
+
-+ /* trust url certs: */
++ /* the trust url certs context: */
+ try {
+ trusturl_ctx = SSLContext.getInstance("SSL");
+ trusturl_ctx.init(mykey, trustUrlCert, new
@@ -2999,99 +3139,138 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ throw new Exception(msg);
+ }
+
-+ /* trust the one cert from server: */
++ /* the trust srv certs context: */
+ try {
-+ trustone_ctx = SSLContext.getInstance("SSL");
-+ trustone_ctx.init(mykey, trustOneCert, new
++ trustsrv_ctx = SSLContext.getInstance("SSL");
++ trustsrv_ctx.init(mykey, trustSrvCert, new
+ java.security.SecureRandom());
+
+ } catch (Exception e) {
-+ String msg = "SSL trustone_ctx FAILED.";
++ String msg = "SSL trustsrv_ctx FAILED.";
+ dbg(msg);
+ throw new Exception(msg);
+ }
-+ }
+
-+ boolean browser_cert_match() {
-+ String msg = "Browser URL accept previously accepted cert";
-+
-+ if (user_wants_to_see_cert) {
-+ return false;
-+ }
++ /* the trust the one cert from server context: */
++ try {
++ trustone_ctx = SSLContext.getInstance("SSL");
++ trustone_ctx.init(mykey, trustOneCert, new
++ java.security.SecureRandom());
+
-+ if (trustallCerts != null && trusturlCerts != null) {
-+ if (trustallCerts.length == 1 && trusturlCerts.length == 1) {
-+ if (trustallCerts[0].equals(trusturlCerts[0])) {
-+ System.out.println(msg);
-+ return true;
-+ }
-+ }
++ } catch (Exception e) {
++ String msg = "SSL trustone_ctx FAILED.";
++ dbg(msg);
++ throw new Exception(msg);
+ }
-+ return false;
+ }
+
-+ public void check_for_proxy() {
++ /*
++ * we call this early on to 1) check for a proxy, 2) grab
++ * Browser/JVM accepted HTTPS cert.
++ */
++ public void check_for_proxy_and_grab_vnc_server_cert() {
+
-+ boolean result = false;
-+
+ trusturlCerts = null;
+ proxy_in_use = false;
++
+ if (viewer.ignoreProxy) {
++ /* applet param says skip it. */
++ /* the downside is we do not set trusturlCerts for comparison later... */
++ /* nor do we autodetect x11vnc for GET=1. */
+ return;
+ }
+
++ dbg("------------------------------------------------");
++ dbg("Into check_for_proxy_and_grab_vnc_server_cert():");
++
++ dbg("TRYING HTTPS:");
+ String ustr = "https://" + host + ":";
+ if (viewer.httpsPort != null) {
+ ustr += viewer.httpsPort;
+ } else {
-+ ustr += port; // hmmm
++ ustr += port;
+ }
+ ustr += viewer.urlPrefix + "/check.https.proxy.connection";
+ dbg("ustr is: " + ustr);
+
-+
+ try {
++ /* prepare for an HTTPS URL connection to host:port */
+ URL url = new URL(ustr);
-+ HttpsURLConnection https = (HttpsURLConnection)
-+ url.openConnection();
++ HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
++
++ if (mykey != null) {
++ /* with oneTimeKey (mykey) we can't use the default SSL context */
++ if (trustsrvCerts != null) {
++ dbg("passing trustsrv_ctx to HttpsURLConnection to provide client cert.");
++ https.setSSLSocketFactory(trustsrv_ctx.getSocketFactory());
++ } else if (trustloc_ctx != null) {
++ dbg("passing trustloc_ctx to HttpsURLConnection to provide client cert.");
++ https.setSSLSocketFactory(trustloc_ctx.getSocketFactory());
++ }
++ }
+
+ https.setUseCaches(false);
+ https.setRequestMethod("GET");
+ https.setRequestProperty("Pragma", "No-Cache");
-+ https.setRequestProperty("Proxy-Connection",
-+ "Keep-Alive");
++ https.setRequestProperty("Proxy-Connection", "Keep-Alive");
+ https.setDoInput(true);
+
++ dbg("trying https.connect()");
+ https.connect();
+
++ dbg("trying https.getServerCertificates()");
+ trusturlCerts = https.getServerCertificates();
++
+ if (trusturlCerts == null) {
-+ dbg("set trusturlCerts to null...");
++ dbg("set trusturlCerts to null!");
+ } else {
+ dbg("set trusturlCerts to non-null");
+ }
+
+ if (https.usingProxy()) {
+ proxy_in_use = true;
-+ proxy_is_https = true;
-+ dbg("HTTPS proxy in use. There may be connection problems.");
++ dbg("An HTTPS proxy is in use. There may be connection problems.");
+ }
++
++ dbg("trying https.getContent()");
+ Object output = https.getContent();
++ dbg("trying https.disconnect()");
+ https.disconnect();
-+ result = true;
++ if (! viewer.GET) {
++ String header = https.getHeaderField("VNC-Server");
++ if (header != null && header.startsWith("x11vnc")) {
++ dbg("detected x11vnc server (1), setting GET=1");
++ viewer.GET = true;
++ }
++ }
+
+ } catch(Exception e) {
+ dbg("HttpsURLConnection: " + e.getMessage());
+ }
+
+ if (proxy_in_use) {
++ dbg("exit check_for_proxy_and_grab_vnc_server_cert():");
++ dbg("------------------------------------------------");
++ return;
++ } else if (trusturlCerts != null && !viewer.forceProxy) {
++ /* Allow user to require HTTP check? use forceProxy for now. */
++ dbg("SKIPPING HTTP PROXY CHECK: got trusturlCerts, assuming proxy info is correct.");
++ dbg("exit check_for_proxy_and_grab_vnc_server_cert():");
++ dbg("------------------------------------------------");
+ return;
+ }
+
++ /*
++ * XXX need to remember scenario where this extra check
++ * gives useful info. User's Browser proxy settings?
++ */
++ dbg("TRYING HTTP:");
+ ustr = "http://" + host + ":" + port;
+ ustr += viewer.urlPrefix + "/index.vnc";
++ dbg("ustr is: " + ustr);
+
+ try {
++ /* prepare for an HTTP URL connection to the same host:port (but not httpsPort) */
+ URL url = new URL(ustr);
+ HttpURLConnection http = (HttpURLConnection)
+ url.openConnection();
@@ -3099,45 +3278,64 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ http.setUseCaches(false);
+ http.setRequestMethod("GET");
+ http.setRequestProperty("Pragma", "No-Cache");
-+ http.setRequestProperty("Proxy-Connection",
-+ "Keep-Alive");
++ http.setRequestProperty("Proxy-Connection", "Keep-Alive");
+ http.setDoInput(true);
+
++ dbg("trying http.connect()");
+ http.connect();
+
+ if (http.usingProxy()) {
+ proxy_in_use = true;
-+ proxy_is_https = false;
-+ dbg("HTTP proxy in use. There may be connection problems.");
++ dbg("An HTTP proxy is in use. There may be connection problems.");
+ }
++ dbg("trying http.getContent()");
+ Object output = http.getContent();
++ dbg("trying http.disconnect()");
+ http.disconnect();
-+
++ if (! viewer.GET) {
++ String header = http.getHeaderField("VNC-Server");
++ if (header != null && header.startsWith("x11vnc")) {
++ dbg("detected x11vnc server (2), setting GET=1");
++ viewer.GET = true;
++ }
++ }
+ } catch(Exception e) {
-+ dbg("HttpURLConnection: " + e.getMessage());
++ dbg("HttpURLConnection: " + e.getMessage());
+ }
++ dbg("exit check_for_proxy_and_grab_vnc_server_cert():");
++ dbg("------------------------------------------------");
+ }
+
+ public Socket connectSock() throws IOException {
-+
+ /*
+ * first try a https connection to detect a proxy, and
-+ * also grab the VNC server cert.
++ * grab the VNC server cert at the same time:
+ */
-+ check_for_proxy();
++ check_for_proxy_and_grab_vnc_server_cert();
++
++ boolean srv_cert = false;
+
-+ if (viewer.trustAllVncCerts) {
++ if (trustsrvCerts != null) {
++ /* applet parameter suppled serverCert */
++ dbg("viewer.trustSrvCert-0 using trustsrv_ctx");
++ factory = trustsrv_ctx.getSocketFactory();
++ srv_cert = true;
++ } else if (viewer.trustAllVncCerts) {
++ /* trust all certs (no checking) */
+ dbg("viewer.trustAllVncCerts-0 using trustall_ctx");
+ factory = trustall_ctx.getSocketFactory();
-+ } else if (use_url_cert_for_auth && trusturlCerts != null) {
++ } else if (trusturlCerts != null) {
++ /* trust certs the Browser/JVM accepted in check_for_proxy... */
+ dbg("using trusturl_ctx");
+ factory = trusturl_ctx.getSocketFactory();
+ } else {
++ /* trust the local defaults */
+ dbg("using trustloc_ctx");
+ factory = trustloc_ctx.getSocketFactory();
+ }
+
+ socket = null;
++
+ try {
+ if (proxy_in_use && viewer.forceProxy) {
+ throw new Exception("forcing proxy (forceProxy)");
@@ -3156,7 +3354,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+
+ } catch (Exception esock) {
-+ dbg("esock: " + esock.getMessage());
++ dbg("socket error: " + esock.getMessage());
+ if (proxy_in_use || viewer.CONNECT != null) {
+ proxy_failure = true;
+ if (proxy_in_use) {
@@ -3167,14 +3365,17 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ try {
+ socket = proxy_socket(factory);
+ } catch (Exception e) {
-+ dbg("err proxy_socket: " + e.getMessage());
++ dbg("proxy_socket error: " + e.getMessage());
+ }
++ } else {
++ /* n.b. socket is left in error state to cause ex. below. */
+ }
+ }
+
+ try {
+ socket.startHandshake();
-+ dbg("Server Connection Verified on 1st try.");
++
++ dbg("The Server Connection Verified OK on 1st try.");
+
+ java.security.cert.Certificate[] currentTrustedCerts;
+ BrowserCertsDialog bcd;
@@ -3183,9 +3384,13 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ currentTrustedCerts = sess.getPeerCertificates();
+
+ if (viewer.trustAllVncCerts) {
-+ dbg("viewer.trustAllVncCerts-1");
++ dbg("viewer.trustAllVncCerts-1 keeping socket.");
+ } else if (currentTrustedCerts == null || currentTrustedCerts.length < 1) {
-+ socket.close();
++ try {
++ socket.close();
++ } catch (Exception e) {
++ dbg("socket is grumpy.");
++ }
+ socket = null;
+ throw new SSLHandshakeException("no current certs");
+ }
@@ -3199,20 +3404,28 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+
+ if (viewer.trustAllVncCerts) {
-+ dbg("viewer.trustAllVncCerts-2");
++ dbg("viewer.trustAllVncCerts-2 skipping browser certs dialog");
++ user_wants_to_see_cert = false;
++ } else if (viewer.serverCert != null && trustsrvCerts != null) {
++ dbg("viewer.serverCert-1 skipping browser certs dialog");
+ user_wants_to_see_cert = false;
+ } else if (viewer.trustUrlVncCert) {
-+ dbg("viewer.trustUrlVncCert-1");
++ dbg("viewer.trustUrlVncCert-1 skipping browser certs dialog");
+ user_wants_to_see_cert = false;
+ } else {
++ /* have a dialog with the user: */
+ bcd = new BrowserCertsDialog(serv, host + ":" + port);
-+ dbg("browser certs dialog START");
++ dbg("browser certs dialog begin.");
+ bcd.queryUser();
-+ dbg("browser certs dialog DONE");
++ dbg("browser certs dialog finished.");
++
+ if (bcd.showCertDialog) {
+ String msg = "user wants to see cert";
+ dbg(msg);
+ user_wants_to_see_cert = true;
++ if (cert_fail == null) {
++ cert_fail = "user-view";
++ }
+ throw new SSLHandshakeException(msg);
+ } else {
+ user_wants_to_see_cert = false;
@@ -3221,18 +3434,37 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+
+ } catch (SSLHandshakeException eh) {
-+ dbg("Could not automatically verify Server.");
++ dbg("SSLHandshakeException: could not automatically verify Server.");
+ dbg("msg: " + eh.getMessage());
++
++
++ /* send a cleanup string just in case: */
+ String getoutstr = "GET /index.vnc HTTP/1.0\r\nConnection: close\r\n\r\n";
+
-+ OutputStream os = socket.getOutputStream();
-+ os.write(getoutstr.getBytes());
-+ socket.close();
++ try {
++ OutputStream os = socket.getOutputStream();
++ os.write(getoutstr.getBytes());
++ socket.close();
++ } catch (Exception e) {
++ dbg("socket is grumpy!");
++ }
++
++ /* reload */
++
+ socket = null;
+
++ String reason = null;
++
++ if (srv_cert) {
++ /* for serverCert usage we make this a fatal error. */
++ throw new IOException("Fatal: VNC Server's Cert does not match Applet Parameter 'serverCert=...'");
++ /* see below in TrustDialog were we describe this case to user anyway */
++ }
++
+ /*
+ * Reconnect, trusting any cert, so we can grab
-+ * the cert to show it to the user. The connection
++ * the cert to show it to the user in a dialog
++ * for him to manually accept. This connection
+ * is not used for anything else.
+ */
+ factory = trustall_ctx.getSocketFactory();
@@ -3242,9 +3474,18 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ socket = (SSLSocket) factory.createSocket(host, port);
+ }
+
++ if (debug_certs) {
++ dbg("trusturlCerts: " + trusturlCerts);
++ dbg("trustsrvCerts: " + trustsrvCerts);
++ }
++ if (trusturlCerts == null && cert_fail == null) {
++ cert_fail = "missing-certs";
++ }
++
+ try {
+ socket.startHandshake();
-+ dbg("TrustAll Server Connection Verified.");
++
++ dbg("The TrustAll Server Cert-grab Connection (trivially) Verified OK.");
+
+ /* grab the cert: */
+ try {
@@ -3254,17 +3495,24 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ throw new Exception("Could not get " +
+ "Peer Certificate");
+ }
++ if (debug_certs) {
++ dbg("trustallCerts: " + trustallCerts);
++ }
+
+ if (viewer.trustAllVncCerts) {
-+ dbg("viewer.trustAllVncCerts-3");
++ dbg("viewer.trustAllVncCerts-3. skipping dialog, trusting everything.");
+ } else if (! browser_cert_match()) {
+ /*
+ * close socket now, we will reopen after
+ * dialog if user agrees to use the cert.
+ */
-+ os = socket.getOutputStream();
-+ os.write(getoutstr.getBytes());
-+ socket.close();
++ try {
++ OutputStream os = socket.getOutputStream();
++ os.write(getoutstr.getBytes());
++ socket.close();
++ } catch (Exception e) {
++ dbg("socket is grumpy!!");
++ }
+ socket = null;
+
+ /* dialog with user to accept cert or not: */
@@ -3272,7 +3520,27 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ TrustDialog td= new TrustDialog(host, port,
+ trustallCerts);
+
-+ if (! td.queryUser()) {
++ if (cert_fail == null) {
++ ;
++ } else if (cert_fail.equals("user-view")) {
++ reason = "Reason for this Dialog:\n\n"
++ + " You Asked to View the Certificate.";
++ } else if (cert_fail.equals("server-cert-mismatch")) {
++ /* this is now fatal error, see above. */
++ reason = "Reason for this Dialog:\n\n"
++ + " The VNC Server's Certificate does not match the Certificate\n"
++ + " specified in the supplied 'serverCert' Applet Parameter.";
++ } else if (cert_fail.equals("cert-mismatch")) {
++ reason = "Reason for this Dialog:\n\n"
++ + " The VNC Server's Certificate does not match the Website's\n"
++ + " HTTPS Certificate (that you previously accepted; either\n"
++ + " manually or automatically via Certificate Authority.)";
++ } else if (cert_fail.equals("missing-certs")) {
++ reason = "Reason for this Dialog:\n\n"
++ + " Not all Certificates could be obtained to check.";
++ }
++
++ if (! td.queryUser(reason)) {
+ String msg = "User decided against it.";
+ dbg(msg);
+ throw new IOException(msg);
@@ -3280,24 +3548,26 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+
+ } catch (Exception ehand2) {
-+ dbg("** Could not TrustAll Verify Server.");
++ dbg("** Could not TrustAll Verify Server!");
+
+ throw new IOException(ehand2.getMessage());
+ }
+
++ /* reload again: */
++
+ if (socket != null) {
+ try {
+ socket.close();
+ } catch (Exception e) {
-+ ;
++ dbg("socket is grumpy!!!");
+ }
+ socket = null;
+ }
+
+ /*
+ * Now connect a 3rd time, using the cert
-+ * retrieved during connection 2 (that the user
-+ * likely blindly agreed to).
++ * retrieved during connection 2 (sadly, that
++ * the user likely blindly agreed to...)
+ */
+
+ factory = trustone_ctx.getSocketFactory();
@@ -3309,15 +3579,18 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+
+ try {
+ socket.startHandshake();
-+ dbg("TrustAll Server Connection Verified #3.");
++ dbg("TrustAll/TrustOne Server Connection Verified #3.");
+
+ } catch (Exception ehand3) {
-+ dbg("** Could not TrustAll Verify Server #3.");
++ dbg("** Could not TrustAll/TrustOne Verify Server #3.");
+
+ throw new IOException(ehand3.getMessage());
+ }
+ }
+
++ /* we have socket (possibly null) at this point, so proceed: */
++
++ /* handle x11vnc GET=1, if applicable: */
+ if (socket != null && viewer.GET) {
+ String str = "GET ";
+ str += viewer.urlPrefix;
@@ -3325,9 +3598,11 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ str += " HTTP/1.0\r\n";
+ str += "Pragma: No-Cache\r\n";
+ str += "\r\n";
++
+ System.out.println("sending GET: " + str);
+ OutputStream os = socket.getOutputStream();
+ String type = "os";
++
+ if (type == "os") {
+ os.write(str.getBytes());
+ os.flush();
@@ -3358,9 +3633,56 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+
+ dbg("SSL returning socket to caller.");
++ dbg("");
++
++ /* could be null, let caller handle that. */
+ return (Socket) socket;
+ }
+
++ boolean browser_cert_match() {
++ String msg = "Browser URL accept previously accepted cert";
++
++ if (user_wants_to_see_cert) {
++ return false;
++ }
++
++ if (viewer.serverCert != null || trustsrvCerts != null) {
++ if (cert_fail == null) {
++ cert_fail = "server-cert-mismatch";
++ }
++ }
++ if (trustallCerts != null && trusturlCerts != null) {
++ if (trustallCerts.length == trusturlCerts.length) {
++ boolean ok = true;
++ /* check toath trustallCerts (socket) equals trusturlCerts (browser) */
++ for (int i = 0; i < trusturlCerts.length; i++) {
++ if (! trustallCerts[i].equals(trusturlCerts[i])) {
++ dbg("BCM: cert mismatch at i=" + i);
++ dbg("BCM: cert mismatch url" + trusturlCerts[i]);
++ dbg("BCM: cert mismatch all" + trustallCerts[i]);
++ ok = false;
++ }
++ }
++ if (ok) {
++ System.out.println(msg);
++ if (cert_fail == null) {
++ cert_fail = "did-not-fail";
++ }
++ return true;
++ } else {
++ if (cert_fail == null) {
++ cert_fail = "cert-mismatch";
++ }
++ return false;
++ }
++ }
++ }
++ if (cert_fail == null) {
++ cert_fail = "missing-certs";
++ }
++ return false;
++ }
++
+ private void dbg(String s) {
+ if (debug) {
+ System.out.println(s);
@@ -3378,6 +3700,8 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ return n;
+ }
+
++ /* this will do the proxy CONNECT negotiation and hook us up. */
++
+ private void proxy_helper(String proxyHost, int proxyPort) {
+
+ boolean proxy_auth = false;
@@ -3385,14 +3709,15 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ String hp = host + ":" + port;
+ dbg("proxy_helper: " + proxyHost + ":" + proxyPort + " hp: " + hp);
+
++ /* we loop here a few times trying for the password case */
+ for (int k=0; k < 2; k++) {
-+ dbg("proxy_in_use psocket:");
++ dbg("proxy_in_use psocket: " + k);
+
+ if (proxySock != null) {
+ try {
+ proxySock.close();
+ } catch (Exception e) {
-+ ;
++ dbg("proxy socket is grumpy.");
+ }
+ }
+
@@ -3405,7 +3730,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ String req1 = "CONNECT " + hp + " HTTP/1.1\r\n"
+ + "Host: " + hp + "\r\n";
+
-+ dbg("requesting: " + req1);
++ dbg("requesting via proxy: " + req1);
+
+ if (proxy_auth) {
+ if (proxy_auth_string == null) {
@@ -3414,10 +3739,13 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ proxy_auth_string = pp.getAuth();
+ }
+ //dbg("auth1: " + proxy_auth_string);
++
+ String auth2 = Base64Coder.encodeString(proxy_auth_string);
+ //dbg("auth2: " + auth2);
++
+ req1 += "Proxy-Authorization: Basic " + auth2 + "\r\n";
+ //dbg("req1: " + req1);
++
+ dbg("added Proxy-Authorization: Basic ... to request");
+ }
+ req1 += "\r\n";
@@ -3440,9 +3768,10 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+ }
+ } catch(Exception e) {
-+ dbg("sock prob: " + e.getMessage());
++ dbg("some proxy socket problem: " + e.getMessage());
+ }
+
++ /* read the rest of the HTTP headers */
+ while (true) {
+ String line = readline(proxy_is);
+ dbg("proxy line: " + line.trim());
@@ -3462,6 +3791,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+ }
+ if (!proxy_auth || proxy_auth_basic_realm.equals("")) {
++ /* we only try once for the non-password case: */
+ break;
+ }
+ }
@@ -3479,6 +3809,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ try {
+ props = System.getProperties();
+ } catch (Exception e) {
++ /* sandboxed applet might not be able to read it. */
+ dbg("props failed: " + e.getMessage());
+ }
+ if (viewer.proxyHost != null) {
@@ -3495,6 +3826,8 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ props.list(System.out);
+ dbg("\n---------------\n\n");
+
++ /* scrape throught properties looking for proxy info: */
++
+ for (Enumeration e = props.propertyNames(); e.hasMoreElements(); ) {
+ String s = (String) e.nextElement();
+ String v = System.getProperty(s);
@@ -3617,7 +3950,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ }
+ }
+ } catch(Exception e) {
-+ dbg("sock prob2: " + e.getMessage());
++ dbg("proxy socket problem-2: " + e.getMessage());
+ }
+
+ while (true) {
@@ -3701,7 +4034,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ msg = "VNC Server " + host + ":" + port + " Not Verified";
+ }
+
-+ public boolean queryUser() {
++ public boolean queryUser(String reason) {
+
+ /* create and display the dialog for unverified cert. */
+
@@ -3714,6 +4047,9 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ CertInfo ci = new CertInfo(trustallCerts[0]);
+ infostr = ci.get_certinfo("all");
+ }
++ if (reason != null) {
++ reason += "\n\n";
++ }
+
+ text = "\n"
++ "Unable to verify the identity of\n"
@@ -3724,28 +4060,38 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
++ "\n"
++ "as a trusted VNC server.\n"
++ "\n"
-++ "This may be due to:\n"
+++ reason
+++ "In General not being able to verify the VNC Server and/or your seeing this Dialog\n"
+++ "is due to one of the following:\n"
++ "\n"
++ " - Your requesting to View the Certificate before accepting.\n"
++ "\n"
-++ " - The VNC server using a Self-Signed Certificate.\n"
+++ " - The VNC server is using a Self-Signed Certificate or a Certificate\n"
+++ " Authority not recognized by your Web Browser or Java Plugin runtime.\n"
+++ "\n"
+++ " - The use of an Apache SSL portal scheme employing CONNECT proxying AND\n"
+++ " the Apache Web server has a certificate *different* from the VNC server's.\n"
++ "\n"
-++ " - The VNC server using a Certificate Authority not recognized by your\n"
-++ " Browser or Java Plugin runtime.\n"
+++ " - No previously accepted Certificate (via Web Broswer/Java Plugin) could be\n"
+++ " obtained by this applet to compare the VNC Server Certificate against.\n"
++ "\n"
-++ " - The use of an Apache SSL portal employing CONNECT proxying and the\n"
-++ " Apache web server has a certificate different from the VNC server's. \n"
+++ " - The VNC Server's Certificate does not match the one specified in the\n"
+++ " supplied 'serverCert' Java Applet Parameter.\n"
++ "\n"
-++ " - A Man-In-The-Middle attack impersonating as the VNC server you wish\n"
+++ " - A Man-In-The-Middle attack impersonating as the VNC server that you wish\n"
++ " to connect to. (Wouldn't that be exciting!!)\n"
++ "\n"
-++ "By safely copying the VNC server's Certificate (or using a common\n"
-++ "Certificate Authority certificate) you can configure your Web Browser or\n"
-++ "Java Plugin to automatically authenticate this Server.\n"
+++ "By safely copying the VNC server's Certificate (or using a common Certificate\n"
+++ "Authority certificate) you can configure your Web Browser and Java Plugin to\n"
+++ "automatically authenticate this VNC Server.\n"
++ "\n"
-++ "If you do so, then you will only have to click \"Yes\" when this VNC\n"
-++ "Viewer applet asks you whether to trust your Browser/Java Plugin's\n"
-++ "acceptance of the certificate. (except for the Apache portal case above.)\n"
+++ "If you do so, then you will only have to click \"Yes\" when this VNC Viewer\n"
+++ "applet asks you whether to trust your Browser/Java Plugin's acceptance of the\n"
+++ "certificate (except for the Apache portal case above where they don't match.)\n"
+++ "\n"
+++ "You can also set the applet parameter 'trustUrlVncCert=yes' to automatically\n"
+++ "accept certificates already accepted/trusted by your Web Browser/Java Plugin,\n"
+++ "and thereby see no dialog from this VNC Viewer applet.\n"
+;
+
+ /* the accept / do-not-accept radio buttons: */
@@ -3781,7 +4127,7 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+ label.setFont(new Font("Helvetica", Font.BOLD, 16));
+
+ /* textarea in the middle */
-+ textarea = new TextArea(text, 36, 64,
++ textarea = new TextArea(text, 38, 64,
+ TextArea.SCROLLBARS_VERTICAL_ONLY);
+ textarea.setEditable(false);
+
@@ -4133,22 +4479,19 @@ diff -Naur JavaViewer.orig/SSLSocketToMe.java JavaViewer/SSLSocketToMe.java
+m += "\n";
+m += "on its own.\n";
+m += "\n";
-+m += "However, it has noticed that your Web Browser or Java VM Plugin\n";
++m += "However, it has noticed that your Web Browser and/or Java VM Plugin\n";
+m += "has previously accepted the same certificate. You may have set\n";
+m += "this up permanently or just for this session, or the server\n";
+m += "certificate was signed by a CA cert that your Web Browser or\n";
+m += "Java VM Plugin has.\n";
+m += "\n";
++m += "If the VNC Server connection times out while you are reading this\n";
++m += "dialog, then restart the connection and try again.\n";
++m += "\n";
+m += "Should this VNC Viewer applet now connect to the above VNC server?\n";
+m += "\n";
+
-+// String m = "\nShould this VNC Viewer applet use your Browser/JVM certs to\n";
-+// m += "authenticate the VNC Server:\n";
-+// m += "\n " + hostport + "\n\n " + vncServer + "\n\n";
-+// m += "(NOTE: this *includes* any certs you have Just Now accepted in a\n";
-+// m += "dialog box with your Web Browser or Java Applet Plugin)\n\n";
-+
-+ TextArea textarea = new TextArea(m, 20, 64,
++ TextArea textarea = new TextArea(m, 22, 64,
+ TextArea.SCROLLBARS_VERTICAL_ONLY);
+ textarea.setEditable(false);
+ yes = new Button("Yes");
@@ -4483,8 +4826,16 @@ diff -Naur JavaViewer.orig/VncCanvas.java JavaViewer/VncCanvas.java
result = 0; // Transparent pixel
diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
--- JavaViewer.orig/VncViewer.java 2006-05-24 15:14:40.000000000 -0400
-+++ JavaViewer/VncViewer.java 2010-02-22 21:58:51.000000000 -0500
-@@ -80,11 +80,11 @@
++++ JavaViewer/VncViewer.java 2010-03-20 19:50:16.000000000 -0400
+@@ -41,6 +41,7 @@
+ import java.io.*;
+ import java.net.*;
+ import javax.swing.*;
++import java.util.Date;
+
+ public class VncViewer extends java.applet.Applet
+ implements java.lang.Runnable, WindowListener {
+@@ -80,11 +81,11 @@
GridBagLayout gridbag;
ButtonPanel buttonPanel;
AuthPanel authenticator;
@@ -4498,7 +4849,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// Control session recording.
Object recordingSync;
-@@ -96,7 +96,7 @@
+@@ -96,7 +97,7 @@
// Variables read from parameter values.
String host;
@@ -4507,7 +4858,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
String passwordParam;
String encPasswordParam;
boolean showControls;
-@@ -115,28 +115,71 @@
+@@ -115,28 +116,72 @@
int i;
// mslogon support 2 end
@@ -4518,6 +4869,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
+String urlPrefix;
+String httpsPort;
+String oneTimeKey;
++String serverCert;
+String ftpDropDown;
+String proxyHost;
+String proxyPort;
@@ -4585,7 +4937,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// authenticator = new AuthPanel(false); // mslogon support : go to connectAndAuthenticate()
if (RecordingFrame.checkSecurity())
rec = new RecordingFrame(this);
-@@ -147,10 +190,11 @@
+@@ -147,10 +192,11 @@
cursorUpdatesDef = null;
eightBitColorsDef = null;
@@ -4599,7 +4951,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
rfbThread = new Thread(this);
rfbThread.start();
}
-@@ -186,6 +230,30 @@
+@@ -186,6 +232,30 @@
gbc.weightx = 1.0;
gbc.weighty = 1.0;
@@ -4630,7 +4982,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// Add ScrollPanel to applet mode
// Create a panel which itself is resizeable and can hold
-@@ -286,6 +354,24 @@
+@@ -286,6 +356,24 @@
void connectAndAuthenticate() throws Exception {
@@ -4655,7 +5007,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// If "ENCPASSWORD" parameter is set, decrypt the password into
// the passwordParam string.
-@@ -336,7 +422,22 @@
+@@ -336,7 +424,22 @@
//
@@ -4679,7 +5031,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
authenticator = new AuthPanel(mslogon);
-@@ -390,6 +491,10 @@
+@@ -390,6 +493,10 @@
break;
//mslogon support end
@@ -4690,7 +5042,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
// Retry on authentication failure.
authenticator.retry();
}
-@@ -405,9 +510,11 @@
+@@ -405,9 +512,11 @@
void prologueDetectAuthProtocol() throws Exception {
@@ -4704,7 +5056,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
System.out.println("RFB server supports protocol version " +
rfb.serverMajor + "." + rfb.serverMinor);
-@@ -431,16 +538,36 @@
+@@ -431,16 +540,36 @@
boolean tryAuthenticate(String us, String pw) throws Exception {
@@ -4747,7 +5099,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
switch (authScheme) {
-@@ -629,6 +756,10 @@
+@@ -629,6 +758,10 @@
void doProtocolInitialisation() throws IOException {
@@ -4758,9 +5110,12 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
rfb.writeClientInit();
rfb.readServerInit();
-@@ -775,8 +906,25 @@
+@@ -774,9 +907,28 @@
+ fatalError("HOST parameter not specified");
}
}
++ Date d = new Date();
++ System.out.println("-\nSSL VNC Java Applet starting. " + d);
- String str = readParameter("PORT", true);
- port = Integer.parseInt(str);
@@ -4786,7 +5141,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
if (inAnApplet) {
str = readParameter("Open New Window", false);
-@@ -804,6 +952,138 @@
+@@ -804,6 +956,143 @@
deferScreenUpdates = readIntParameter("Defer screen updates", 20);
deferCursorUpdates = readIntParameter("Defer cursor updates", 10);
deferUpdateRequests = readIntParameter("Defer update requests", 50);
@@ -4840,7 +5195,12 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
+
+ oneTimeKey = readParameter("oneTimeKey", false);
+ if (oneTimeKey != null) {
-+ System.out.println("oneTimeKey: is set");
++ System.out.println("oneTimeKey is set.");
++ }
++
++ serverCert = readParameter("serverCert", false);
++ if (serverCert != null) {
++ System.out.println("serverCert is set.");
+ }
+
+ forceProxy = false;
diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog
index fb6f8ad..0117e45 100644
--- a/x11vnc/ChangeLog
+++ b/x11vnc/ChangeLog
@@ -1,3 +1,16 @@
+2010-03-20 Karl Runge <runge@karlrunge.com>
+ * classes/ssl: Many improvements to Java SSL applet, onetimekey
+ serverCert param, debugging printout, user dialogs, catch
+ socket exceptions, autodetect x11vnc for GET=1.
+ * x11vnc: misc/scripts: desktop.cgi, inet6to4, panner.pl.
+ X11VNC_HTTPS_DOWNLOAD_WAIT_TIME, -unixpw %xxx documented, and
+ can run user cmd in UNIXPW_CMD. FD_XDMCP_IF for create script,
+ autodetect dm on udp6 only. Queries: pointer_x, pointer_y,
+ pointer_same, pointer_root. Switch on -xkd if keysyms per key >
+ 4 in all cases. daemon mode improvements for connect_switch,
+ inet6to4, ultravnc_repeater.pl. Dynamic change of -clip do
+ not create new fb if WxH is unchanged.
+
2010-02-22 Karl Runge <runge@karlrunge.com>
* classes/ssl: Java SSL applet viewer now works with certificate
chains.
diff --git a/x11vnc/README b/x11vnc/README
index 6aa88b4..a291367 100644
--- a/x11vnc/README
+++ b/x11vnc/README
@@ -2,7 +2,7 @@
Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com>
All rights reserved.
-x11vnc README file Date: Mon Feb 22 22:22:33 EST 2010
+x11vnc README file Date: Sat Mar 20 23:15:32 EDT 2010
The following information is taken from these URLs:
@@ -42,8 +42,8 @@ x11vnc: a VNC server for real X displays
passwords where the user does not need to memorize his VNC
display/port number. Normally a virtual X session (Xvfb) is created
for each user, but it also works with X sessions on physical hardware.
- See the [21]tsvnc terminal services mode of the SSVNC viewer that
- takes advantage of this mode.
+ See the [21]tsvnc terminal services mode of the SSVNC viewer for one
+ way to take advantage of this mode.
I wrote x11vnc back in 2002 because x0rfbserver was basically
impossible to build on Solaris and had poor performance. The primary
@@ -63,7 +63,7 @@ x11vnc: a VNC server for real X displays
massive, but you can often use your browser's find-in-page search
action using a keyword to find the answer to your problem or question.
- Please help [27]beta test the new performance speedup feature using
+ Please help [27]test the performance speedup feature using
[28]viewer-side pixel caching "ncache".
SSVNC: An x11vnc side-project provides an [29]Enhanced TightVNC
@@ -192,8 +192,10 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
remote shell. Then fix this with the tips [44]below.
Note as of Feb/2007 you can also try the [45]-find option instead of
- "-display ..." and see if that finds your display and Xauthority. (End
- of Common Gotcha)
+ "-display ..." and see if that finds your display and Xauthority. Note
+ as of Dec/2009 the [46]-findauth and "[47]-auth guess" options may be
+ helpful as well.
+ (End of Common Gotcha)
When x11vnc starts up there will then be much chatter printed out (use
"-q" to quiet it), until it finally says something like:
@@ -210,10 +212,11 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
Step 3. At the place where you are sitting (sitting-here.west in this
example) you now want to run a VNC viewer program. There are VNC
viewers for Unix, Windows, MacOS, Java-enabled web browsers, and even
- for PDA's like the Palm Pilot! You can use any of them to connect to
- x11vnc (see the above VNC links under "Background:" on how to obtain a
- viewer for your platform or see [46]this FAQ. For Solaris, vncviewer
- is available in the [47]Companion CD package SFWvnc.)
+ for PDA's like the Palm Pilot and Cell Phones! You can use any of them
+ to connect to x11vnc (see the above VNC links under "Background:" on
+ how to obtain a viewer for your platform or see [48]this FAQ. For
+ Solaris, vncviewer is available in the [49]Companion CD package
+ SFWvnc.)
In this example we'll use the Unix vncviewer program on sitting-here
by typing the following command in a second terminal window:
@@ -223,36 +226,36 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
That should pop up a viewer window on sitting-here.west showing and
allowing interaction with the far-away.east:0 X11 desktop. Pretty
nifty! When finished, exit the viewer: the remote x11vnc process will
- shutdown automatically (or you can use the [48]-forever option to have
+ shutdown automatically (or you can use the [50]-forever option to have
it wait for additional viewer connections.)
- Common Gotcha: Nowadays there will likely be a host-level [49]firewall
+ Common Gotcha: Nowadays there will likely be a host-level [51]firewall
on the x11vnc side that is blocking remote access to the VNC port
(e.g. 5900.) You will either have to open up that port (or a range of
- ports) in your firewall administration tool, or try the [50]SSH
+ ports) in your firewall administration tool, or try the [52]SSH
tunnelling method below (even still the firewall must allow in the SSH
port, 22.)
Shortcut: Of course if you left x11vnc running on far-away.east:0 in a
- terminal window with the [51]-forever option or as a [52]service,
+ terminal window with the [53]-forever option or as a [54]service,
you'd only have to do Step 3 as you moved around. Be sure to use a VNC
- [53]Password or [54]other measures if you do that.
+ [55]Password or [56]other measures if you do that.
Super Shortcut: Here is a potentially very easy way to get all of it
working.
* Have x11vnc (0.9.3 or later) available to run on the remote host
(i.e. in $PATH.)
- * Download and unpack a [55]SSVNC bundle (1.0.19 or later, e.g.
- [56]ssvnc_no_windows-1.0.23.tar.gz) on the Viewer-side machine.
+ * Download and unpack a [57]SSVNC bundle (1.0.19 or later, e.g.
+ [58]ssvnc_no_windows-1.0.23.tar.gz) on the Viewer-side machine.
* Start the SSVNC Terminal Services mode GUI: ./ssvnc/bin/tsvnc
* Enter your remote username@hostname (e.g. fred@far-away.east) in
the "VNC Terminal Server" entry.
* Click "Connect".
That will do an SSH to username@hostname and start up x11vnc and then
- connect a VNC Viewer through the SSH [57]encrypted tunnel.
+ connect a VNC Viewer through the SSH [59]encrypted tunnel.
There are a number of things assumed here, first that you are able to
SSH into the remote host; i.e. that you have a Unix account there and
@@ -261,7 +264,7 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
plink binary is included in the SSVNC bundle.) Finally, it is assumed
that you are already logged into an X session on the remote machine,
e.g. your workstation (otherwise, a virtual X server, e.g. Xvfb, will
- be [58]started for you.)
+ be [60]started for you.)
In some cases the remote SSH server will not run commands with the
same $PATH that you normally have in your shell there. In this case
@@ -283,7 +286,7 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
For these cases it should be obvious how it is done. The above steps
will work, but more easily the user sitting at far-away.east:0 simply
starts up x11vnc from a terminal window, after which the guests would
- start their VNC viewers. For this usage mode the "[59]-connect
+ start their VNC viewers. For this usage mode the "[61]-connect
host1,host2" option may be of use to automatically connect to the
vncviewers in "-listen" mode on the list of hosts.
_________________________________________________________________
@@ -319,7 +322,7 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
Note that "x11vnc -localhost ..." limits incoming vncviewer
connections to only those from the same machine. This is very natural
for ssh tunnelling (the redirection appears to come from the same
- machine.) Use of a [60]VNC password is also strongly recommended.
+ machine.) Use of a [62]VNC password is also strongly recommended.
Note also the -t we used above (force allocate pseudoterminal), it
actually seems to improve interactive typing response via VNC!
@@ -335,16 +338,16 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
Some VNC viewers will do the ssh tunnelling for you automatically, the
TightVNC Unix vncviewer does this when the "-via far-away.east" option
is supplied to it (this requires x11vnc to be already running on
- far-away.east or having it started by [61]inetd(8).) See the 3rd
- script example [62]below for more info.
+ far-away.east or having it started by [63]inetd(8).) See the 3rd
+ script example [64]below for more info.
- SSVNC: You may also want to look at the [63]Enhanced TightVNC Viewer
+ SSVNC: You may also want to look at the [65]Enhanced TightVNC Viewer
(ssvnc) bundles because they contain scripts and GUIs to automatically
set up SSH tunnels (e.g. the GUI, "ssvnc", does it automatically and
so does this command: "ssvnc_cmd -ssh user@far-away.east:0") and can
even start up x11vnc as well.
- The [64]Terminal Services mode of SSVNC is perhaps the easiest way to
+ The [66]Terminal Services mode of SSVNC is perhaps the easiest way to
use x11vnc. You just need to have x11vnc available in $PATH on the
remote side (and can SSH to the host), and then on the viewer-side you
type something like:
@@ -368,13 +371,13 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
Once logged in, you'll need to do a second login (ssh, rsh, etc.) to
the workstation machine 'OtherHost' and then start up x11vnc on it (if
- it isn't already running.) (The "[65]-connect gateway:59xx" option may
+ it isn't already running.) (The "[67]-connect gateway:59xx" option may
be another alternative here with the viewer already in -listen mode.)
For an automatic way to use a gateway and have all the network traffic
- encrypted (including inside the firewall) see [66]Chaining SSH's.
+ encrypted (including inside the firewall) see [68]Chaining SSH's.
These gateway access modes also can be done automatically for you via
- the "Proxy/Gateway" setting in [67]SSVNC (including the Chaining SSH's
+ the "Proxy/Gateway" setting in [69]SSVNC (including the Chaining SSH's
case, "Double Proxy".)
Firewalls/Routers:
@@ -390,7 +393,7 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
One thing that can be done is to redirect a port on the
Firewall/Router to, say, the SSH port (22) on an inside machine (how
to do this depends on your particular Firewall/Router, often the
- router config URL is http://192.168.100.1 See [68]www.portforward.com
+ router config URL is http://192.168.100.1 See [70]www.portforward.com
for more info.) This way you reach these computers from anywhere on
the Internet and use x11vnc to view X sessions running on them.
@@ -408,7 +411,7 @@ nc -localhost -display :0'
Where far-away.east means the hostname (or IP) that the
Router/Firewall is using (for home setups this is usually the IP
- gotten from your ISP via DHCP, the site [69]http://www.whatismyip.com/
+ gotten from your ISP via DHCP, the site [71]http://www.whatismyip.com/
is a convenient way to determine what it is.)
It is a good idea to add some obscurity to accessing your system via
@@ -419,7 +422,7 @@ nc -localhost -display :0'
Port 22 -> 192.168.1.3, Port 22 (SSH)
Again, this SSH gateway access can be done automatically for you via
- the "Proxy/Gateway" setting in [70]SSVNC. And under the "Remote SSH
+ the "Proxy/Gateway" setting in [72]SSVNC. And under the "Remote SSH
Command" setting you can enter the x11vnc -localhost -display :0.
Host-Level-Firewalls: even with the hardware Firewall/Router problem
@@ -436,7 +439,7 @@ nc -localhost -display :0'
Port 5901 -> 192.168.1.4, Port 5900 (VNC)
(where 192.168.1.3 is "jills-pc" and 192.168.1.4 is "freds-pc".) This
- could be used for normal, unencrypted connections and also for [71]SSL
+ could be used for normal, unencrypted connections and also for [73]SSL
encrypted ones.
The the VNC displays to enter in the VNC viewer would be, say,
@@ -450,7 +453,7 @@ nc -localhost -display :0'
vncviewer 24.56.78.93:0
The IP address would need to be communicated to the person running the
- VNC Viewer. The site [72]http://www.whatismyip.com/ can help here.
+ VNC Viewer. The site [74]http://www.whatismyip.com/ can help here.
_________________________________________________________________
@@ -459,7 +462,7 @@ nc -localhost -display :0'
above port and display numbers may change a bit (e.g. -> 5901 and :1).
However, if you "know" port 5900 will be free on the local and remote
machines, you can easily automate the above two steps by using the
- x11vnc option [73]-bg (forks into background after connection to the
+ x11vnc option [75]-bg (forks into background after connection to the
display is set up) or using the -f option of ssh. Some example scripts
are shown below. Feel free to try the ssh -C to enable its compression
and see if that speeds things up noticeably.
@@ -492,7 +495,7 @@ done
#2. Another method is to start the VNC viewer in listen mode
"vncviewer -listen" and have x11vnc initiate a reverse connection
- using the [74]-connect option:
+ using the [76]-connect option:
#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
# e.g.: x11vnc_ssh snoopy.peanuts.com:0
@@ -535,7 +538,7 @@ export VNC_VIA_CMD
vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
Of course if you already have the x11vnc running waiting for
- connections (or have it started out of [75]inetd(8)), you can simply
+ connections (or have it started out of [77]inetd(8)), you can simply
use the TightVNC "vncviewer -via gateway host:port" in its default
mode to provide secure ssh tunnelling.
_________________________________________________________________
@@ -543,38 +546,38 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
VNC password file: Also note in the #1. example script that the
- [76]option "-rfbauth .vnc/passwd" provides additional protection by
+ [78]option "-rfbauth .vnc/passwd" provides additional protection by
requiring a VNC password for every VNC viewer that connects. The
- vncpasswd or storepasswd programs, or the x11vnc [77]-storepasswd
+ vncpasswd or storepasswd programs, or the x11vnc [79]-storepasswd
option can be used to create the password file. x11vnc also has the
- slightly less secure [78]-passwdfile and "-passwd XXXXX" [79]options
+ slightly less secure [80]-passwdfile and "-passwd XXXXX" [81]options
to specify passwords.
Very Important: It is up to YOU to tell x11vnc to use password
protection (-rfbauth or -passwdfile), it will NOT do it for you
- automatically or force you to (use [80]-usepw if you want to be forced
+ automatically or force you to (use [82]-usepw if you want to be forced
to.) The same goes for encrypting the channel between the viewer and
- x11vnc: it is up to you to use ssh, stunnel, [81]-ssl mode, a VPN,
- etc. (use the [82]Enhanced TightVNC Viewer (SSVNC) GUI if you want to
+ x11vnc: it is up to you to use ssh, stunnel, [83]-ssl mode, a VPN,
+ etc. (use the [84]Enhanced TightVNC Viewer (SSVNC) GUI if you want to
be forced to use SSL or SSH.) For additional safety, also look into
- the -allow and -localhost [83]options and building x11vnc with
- [84]tcp_wrappers support to limit host access.
+ the -allow and -localhost [85]options and building x11vnc with
+ [86]tcp_wrappers support to limit host access.
_________________________________________________________________
Tunnelling x11vnc via SSL/TLS:
One can also encrypt the VNC traffic using an SSL/TLS tunnel such as
- [85]stunnel.mirt.net (also [86]stunnel.org) or using the built-in
- (Mar/2006) [87]-ssl openssl mode. A SSL-enabled Java applet VNC Viewer
+ [87]stunnel.mirt.net (also [88]stunnel.org) or using the built-in
+ (Mar/2006) [89]-ssl openssl mode. A SSL-enabled Java applet VNC Viewer
is also provided in the x11vnc package (and https can be used to
download it.)
Although not as ubiquitous as ssh, SSL tunnelling still provides a
- useful alternative. See [88]this FAQ on -ssl and -stunnel modes for
+ useful alternative. See [90]this FAQ on -ssl and -stunnel modes for
details and examples.
- The [89]Enhanced TightVNC Viewer (SSVNC) bundles contain some
+ The [91]Enhanced TightVNC Viewer (SSVNC) bundles contain some
convenient utilities to automatically set up an SSL tunnel from the
viewer-side (i.e. to connect to "x11vnc -ssl ...".) And many other
enhancements too.
@@ -582,29 +585,29 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
Downloading x11vnc:
- x11vnc is a contributed program to the [90]LibVNCServer project at
+ x11vnc is a contributed program to the [92]LibVNCServer project at
SourceForge.net. I use libvncserver for all of the VNC aspects; I
couldn't have done without it. The full source code may be found and
downloaded (either file-release tarball or GIT tree) from the above
- link. As of Dec 2009, the [91]x11vnc-0.9.9.tar.gz source package is
- released (recommended download). The [92]x11vnc 0.9.9 release notes.
+ link. As of Dec 2009, the [93]x11vnc-0.9.9.tar.gz source package is
+ released (recommended download). The [94]x11vnc 0.9.9 release notes.
The x11vnc package is the subset of the libvncserver package needed to
build the x11vnc program. Also, you can get a copy of my latest,
- bleeding edge [93]x11vnc-0.9.10.tar.gz tarball to build the most up to
- date one.
+ bleeding edge [95]x11vnc-0.9.10-dev.tar.gz tarball to build the most
+ up to date one.
- Precompiled Binaries/Packages: See the [94]FAQ below for information
+ Precompiled Binaries/Packages: See the [96]FAQ below for information
about where you might obtain a precompiled x11vnc binary from 3rd
parties and some ones I create.
VNC Viewers: To obtain VNC viewers for the viewing side (Windows, Mac
OS, or Unix) try these links:
- * [95]http://www.tightvnc.com/download.html
- * [96]http://www.realvnc.com/download-free.html
- * [97]http://sourceforge.net/projects/cotvnc/
- * [98]http://www.ultravnc.com/
- * [99]Our Enhanced TightVNC Viewer (SSVNC)
+ * [97]http://www.tightvnc.com/download.html
+ * [98]http://www.realvnc.com/download-free.html
+ * [99]http://sourceforge.net/projects/cotvnc/
+ * [100]http://www.ultravnc.com/
+ * [101]Our Enhanced TightVNC Viewer (SSVNC)
[ssvnc.gif]
@@ -617,16 +620,16 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
rx11vnc.pl that attempts to tunnel the vnc traffic through an ssh port
redirection (and does not assume port 5900 is free.) Have a look at
them to see what they do and customize as needed:
- * [100]rx11vnc wrapper script
- * [101]rx11vnc.pl wrapper script to tunnel traffic thru ssh
+ * [102]rx11vnc wrapper script
+ * [103]rx11vnc.pl wrapper script to tunnel traffic thru ssh
_________________________________________________________________
Building x11vnc:
- Make sure you have all the needed [102]build/compile/development
+ Make sure you have all the needed [104]build/compile/development
packages installed (e.g. Linux distributions foolishly don't install
- them by default.)
+ them by default.) See this [105]build FAQ for more details.
If your OS has libjpeg.so and libz.so in standard locations you can
build as follows (example given for the 0.9.9 release of x11vnc:
@@ -653,8 +656,8 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
Note: Currently gcc is recommended to build libvncserver. In some
cases it will build with non-gcc compilers, but the resulting binary
sometimes fails to run properly. For Solaris pre-built gcc binaries
- are at [103]http://www.sunfreeware.com/. Some Solaris pre-built x11vnc
- binaries are [104]here.
+ are at [106]http://www.sunfreeware.com/. Some Solaris pre-built x11vnc
+ binaries are [107]here.
However, one user reports it does work fine when built with Sun Studio
10, so YMMV. In fact, here is a little build script to do this on
@@ -674,12 +677,12 @@ export MAKE AM_CFLAGS
$MAKE
In general you can use the "make -e" trick if you don't like
- libvncserver's choice of AM_CFLAGS. See the [105]build scripts below
+ libvncserver's choice of AM_CFLAGS. See the [108]build scripts below
for more ideas. Scripts similar to the above have been shown to work
with vendor C compilers on HP-UX (ccom: HP92453-01) and Tru64 (Compaq
C V6.5-011.)
- You can find information on [106]Misc. Build problems here.
+ You can find information on [109]Misc. Build problems here.
_________________________________________________________________
@@ -717,9 +720,9 @@ r/sfw; make'
If your system does not have these libraries at all you can get the
source for the libraries to build them: libjpeg is available at
- [107]ftp://ftp.uu.net/graphics/jpeg/ and zlib at
- [108]http://www.gzip.org/zlib/. See also
- [109]http://www.sunfreeware.com/ for Solaris binary packages of these
+ [110]ftp://ftp.uu.net/graphics/jpeg/ and zlib at
+ [111]http://www.gzip.org/zlib/. See also
+ [112]http://www.sunfreeware.com/ for Solaris binary packages of these
libraries as well as for gcc. Normally they will install into
/usr/local but you can install them anywhere with the
--prefix=/path/to/anywhere, etc.
@@ -789,10 +792,10 @@ ls -l ./x11vnc/x11vnc
--with-zlib=DIR" options are handy if you want to avoid making a
script.
- If you need to link OpenSSL libssl.a on Solaris see this [110]method.
+ If you need to link OpenSSL libssl.a on Solaris see this [113]method.
If you need to build on Solaris 2.5.1 or earlier or other older Unix
- OS's, see [111]this workaround FAQ.
+ OS's, see [114]this workaround FAQ.
Building on FreeBSD, OpenBSD, ...: The jpeg libraries seem to be in
@@ -852,7 +855,7 @@ make
is something like "/usr/bin/X11/X -force -vfb -ac :1".
- Building on Mac OS X: There is now [112]native Mac OS X support for
+ Building on Mac OS X: There is now [115]native Mac OS X support for
x11vnc by using the raw framebuffer feature. This mode does not use or
need X11 at all. To build you may need to disable X11:
./configure --without-x ...
@@ -866,7 +869,7 @@ make
OpenSSL: Starting with version 0.8.3 x11vnc can now be built with
- [113]SSL/TLS support. For this to be enabled the libssl.so library
+ [116]SSL/TLS support. For this to be enabled the libssl.so library
needs to be available at build time. So you may need to have
additional CPPFLAGS and LDFLAGS items if your libssl.so is in a
non-standard place. As of x11vnc 0.9.4 there is also the
@@ -892,34 +895,72 @@ make
Spring 2010.
The version 0.9.10 beta tarball is kept here:
- [114]x11vnc-0.9.10.tar.gz
+ [117]x11vnc-0.9.10-dev.tar.gz
There are also some Linux, Solaris, Mac OS X, and other OS test
- binaries [115]here. Please kick the tires and report bugs, performance
- regressions, undesired behavior, etc. to [116]me.
+ binaries [118]here. Please kick the tires and report bugs, performance
+ regressions, undesired behavior, etc. to [119]me.
- To aid testing of the [117]built-in SSL/TLS support for x11vnc, a
+ To aid testing of the [120]built-in SSL/TLS support for x11vnc, a
number of VNC Viewer packages for Unix, Mac OS X, and Windows have
been created that provide SSL Support for the TightVNC Viewer (this is
- done by [118]wrapper scripts and a GUI that starts [119]STUNNEL.) It
+ done by [121]wrapper scripts and a GUI that starts [122]STUNNEL.) It
should be pretty convenient for automatic SSL and SSH connections. It
- is described in detail at and can be downloaded from the [120]Enhanced
+ is described in detail at and can be downloaded from the [123]Enhanced
TightVNC Viewer (SSVNC) page. The SSVNC Unix viewer also supports
- x11vnc's symmetric key [121]encryption ciphers (see the 'UltraVNC DSM
+ x11vnc's symmetric key [124]encryption ciphers (see the 'UltraVNC DSM
Encryption Plugin' settings panel.)
Here are some features that will appear in the 0.9.10 release:
- * The [122]Xdummy wrapper script for Xorg's dummy driver is updated
+ * The included SSL enabled Java applet viewer now supports Chained
+ SSL Certificates. The debugCerts=yes applet parameter aids
+ troubleshooting certificate validation. The x11vnc [125]-ssl mode
+ has always supported [126]chained SSL certificates (simply put the
+ intermediate certificates, in order, after the server certificate
+ in the pem file.)
+ * A bug has been fixed that would prevent the Java applet viewer
+ from being downloaded successfully in single-port HTTPS/VNC inetd
+ mode. The env. var. X11VNC_HTTPS_DOWNLOAD_WAIT_TIME can be used to
+ adjust for how many seconds a [127]-inetd or [128]-https httpd
+ download is waited for (default 15 seconds.)
+ * The [129]-sslScripts option prints out the SSL certificate
+ management scripts.
+ * A demo CGI script [130]desktop.cgi shows how to create a
+ multi-user x11vnc web login desktop service. The user logs into a
+ secure web site and gets his/her own virtual desktop ([131]Xvfb.)
+ x11vnc's SSL enabled Java Viewer Applet is launched by the web
+ browser for secure viewing (and so no software needs to be
+ installed on the viewer-side.) One can use the desktop.cgi script
+ for ideas to create their own fancier or customized web login
+ desktop service (e.g. user-creation, PHP, SQL, specialized desktop
+ application, etc.) More info [132]here. There is also an optional
+ 'port redirection' mode that allows redirection to other SSL
+ enabled VNC servers running inside the firewall.
+ * The [133]Xdummy wrapper script for Xorg's dummy driver is updated
and no longer requires being run as root. New service options are
provided to select Xdummy over Xvfb as the virtual X server to be
created.
+ * The "%" unix password verification tricks for the [134]-unixpw
+ option are now documented. They have also been extended to run a
+ command as the user if one sets the environment variable
+ UNIXPW_CMD. The desktop.cgi demo script takes advantage of this
+ new feature.
+ * The TightVNC sercurity type (TightVNC features enabler) now works
+ for RFB version 3.8.
+ * A transitional tool is provided in [135]inet6to4 to allow x11vnc
+ to receive connections over [136]IPv6.
+ * The X property X11VNC_TRAP_XRANDR can be set on a desktop to force
+ x11vnc to use the [137]-xrandr screen size change trapping code.
+ * New remote control query options: pointer_x, pointer_y,
+ pointer_same, and pointer_root. A demo script using them
+ misc/panner.pl is provided.
Here are some features that appeared in the 0.9.9 release (Dec/2009):
- * The [123]-unixpw_system_greeter option, when used in combined
+ * The [138]-unixpw_system_greeter option, when used in combined
unixpw and XDMCP FINDCREATEDISPLAY mode (for example:
- [124]-xdmsvc), enables the user to press Escape to jump directly
+ [139]-xdmsvc), enables the user to press Escape to jump directly
to the XDM/GDM/KDM login greeter screen. This way the user avoids
entering his unix password twice at X session creation time. Also,
the unixpw login panel now has a short help displayed if the user
@@ -929,10 +970,10 @@ make
clients like Eggplant and JollysFastVNC continuously spray these
requests at VNC servers (regardless of whether they have received
any updates or not.) Under some circumstances this could lead to
- x11vnc falling behind. The [125]-extra_fbur option allows one to
+ x11vnc falling behind. The [140]-extra_fbur option allows one to
fine tune the setting. Additionally, one may also dial down
- delays: e.g. "[126]-defer 5" and "[127]-wait 5" (or to 1 or even
- 0) or [128]-nonap or [129]-allinput to keep up with these VNC
+ delays: e.g. "[141]-defer 5" and "[142]-wait 5" (or to 1 or even
+ 0) or [143]-nonap or [144]-allinput to keep up with these VNC
clients at the expense of increased system load.
* Heuristics are applied to try to determine if the X display is
currently in a Display Manager Greeter Login panel (e.g. GDM) If
@@ -944,9 +985,9 @@ make
the use of the XFIXES cursor fetching functionality; this avoids
an Xorg bug that causes Xorg to crash right after the user logs
in.
- * A new option [130]-findauth runs the FINDDISPLAY script that
+ * A new option [145]-findauth runs the FINDDISPLAY script that
applies heuristics that try to determine the XAUTHORITY file. The
- use of '[131]-auth guess' will use the XAUTHORITY that -findauth
+ use of '[146]-auth guess' will use the XAUTHORITY that -findauth
reveals. This can be handy in with the lastest GDM where the
ability to store cookies in ~/.Xauthority has been removed. If
x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1
@@ -954,28 +995,28 @@ make
the correct XAUTHORITY for the given display (this works for
XDM/GDM/KDM if the login greeter panel is up or if someone has
already logged into an X session.)
- * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[132]-display
- WAIT:cmd=...", [133]-find, [134]-create) now work correctly for
- the user-supplied login program scheme "[135]-unixpw_cmd ...", as
+ * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[147]-display
+ WAIT:cmd=...", [148]-find, [149]-create) now work correctly for
+ the user-supplied login program scheme "[150]-unixpw_cmd ...", as
long as the login program supports running commands specified in
the environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in
- user. The mode "[136]-unixpw_nis ..." has also been made more
+ user. The mode "[151]-unixpw_nis ..." has also been made more
consistent.
- * The [137]-stunnel option (like [138]-ssl but uses stunnel as an
- external helper program) now works with the [139]-ssl "SAVE" and
- "TMP" special certificate names. The [140]-sslverify and
- [141]-sslCRL options now work correctly in [142]-stunnel mode.
+ * The [152]-stunnel option (like [153]-ssl but uses stunnel as an
+ external helper program) now works with the [154]-ssl "SAVE" and
+ "TMP" special certificate names. The [155]-sslverify and
+ [156]-sslCRL options now work correctly in [157]-stunnel mode.
Single port HTTPS connections are also supported for this mode.
* There is an experimental Application Sharing mode that improves
- upon the -id/-sid single window sharing: [143]-appshare (run
+ upon the -id/-sid single window sharing: [158]-appshare (run
"x11vnc -appshare -help" for more info.) It is still very
primitive and approximate, but at least it displays multiple
top-level windows.
- * The remote control command [144]-R can be used to instruct x11vnc
+ * The remote control command [159]-R can be used to instruct x11vnc
to resend its most recent copy of the Clipboard, Primary, or
Cutbuffer selections: "x11vnc -R resend_clipboard", "x11vnc -R
resend_primary", and "x11vnc -R resend_cutbuffer".
- * The fonts in the GUI ([145]-gui) can now by set via environment
+ * The fonts in the GUI ([160]-gui) can now by set via environment
variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold' and
-env X11VNC_FONT_FIXED='Courier -14'.
* The XDAMAGE mechanism is now automatically disabled for a period
@@ -985,18 +1026,18 @@ make
* There is an experimental workaround: "-env X11VNC_WATCH_DX_DY=1"
that tries to avoid problems with poorly constructed menu themes
that place the initial position of the mouse cursor inside a menu
- item's active zone. More information [146]can be found here.
+ item's active zone. More information [161]can be found here.
Here are some features that appeared in the 0.9.8 release (Jul/2009):
- * Stability improvements to [147]-threads mode. Running x11vnc this
+ * Stability improvements to [162]-threads mode. Running x11vnc this
way is more reliable now. Threaded operation sometimes gives
better interactive response and faster updates: try it out. The
threaded mode now supports multiple VNC viewers using the same VNC
encoding. The threaded mode can also yield a performance
enhancement in the many client case (e.g. class-room broadcast.)
We have tested with 30 to 50 simultaneous clients. See also
- [148]-reflect.
+ [163]-reflect.
For simultaneous clients: the ZRLE encoding is thread safe on all
platforms, and the Tight and Zlib encodings are currently only
thread safe on Linux where thread local storage, __thread, is
@@ -1005,12 +1046,12 @@ make
connected client, all encodings are safe on all platforms. Note
that some features (e.g. scroll detection and -ncache) may be
disabled or run with reduced functionality in -threads mode.
- * Automatically tries to work around an [149]Xorg server bug
+ * Automatically tries to work around an [164]Xorg server bug
involving infinitely repeating keys when turning off key
- repeating. Use [150]-repeat if the automatic workaround fails.
+ repeating. Use [165]-repeat if the automatic workaround fails.
* Improved reliability of the Single Port SSL VNC and HTTPS java
viewer applet delivery mechanism.
- * The [151]-clip mode works under [152]-rawfb.
+ * The [166]-clip mode works under [167]-rawfb.
Here are some features that appeared in the 0.9.7 release (Mar/2009):
@@ -1020,38 +1061,38 @@ make
case the special file /dev/vcsa2 is used to retrieve vt2's current
text. Text and colors are shown, but no graphics.
* Support for less than 8 bits per pixel framebuffers (e.g. 4 or 1
- bpp) in the [153]-rawfb mode.
+ bpp) in the [168]-rawfb mode.
* The SSL enabled UltraVNC Java viewer applet now has a [Home] entry
in the "drives" drop down menu. This menu can be configured with
the ftpDropDown applet parameter. All of the applet parameters are
documented in classes/ssl/README.
- * Experimental support for [154]VirtualGL's [155]TurboVNC (an
+ * Experimental support for [169]VirtualGL's [170]TurboVNC (an
enhanced TightVNC for fast LAN high framerate usage.)
* The CUPS Terminal Services helper mode has been improved.
- * Improvements to the [156]-ncache_cr that allows smooth opaque
+ * Improvements to the [171]-ncache_cr that allows smooth opaque
window motions using the 'copyrect' encoding when using
- [157]-ncache mode.
- * The [158]-rmflag option enables a way to indicate to other
+ [172]-ncache mode.
+ * The [173]-rmflag option enables a way to indicate to other
processes x11vnc has exited.
* Reverse connections using anonymous Diffie Hellman SSL encryption
now work.
Here are some features that appeared in the 0.9.6 release (Dec/2008):
- * Support for [159]VeNCrypt SSL/TLS encrypted connections. It is
- enabled by default in the [160]-ssl mode. VNC Viewers like
- vinagre, gvncviewer/gtk-vnc, the vencrypt package, [161]SSVNC, and
+ * Support for [174]VeNCrypt SSL/TLS encrypted connections. It is
+ enabled by default in the [175]-ssl mode. VNC Viewers like
+ vinagre, gvncviewer/gtk-vnc, the vencrypt package, [176]SSVNC, and
others support this encryption mode. It can also be used with the
- [162]-unixpw option to enable Unix username and password
+ [177]-unixpw option to enable Unix username and password
authentication (VeNCrypt's "*Plain" modes.) A similar but older
VNC security type "ANONTLS" (used by vino) is supported as well.
- See the [163]-vencrypt and [164]-anontls options for additional
+ See the [178]-vencrypt and [179]-anontls options for additional
control. The difference between x11vnc's normal -ssl mode and
VeNCrypt is that the former wraps the entire VNC connection in SSL
(like HTTPS does for HTTP, i.e. "vncs://") while VeNCrypt switches
on the SSL/TLS at a certain point during the VNC handshake. Use
- [165]-sslonly to disable both VeNCrypt and ANONTLS (vino.)
- * The "[166]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH)
+ [180]-sslonly to disable both VeNCrypt and ANONTLS (vino.)
+ * The "[181]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH)
key exchange for x11vnc's normal SSL/TLS operation. Note that
Anonymous Diffie-Hellman uses encryption for privacy, but provides
no authentication and so is susceptible to Man-In-The-Middle
@@ -1059,17 +1100,17 @@ make
SAVE", etc. and have the VNC viewer verify the cert.) The ANONTLS
mode (vino) only supports ADH. VeNCrypt mode supports both ADH and
regular X509 SSL certificates modes. For these ADH is enabled by
- default. See [167]-vencrypt and [168]-anontls for how to disable
+ default. See [182]-vencrypt and [183]-anontls for how to disable
ADH.
* For x11vnc's SSL/TLS modes, one can now specify a Certificate
- Revocation List (CRL) with the [169]-sslCRL option. This will only
+ Revocation List (CRL) with the [184]-sslCRL option. This will only
be useful for wide deployments: say a company-wide x11vnc SSL
access deployment using a central Certificate Authority (CA) via
- [170]-sslGenCA and [171]-sslGenCert. This way if a user has his
+ [185]-sslGenCA and [186]-sslGenCert. This way if a user has his
laptop lost or stolen, you only have to revoke his key instead of
creating a new Certificate Authority and redeploying new keys to
all users.
- * The default SSL/TLS mode, "[172]-ssl" (no pem file parameter
+ * The default SSL/TLS mode, "[187]-ssl" (no pem file parameter
supplied), is now the same as "-ssl SAVE" and will save the
generated self-signed cert in "~/.vnc/certs/server.pem".
Previously "-ssl" would create a temporary self-signed cert that
@@ -1079,45 +1120,45 @@ make
same x11vnc server. Use "-ssl TMP" to regain the previous
behavior. Use "-ssl SAVE_NOPROMPT" to avoid being prompted about
using passphrase when the certificate is created.
- * The option [173]-http_oneport enables single-port HTTP connections
+ * The option [188]-http_oneport enables single-port HTTP connections
via the Java VNC Viewer. So, for example, the web browser URL
"http://myhost.org:5900" works the same as
"http://myhost.org:5800", but with the convenience of only
involving one port instead of two. This works for both unencrypted
- connections and for SSH tunnels (see [174]-httpsredir if the
+ connections and for SSH tunnels (see [189]-httpsredir if the
tunnel port differs.) Note that HTTPS single-port operation in
- [175]-ssl SSL encrypted mode has been available since x11vnc
+ [190]-ssl SSL encrypted mode has been available since x11vnc
version 0.8.3.
- * For the [176]-avahi/[177]-zeroconf Service Advertizing mode, if
+ * For the [191]-avahi/[192]-zeroconf Service Advertizing mode, if
x11vnc was not compiled with the avahi-client library, then an
external helper program, either avahi-publish(1) (on Unix) or
dns-sd(1) (on Mac OS X), is used instead.
- * The "[178]-rfbport PROMPT" option will prompt the user via the GUI
+ * The "[193]-rfbport PROMPT" option will prompt the user via the GUI
to select the VNC port (e.g. 5901) to listen on, and a few other
basic settings. This enables a handy GUI mode for naive users:
x11vnc -gui tray=setpass -rfbport PROMPT -logfile $HOME/.x11vnc.log.%VNCDISP
LAY
suitable for putting in a launcher or menu, e.g.
- [179]x11vnc.desktop. The [180]-logfile expansion is new too. In
+ [194]x11vnc.desktop. The [195]-logfile expansion is new too. In
the GUI, the tray=setpass Properties panel has been improved.
- * The [181]-solid solid background color option now works for the
+ * The [196]-solid solid background color option now works for the
Mac OS X console.
- * The [182]-reopen option instructs x11vnc to try to reopen the X
+ * The [197]-reopen option instructs x11vnc to try to reopen the X
display if it is prematurely closed by, say, the display manager
- (e.g. [183]GDM.)
+ (e.g. [198]GDM.)
Here are some features that appeared in the 0.9.5 release (Oct/2008):
- * Symmetric key [184]encryption ciphers. ARC4, AES-128, AES-256,
+ * Symmetric key [199]encryption ciphers. ARC4, AES-128, AES-256,
blowfish, and 3des are supported. Salt and initialization vector
seeding is provided. These compliment the more widely used SSL and
- SSH encryption access methods. [185]SSVNC also supports these
+ SSH encryption access methods. [200]SSVNC also supports these
encryption modes.
* Scaling differently along the X- and Y-directions. E.g.
- "[186]-scale 1280x1024" or "-scale 0.8x0.75" Also,
- "[187]-geometry WxH" is an alias for "-scale WxH"
+ "[201]-scale 1280x1024" or "-scale 0.8x0.75" Also,
+ "[202]-geometry WxH" is an alias for "-scale WxH"
* By having SSVNC version 1.0.21 or later available in your $PATH,
- the [188]-chatwindow option allows a UltraVNC Text Chat window to
+ the [203]-chatwindow option allows a UltraVNC Text Chat window to
appear on the local X11 console/display (this way the remote
viewer can chat with the person at the physical display; e.g.
helpdesk mode.) This also works on the Mac OS X console if the
@@ -1129,47 +1170,47 @@ LAY
Here are some features that appeared in the 0.9.4 release (Sep/2008):
- * Improvements to the [189]-find and [190]-create X session finding
+ * Improvements to the [204]-find and [205]-create X session finding
or creating modes: new desktop types and service redirection
options. Personal cupsd daemon and SSH port redirection helper for
- use with [191]SSVNC's Terminal Services feature.
- * Reverse VNC connections via [192]-connect work in the [193]-find,
- [194]-create and related [195]-display WAIT:... modes.
+ use with [206]SSVNC's Terminal Services feature.
+ * Reverse VNC connections via [207]-connect work in the [208]-find,
+ [209]-create and related [210]-display WAIT:... modes.
* Reverse VNC connections (either normal or SSL) can use a Web Proxy
or a SOCKS proxy, or a SSH connection, or even a CGI URL to make
- the outgoing connection. See: [196]-proxy. Forward connections can
- also use: [197]-ssh.
- * Reverse VNC connections via the [198]UltraVNC repeater proxy
+ the outgoing connection. See: [211]-proxy. Forward connections can
+ also use: [212]-ssh.
+ * Reverse VNC connections via the [213]UltraVNC repeater proxy
(either normal or SSL) are supported. Use either the
- "[199]-connect repeater=ID:NNNN+host:port" or "[200]-connect
- repeater://host:port+ID:NNNN" notation. The [201]SSVNC VNC viewer
+ "[214]-connect repeater=ID:NNNN+host:port" or "[215]-connect
+ repeater://host:port+ID:NNNN" notation. The [216]SSVNC VNC viewer
also supports the UltraVNC repeater. Also, a perl repeater
- implemention is here: [202]ultravnc_repeater.pl
+ implemention is here: [217]ultravnc_repeater.pl
* Support for indexed colormaps (PseudoColor) with depths other than
8 (from 1 to 16 now work) for non-standard hardware. Option
- "[203]-advertise_truecolor" to handle some workaround in this
+ "[218]-advertise_truecolor" to handle some workaround in this
mode.
* Support for the ZYWRLE encoding, this is the RealVNC ZRLE encoding
extended to do motion video and photo regions more efficiently by
way of a Wavelet based transformation.
- * The [204]-finddpy and [205]-listdpy utilities help to debug and
- configure the [206]-find, [207]-create, and [208]-display WAIT:...
+ * The [219]-finddpy and [220]-listdpy utilities help to debug and
+ configure the [221]-find, [222]-create, and [223]-display WAIT:...
modes.
* Some automatic detection of screen resizes are handled even if the
- [209]-xrandr option is not supplied.
- * The [210]-autoport options gives more control over the VNC port
+ [224]-xrandr option is not supplied.
+ * The [225]-autoport options gives more control over the VNC port
x11vnc chooses.
- * The [211]-ping secs can be used to help keep idle connections
+ * The [226]-ping secs can be used to help keep idle connections
alive.
* Pasting of the selection/clipboard into remote applications (e.g.
Java) has been improved.
* Fixed a bug if a client disconnects during the 'speed-estimation'
phase.
* To unset Caps_Lock, Num_Lock and raise all keys in the X server
- use [212]-clear_all.
+ use [227]-clear_all.
* Usage with dvorak keyboards has been improved. See also:
- [213]-xkb.
- * The [214]Java Viewer applet source code is now included in the
+ [228]-xkb.
+ * The [229]Java Viewer applet source code is now included in the
x11vnc-0.9.*.tar.gz tarball. This means you can now build the Java
viewer applet jar files from source. If you stopped shipping the
Java viewer applet jar files due to lack of source code, you can
@@ -1177,7 +1218,7 @@ LAY
Here are some features that appeared in the 0.9.3 release (Oct/2007):
- * [215]Viewer-side pixmap caching. A large area of pixels (at least
+ * [230]Viewer-side pixmap caching. A large area of pixels (at least
2-3 times as big as the framebuffer itself; the bigger the
better... default is 10X) is placed below the framebuffer to act
as a buffer/cache area for pixel data. The VNC CopyRect encoding
@@ -1185,7 +1226,7 @@ LAY
Until we start modifying viewers you will be able to see the cache
area if you scroll down (this makes it easier to debug!) For
testing the default is "-ncache 10". The unix Enhanced TightVNC
- Viewer [216]ssvnc has a nice [217]-ycrop option to help hide the
+ Viewer [231]ssvnc has a nice [232]-ycrop option to help hide the
pixel cache area from view.
@@ -1198,14 +1239,14 @@ LAY
* If UltraVNC file transfer or chat is detected, then VNC clients
are "pinged" more often to prevent these side channels from
becoming serviced too infrequently.
- * In [218]-unixpw mode in the username and password dialog no text
+ * In [233]-unixpw mode in the username and password dialog no text
will be echoed if the first character sent is "Escape". This
enables a convenience feature in SSVNC to send the username and
password automatically.
Here are some features that appeared in the 0.9.1 release (May/2007):
- * The [219]UltraVNC Java viewer has been enhanced to support SSL (as
+ * The [234]UltraVNC Java viewer has been enhanced to support SSL (as
the TightVNC viewer had been previously.) The UltraVNC Java
supports ultravnc filetransfer, and so can be used as a VNC viewer
on Unix that supports ultravnc filetransfer. It is in the
@@ -1216,12 +1257,12 @@ LAY
Some other bugs in the UltraVNC Java viewer were fixed and a few
improvements to the UI made.
* A new Unix username login mode for VNC Viewers authenticated via a
- Client SSL Certificate: "[220]-users sslpeer=". The emailAddress
+ Client SSL Certificate: "[235]-users sslpeer=". The emailAddress
subject field is inspected for username@hostname and then acts as
though "-users +username" has been supplied. This way the Unix
username is identified by (i.e. simply extracted from) the Client
- SSL Certificate. This could be useful with [221]-find,
- [222]-create and [223]-svc modes if you are also have set up and
+ SSL Certificate. This could be useful with [236]-find,
+ [237]-create and [238]-svc modes if you are also have set up and
use VNC Client SSL Certificate authentication.
* For external display finding/creating programs (e.g. WAIT:cmd=...)
if the VNC Viewer is authenticated via a Client SSL Certificate,
@@ -1230,41 +1271,41 @@ LAY
Here are some features that appeared in the 0.9 release (Apr/2007):
- * [224]VNC Service advertising via mDNS / ZeroConf / BonJour with
- the [225]Avahi client library. Enable via "[226]-avahi" or
- "[227]-zeroconf".
+ * [239]VNC Service advertising via mDNS / ZeroConf / BonJour with
+ the [240]Avahi client library. Enable via "[241]-avahi" or
+ "[242]-zeroconf".
* Implementations of UltraVNC's TextChat, SingleWindow, and
- ServerInput extensions (requires ultravnc viewer or [228]ssvnc
+ ServerInput extensions (requires ultravnc viewer or [243]ssvnc
Unix viewer.) They toggle the selection of a single window
- ([229]-id), and disable (friendly) user input and viewing (monitor
+ ([244]-id), and disable (friendly) user input and viewing (monitor
blank) at the VNC server.
- * Short aliases "[230]-find", "[231]-create", "[232]-svc", and
- "[233]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes.
+ * Short aliases "[245]-find", "[246]-create", "[247]-svc", and
+ "[248]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes.
* Reverse VNC connections (viewer listening) now work in SSL
- ([234]-ssl) mode.
+ ([249]-ssl) mode.
* New options to control the Monitor power state and keyboard/mouse
- grabbing: [235]-forcedpms, [236]-clientdpms, [237]-noserverdpms,
- and [238]-grabalways.
+ grabbing: [250]-forcedpms, [251]-clientdpms, [252]-noserverdpms,
+ and [253]-grabalways.
* A simple way to emulate inetd(8) to some degree via the
- "[239]-loopbg" option.
- * Monitor the accuracy of XDAMAGE and apply "[240]-noxdamage" if it
- is not working well. OpenGL applications like like [241]beryl and
+ "[254]-loopbg" option.
+ * Monitor the accuracy of XDAMAGE and apply "[255]-noxdamage" if it
+ is not working well. OpenGL applications like like [256]beryl and
MythTv have been shown to make XDAMAGE not work properly.
* For Java SSL connections involving a router/firewall port
- redirection, an option [242]-httpsredir to spare the user from
+ redirection, an option [257]-httpsredir to spare the user from
needing to include &PORT=NNN in the browser URL.
Here are some features that appeared in the 0.8.4 release (Feb/2007):
- * Native [243]Mac OS X Aqua/Quartz support. (i.e. OSXvnc
+ * Native [258]Mac OS X Aqua/Quartz support. (i.e. OSXvnc
alternative; some activities are faster)
- * A [244]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY
+ * A [259]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY
-unixpw ..." that will Create a new X session (either virtual or
real and with or without a display manager, e.g. kdm) for the user
if it cannot find the user's X session display via the FINDDISPLAY
- method. See the [245]-svc and the [246]-xdmsvc aliases.
- * x11vnc can act as a VNC [247]reflector/repeater using the
- "[248]-reflect host:N" option. Instead of polling an X display,
+ method. See the [260]-svc and the [261]-xdmsvc aliases.
+ * x11vnc can act as a VNC [262]reflector/repeater using the
+ "[263]-reflect host:N" option. Instead of polling an X display,
the remote VNC Server host:N is connected to and re-exported via
VNC. This is intended for use in broadcasting a display to many
(e.g. > 16; classroom or large demo) VNC viewers where bandwidth
@@ -1272,16 +1313,16 @@ LAY
number of repeaters.
* Wireframe copyrect detection for local user activity (e.g. someone
sitting at the physical display moving windows) Use
- [249]-nowireframelocal to disable.
- * The "[250]-N" option couples the VNC Display number to the X
+ [264]-nowireframelocal to disable.
+ * The "[265]-N" option couples the VNC Display number to the X
Display number. E.g. if your X DISPLAY is :2 then the VNC display
will be :2 (i.e. using port 5902.) If that port is taken x11vnc
will exit.
- * Option [251]-nodpms to avoid problems with programs like KDE's
+ * Option [266]-nodpms to avoid problems with programs like KDE's
kdesktop_lock that keep restarting the screen saver every few
seconds.
* To automatically fix the common mouse motion problem on XINERAMA
- (multi-headed) displays, the [252]-xwarppointer option is enabled
+ (multi-headed) displays, the [267]-xwarppointer option is enabled
by default when XINERAMA is active.
If you have a Mac please try out the native Mac OS X support, build
@@ -1291,62 +1332,62 @@ LAY
Here are some features that appeared in the 0.8.3 release (Nov/2006):
- * The [253]-ssl option provides SSL encryption and authentication
- natively via the [254]www.openssl.org library. One can use from a
+ * The [268]-ssl option provides SSL encryption and authentication
+ natively via the [269]www.openssl.org library. One can use from a
simple self-signed certificate server certificate up to full CA
and client certificate authentication schemes.
- * Similar to -ssl, the [255]-stunnel option starts up a SSL tunnel
+ * Similar to -ssl, the [270]-stunnel option starts up a SSL tunnel
server stunnel (that must be installed separately on the system:
- [256]stunnel.mirt.net ) to allow only encrypted SSL connections
+ [271]stunnel.mirt.net ) to allow only encrypted SSL connections
from the network.
- * The [257]-sslverify option allows for authenticating VNC clients
+ * The [272]-sslverify option allows for authenticating VNC clients
via their certificates in either -ssl or -stunnel modes.
* Certificate creation and management tools are provide in the
- [258]-sslGenCert, [259]-sslGenCA, and [260]related options.
+ [273]-sslGenCert, [274]-sslGenCA, and [275]related options.
* An SSL enabled Java applet VNC Viewer applet is provided by x11vnc
in classes/ssl/VncViewer.jar. In addition to normal HTTP, the
applet may be loaded into the web browser via HTTPS (HTTP over
SSL.) (one can use the VNC port, e.g. https://host:5900/, or also
- the separate [261]-https port option.) A wrapper shell script
- [262]ss_vncviewer is also provided that sets up a stunnel
- client-side tunnel on Unix systems. See [263]Enhanced TightVNC
+ the separate [276]-https port option.) A wrapper shell script
+ [277]ss_vncviewer is also provided that sets up a stunnel
+ client-side tunnel on Unix systems. See [278]Enhanced TightVNC
Viewer (SSVNC) for other SSL/SSH viewer possibilities.
- * The [264]-unixpw option supports Unix username and password
- authentication (a simpler variant is the [265]-unixpw_nis option
+ * The [279]-unixpw option supports Unix username and password
+ authentication (a simpler variant is the [280]-unixpw_nis option
that works in environments where the encrypted passwords are
- readable, e.g. NIS.) The [266]-ssl or [267]-localhost +
- [268]-stunnel options are enforced in this mode to prevent
+ readable, e.g. NIS.) The [281]-ssl or [282]-localhost +
+ [283]-stunnel options are enforced in this mode to prevent
password sniffing. As a convenience, these requirements are lifted
if a SSH tunnel can be deduced (but -localhost still applies.)
- * Coupling [269]-unixpw with "[270]-display WAIT:cmd=FINDDISPLAY" or
+ * Coupling [284]-unixpw with "[285]-display WAIT:cmd=FINDDISPLAY" or
"-display WAIT:cmd=FINDCREATEDISPLAY" provides a way to allow a
user to login with their UNIX password and have their display
- connected to [271]automatically. See the [272]-svc and the
- [273]-xdmsvc aliases.
- * Hooks are provided in the [274]-unixpw_cmd and "[275]-passwdfile
+ connected to [286]automatically. See the [287]-svc and the
+ [288]-xdmsvc aliases.
+ * Hooks are provided in the [289]-unixpw_cmd and "[290]-passwdfile
cmd:,custom:..." options to allow you to supply your own
authentication and password lookup programs.
* x11vnc can be configured and built to not depend on X11 libraries
- "./configure --without-x" for [276]-rawfb only operation (e.g.
+ "./configure --without-x" for [291]-rawfb only operation (e.g.
embedded linux console devices.)
- * The [277]-rotate option enables you to rotate or reflect the
+ * The [292]-rotate option enables you to rotate or reflect the
screen before exporting via VNC. This is intended for use on
handhelds and other devices where the rotation orientation is not
"natural".
- * The "[278]-ultrafilexfer" alias is provided and improved UltraVNC
+ * The "[293]-ultrafilexfer" alias is provided and improved UltraVNC
filetransfer rates have been achieved.
- * Under the "[279]-connect_or_exit host" option x11vnc will exit
+ * Under the "[294]-connect_or_exit host" option x11vnc will exit
immediately unless the reverse connection to host succeeds. The
"-rfbport 0" option disables TCP listening for connections (useful
for this mode.)
- * The "[280]-rawfb rand" and "-rawfb none" options are useful for
+ * The "[295]-rawfb rand" and "-rawfb none" options are useful for
testing automation scripts, etc., without requiring a full
desktop.
- * Reduced spewing of information at startup, use "[281]-verbose"
+ * Reduced spewing of information at startup, use "[296]-verbose"
(also "-v") to turn it back on for debugging or if you are going
to send me a problem report.
- Here are some [282]Previous Release Notes
+ Here are some [297]Previous Release Notes
_________________________________________________________________
Some Notes:
@@ -1373,13 +1414,13 @@ LAY
protocol.) I suggest using xsetroot, dtstyle or similar utility to set
a solid background while using x11vnc. You can turn the pretty
background image back on when you are using the display directly.
- Update: As of Feb/2005 x11vnc has the [283]-solid [color] option that
+ Update: As of Feb/2005 x11vnc has the [298]-solid [color] option that
works on recent GNOME, KDE, and CDE and also on classic X (background
image is on the root window.) Update: As of Oct/2007 x11vnc has the
- [284]-ncache option that does a reasonable job caching the background
+ [299]-ncache option that does a reasonable job caching the background
(and other) pixmap data on the viewer side.
- I also find the [285]TightVNC encoding gives the best response for my
+ I also find the [300]TightVNC encoding gives the best response for my
usage (Unix <-> Unix over cable modem.) One needs a tightvnc-aware
vncviewer to take advantage of this encoding.
@@ -1391,17 +1432,17 @@ LAY
is X11's default listening port.) Had port 5900 been taken by some
other application, x11vnc would have next tried 5901. That would mean
the viewer command above should be changed to vncviewer
- far-away.east:1. You can force the port with the "[286]-rfbport NNNN"
+ far-away.east:1. You can force the port with the "[301]-rfbport NNNN"
option where NNNN is the desired port number. If that port is already
- taken, x11vnc will exit immediately. The "[287]-N" option will try to
+ taken, x11vnc will exit immediately. The "[302]-N" option will try to
match the VNC display number to the X display. (also see the "SunRay
Gotcha" note below)
Options: x11vnc has (far too) many features that may be activated
- via its [288]command line options. Useful options are, e.g., -scale to
+ via its [303]command line options. Useful options are, e.g., -scale to
do server-side scaling, and -rfbauth passwd-file to use VNC password
protection (the vncpasswd or storepasswd programs, or the x11vnc
- [289]-storepasswd option can be used to create the password file.)
+ [304]-storepasswd option can be used to create the password file.)
Algorithm: How does x11vnc do it? Rather brute-forcedly: it
continuously polls the X11 framebuffer for changes using
@@ -1429,7 +1470,7 @@ LAY
first testing out the programs. You get an interesting
recursive/feedback effect where vncviewer images keep popping up each
one contained in the previous one and slightly shifted a bit by the
- window manager decorations. There will be an [290]even more
+ window manager decorations. There will be an [305]even more
interesting effect if -scale is used. Also, if the XKEYBOARD is
supported and the XBell "beeps" once, you get an infinite loop of
beeps going off. Although all of this is mildly exciting it is not
@@ -1439,8 +1480,8 @@ LAY
Sun Ray Notes:
- You can run x11vnc on your (connected or disconnected) [291]SunRay
- session. Here are some [292]notes on SunRay usage with x11vnc.
+ You can run x11vnc on your (connected or disconnected) [306]SunRay
+ session. Here are some [307]notes on SunRay usage with x11vnc.
_________________________________________________________________
@@ -1452,7 +1493,7 @@ LAY
than you normally do to minimize the effects (e.g. do fullpage
paging rather than line-by-line scrolling, and move windows in a
single, quick motion.) Recent work has provided the
- [293]-scrollcopyrect and [294]-wireframe speedups using the
+ [308]-scrollcopyrect and [309]-wireframe speedups using the
CopyRect VNC encoding and other things, but they only speed up
some activities, not all.
* A rate limiting factor for x11vnc performance is that graphics
@@ -1511,18 +1552,19 @@ LAY
but we mention it because it may be of use for special purpose
applications. You may need to use the "-cc 4" option to force Xvfb
to use a TrueColor visual instead of DirectColor. See also the
- description of the [295]-create option that does all of this
- automatically for you.
+ description of the [310]-create option that does all of this
+ automatically for you (be sure to install the Xvfb package, e.g.
+ apt-get install xvfb.)
Also, a faster and more accurate way is to use the "dummy"
Xorg/XFree86 device driver (or our Xdummy wrapper script.) See
- [296]this FAQ for details.
+ [311]this FAQ for details.
* Somewhat surprisingly, the X11 mouse (cursor) shape is write-only
and cannot be queried from the X server. So traditionally in
x11vnc the cursor shape stays fixed at an arrow. (see the "-cursor
- X" and "-cursor some" [297]options, however, for a partial hack
+ X" and "-cursor some" [312]options, however, for a partial hack
for the root window, etc.) However, on Solaris using the SUN_OVL
overlay extension, x11vnc can show the correct mouse cursor when
- the [298]-overlay option is also supplied. A similar thing is done
+ the [313]-overlay option is also supplied. A similar thing is done
on IRIX as well when -overlay is supplied.
More generally, as of Dec/2004 x11vnc supports the new XFIXES
extension (in Xorg and Solaris 10) to query the X server for the
@@ -1530,18 +1572,18 @@ LAY
with transparency (alpha channel) need to approximated to solid
RGB values (some cursors look worse than others.)
* Audio from applications is of course not redirected (separate
- redirectors do exist, e.g. esd, see [299]the FAQ on this below.)
+ redirectors do exist, e.g. esd, see [314]the FAQ on this below.)
The XBell() "beeps" will work if the X server supports the
XKEYBOARD extension. (Note that on Solaris XKEYBOARD is disabled
by default. Passing +kb to Xsun enables it.)
- * The scroll detection algorithm for the [300]-scrollcopyrect option
+ * The scroll detection algorithm for the [315]-scrollcopyrect option
can give choppy or bunched up transient output and occasionally
painting errors.
* Using -threads can expose some bugs/crashes in libvncserver.
- Please feel free to [301]contact me if you have any questions,
+ Please feel free to [316]contact me if you have any questions,
problems, or comments about x11vnc, etc.
- Also, some people ask if they can make a donation, see [302]this link
+ Also, some people ask if they can make a donation, see [317]this link
for that.
References
@@ -1591,263 +1633,278 @@ References
43. http://www.karlrunge.com/x11vnc/faq.html#faq-xperms
44. http://www.karlrunge.com/x11vnc/faq.html#faq-xperms
45. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 46. http://www.karlrunge.com/x11vnc/faq.html#faq-viewer-download
- 47. http://www.sun.com/software/solaris/freeware/
- 48. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever
- 49. http://www.karlrunge.com/x11vnc/index.html#firewalls
- 50. http://www.karlrunge.com/x11vnc/index.html#tunnelling
- 51. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever
- 52. http://www.karlrunge.com/x11vnc/faq.html#faq-service
- 53. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd
- 54. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file
- 55. http://www.karlrunge.com/x11vnc/ssvnc.html#download
- 56. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.23.tar.gz?use_mirror
- 57. http://www.karlrunge.com/x11vnc/index.html#tunnelling
- 58. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc
- 59. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 60. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file
- 61. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
- 62. http://www.karlrunge.com/x11vnc/index.html#tightvnc_via
- 63. http://www.karlrunge.com/x11vnc/ssvnc.html
- 64. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc
- 65. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 66. http://www.karlrunge.com/x11vnc/chainingssh.html
- 67. http://www.karlrunge.com/x11vnc/ssvnc.html
- 68. http://www.portforward.com/routers.htm
- 69. http://www.whatismyip.com/
- 70. http://www.karlrunge.com/x11vnc/ssvnc.html
- 71. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel
- 72. http://www.whatismyip.com/
- 73. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg
- 74. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 75. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
- 76. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth
- 77. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd
- 78. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile
- 79. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile
- 80. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw
- 81. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 82. http://www.karlrunge.com/x11vnc/ssvnc.html
- 83. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt
- 84. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers
- 85. http://stunnel.mirt.net/
- 86. http://www.stunnel.org/
- 87. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 88. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
- 89. http://www.karlrunge.com/x11vnc/ssvnc.html
- 90. http://sourceforge.net/projects/libvncserver/
- 91. http://sourceforge.net/projects/libvncserver/files/x11vnc/0.9.9/
- 92. http://sourceforge.net/projects/libvncserver/files/x11vnc/0.9.9/release-notes-0.9.9.txt/view
- 93. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.10.tar.gz
- 94. http://www.karlrunge.com/x11vnc/faq.html#faq-binaries
- 95. http://www.tightvnc.com/download.html
- 96. http://www.realvnc.com/products/free/4.1/download.html
- 97. http://sourceforge.net/projects/cotvnc/
- 98. http://www.ultravnc.com/
- 99. http://www.karlrunge.com/x11vnc/ssvnc.html
- 100. http://www.karlrunge.com/x11vnc/rx11vnc
- 101. http://www.karlrunge.com/x11vnc/rx11vnc.pl
- 102. http://www.karlrunge.com/x11vnc/faq.html#faq-build
- 103. http://www.sunfreeware.com/
- 104. http://www.karlrunge.com/x11vnc/bins
- 105. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding
- 106. http://www.karlrunge.com/x11vnc/miscbuild.html
- 107. ftp://ftp.uu.net/graphics/jpeg/
- 108. http://www.gzip.org/zlib/
- 109. http://www.sunfreeware.com/
- 110. http://www.karlrunge.com/x11vnc/index.html#build-openssl
- 111. http://www.karlrunge.com/x11vnc/faq.html#faq-solaris251build
- 112. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
- 113. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
- 114. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.10.tar.gz
- 115. http://www.karlrunge.com/x11vnc/bins
- 116. mailto:xvml@karlrunge.com
- 117. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
- 118. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer
- 119. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext
- 120. http://www.karlrunge.com/x11vnc/ssvnc.html
- 121. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc
- 122. http://www.karlrunge.com/x11vnc/Xdummy
- 123. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_system_greeter
- 124. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-extra_fbur
- 126. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
- 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
- 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nonap
- 129. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allinput
- 130. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth
- 131. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
- 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd
- 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis
- 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
- 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify
- 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL
- 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
- 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare
- 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote
- 145. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui
- 146. http://ubuntuforums.org/showthread.php?t=1223490
- 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
- 148. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
- 149. http://bugs.freedesktop.org/show_bug.cgi?id=21454
- 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat
- 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip
- 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 153. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 154. http://www.virtualgl.org/
- 155. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc
- 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr
- 157. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
- 158. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag
- 159. http://sourceforge.net/projects/vencrypt/
- 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 161. http://www.karlrunge.com/x11vnc/ssvnc.html
- 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt
- 164. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls
- 165. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly
- 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt
- 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls
- 169. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL
- 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA
- 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert
- 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport
- 174. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir
+ 46. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth
+ 47. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
+ 48. http://www.karlrunge.com/x11vnc/faq.html#faq-viewer-download
+ 49. http://www.sun.com/software/solaris/freeware/
+ 50. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever
+ 51. http://www.karlrunge.com/x11vnc/index.html#firewalls
+ 52. http://www.karlrunge.com/x11vnc/index.html#tunnelling
+ 53. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever
+ 54. http://www.karlrunge.com/x11vnc/faq.html#faq-service
+ 55. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd
+ 56. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file
+ 57. http://www.karlrunge.com/x11vnc/ssvnc.html#download
+ 58. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.23.tar.gz?use_mirror
+ 59. http://www.karlrunge.com/x11vnc/index.html#tunnelling
+ 60. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc
+ 61. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 62. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file
+ 63. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
+ 64. http://www.karlrunge.com/x11vnc/index.html#tightvnc_via
+ 65. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 66. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc
+ 67. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 68. http://www.karlrunge.com/x11vnc/chainingssh.html
+ 69. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 70. http://www.portforward.com/routers.htm
+ 71. http://www.whatismyip.com/
+ 72. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 73. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel
+ 74. http://www.whatismyip.com/
+ 75. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg
+ 76. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 77. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
+ 78. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth
+ 79. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd
+ 80. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile
+ 81. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile
+ 82. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw
+ 83. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 84. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 85. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt
+ 86. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers
+ 87. http://stunnel.mirt.net/
+ 88. http://www.stunnel.org/
+ 89. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 90. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
+ 91. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 92. http://sourceforge.net/projects/libvncserver/
+ 93. http://sourceforge.net/projects/libvncserver/files/x11vnc/0.9.9/
+ 94. http://sourceforge.net/projects/libvncserver/files/x11vnc/0.9.9/release-notes-0.9.9.txt/view
+ 95. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.10-dev.tar.gz
+ 96. http://www.karlrunge.com/x11vnc/faq.html#faq-binaries
+ 97. http://www.tightvnc.com/download.html
+ 98. http://www.realvnc.com/products/free/4.1/download.html
+ 99. http://sourceforge.net/projects/cotvnc/
+ 100. http://www.ultravnc.com/
+ 101. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 102. http://www.karlrunge.com/x11vnc/rx11vnc
+ 103. http://www.karlrunge.com/x11vnc/rx11vnc.pl
+ 104. http://www.karlrunge.com/x11vnc/faq.html#faq-build
+ 105. http://www.karlrunge.com/x11vnc/faq.html#faq-build
+ 106. http://www.sunfreeware.com/
+ 107. http://www.karlrunge.com/x11vnc/bins
+ 108. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding
+ 109. http://www.karlrunge.com/x11vnc/miscbuild.html
+ 110. ftp://ftp.uu.net/graphics/jpeg/
+ 111. http://www.gzip.org/zlib/
+ 112. http://www.sunfreeware.com/
+ 113. http://www.karlrunge.com/x11vnc/index.html#build-openssl
+ 114. http://www.karlrunge.com/x11vnc/faq.html#faq-solaris251build
+ 115. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
+ 116. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
+ 117. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.10-dev.tar.gz
+ 118. http://www.karlrunge.com/x11vnc/bins
+ 119. mailto:xvml@karlrunge.com
+ 120. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
+ 121. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer
+ 122. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext
+ 123. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 124. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc
+ 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 126. http://www.karlrunge.com/x11vnc/ssl.html#chained-certificates
+ 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd
+ 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https
+ 129. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslScripts
+ 130. http://www.karlrunge.com/x11vnc/desktop.cgi.pl
+ 131. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
+ 132. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login
+ 133. http://www.karlrunge.com/x11vnc/Xdummy
+ 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 135. http://www.karlrunge.com/x11vnc/inet6to4
+ 136. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6
+ 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr
+ 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_system_greeter
+ 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
+ 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-extra_fbur
+ 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
+ 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
+ 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nonap
+ 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allinput
+ 145. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth
+ 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
+ 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 148. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd
+ 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis
+ 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
+ 153. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 154. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 155. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify
+ 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL
+ 157. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
+ 158. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare
+ 159. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote
+ 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui
+ 161. http://ubuntuforums.org/showthread.php?t=1223490
+ 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
+ 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
+ 164. http://bugs.freedesktop.org/show_bug.cgi?id=21454
+ 165. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat
+ 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip
+ 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 169. http://www.virtualgl.org/
+ 170. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc
+ 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr
+ 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
+ 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag
+ 174. http://sourceforge.net/projects/vencrypt/
175. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 176. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi
- 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf
- 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
- 179. http://www.karlrunge.com/x11vnc/x11vnc.desktop
- 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o
- 181. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
- 182. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen
- 183. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm
- 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc
- 185. http://www.karlrunge.com/x11vnc/ssvnc.html
- 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
- 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry
- 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow
- 189. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 190. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 191. http://www.karlrunge.com/x11vnc/ssvnc.html
- 192. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect
- 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 194. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 195. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
- 196. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy
- 197. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh
- 198. http://www.uvnc.com/addons/repeater.html
- 199. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect
- 200. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 201. http://www.karlrunge.com/x11vnc/ssvnc.html
- 202. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl
- 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor
- 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy
- 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy
- 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 208. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
- 209. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr
- 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport
- 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping
- 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
- 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 214. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers
- 215. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching
+ 176. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt
+ 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls
+ 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly
+ 181. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 182. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt
+ 183. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls
+ 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL
+ 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA
+ 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert
+ 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport
+ 189. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir
+ 190. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 191. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi
+ 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf
+ 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
+ 194. http://www.karlrunge.com/x11vnc/x11vnc.desktop
+ 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o
+ 196. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
+ 197. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen
+ 198. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm
+ 199. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc
+ 200. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 201. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
+ 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry
+ 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow
+ 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 206. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 207. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect
+ 208. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 210. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
+ 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy
+ 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh
+ 213. http://www.uvnc.com/addons/repeater.html
+ 214. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect
+ 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
216. http://www.karlrunge.com/x11vnc/ssvnc.html
- 217. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop
- 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 219. http://www.ultravnc.com/
- 220. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
- 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 217. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl
+ 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor
+ 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy
+ 220. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy
+ 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 224. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi
- 225. http://www.avahi.org/
- 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi
- 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf
- 228. http://www.karlrunge.com/x11vnc/ssvnc.html
- 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 230. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 231. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 232. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 234. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms
- 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms
- 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
- 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways
- 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
- 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
- 241. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl
- 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir
- 243. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
- 244. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
- 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 247. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect
- 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
- 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal
- 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N
- 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms
- 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
- 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 254. http://www.openssl.org/
- 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
- 256. http://stunnel.mirt.net/
- 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify
- 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert
- 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA
- 260. http://www.karlrunge.com/x11vnc/ssl.html
- 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https
- 262. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer
- 263. http://www.karlrunge.com/x11vnc/ssvnc.html
- 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis
- 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
- 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
- 269. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 271. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
- 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd
- 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile
- 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 277. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate
- 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
- 279. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit
- 280. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v,
- 282. http://www.karlrunge.com/x11vnc/prevrels.html
- 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
- 284. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
- 285. http://www.tightvnc.com/
- 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
- 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N
- 288. http://www.karlrunge.com/x11vnc/x11vnc_opts.html
- 289. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd
- 290. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg
- 291. http://www.sun.com/sunray/index.html
- 292. http://www.karlrunge.com/x11vnc/sunray.html
- 293. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
- 294. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
- 295. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
- 296. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
- 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
- 298. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay
- 299. http://www.karlrunge.com/x11vnc/faq.html#faq-sound
- 300. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
- 301. mailto:xvml@karlrunge.com
- 302. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks
+ 223. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
+ 224. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr
+ 225. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport
+ 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping
+ 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
+ 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 229. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers
+ 230. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching
+ 231. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 232. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop
+ 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 234. http://www.ultravnc.com/
+ 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
+ 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 239. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi
+ 240. http://www.avahi.org/
+ 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi
+ 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf
+ 243. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
+ 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms
+ 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms
+ 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
+ 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways
+ 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
+ 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
+ 256. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl
+ 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir
+ 258. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
+ 259. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
+ 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
+ 262. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect
+ 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
+ 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal
+ 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N
+ 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms
+ 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
+ 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 269. http://www.openssl.org/
+ 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
+ 271. http://stunnel.mirt.net/
+ 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify
+ 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert
+ 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA
+ 275. http://www.karlrunge.com/x11vnc/ssl.html
+ 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https
+ 277. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer
+ 278. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 279. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 280. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis
+ 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
+ 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
+ 284. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 286. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
+ 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 288. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
+ 289. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd
+ 290. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile
+ 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate
+ 293. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
+ 294. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit
+ 295. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v,
+ 297. http://www.karlrunge.com/x11vnc/prevrels.html
+ 298. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
+ 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
+ 300. http://www.tightvnc.com/
+ 301. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
+ 302. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N
+ 303. http://www.karlrunge.com/x11vnc/x11vnc_opts.html
+ 304. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd
+ 305. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg
+ 306. http://www.sun.com/sunray/index.html
+ 307. http://www.karlrunge.com/x11vnc/sunray.html
+ 308. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
+ 309. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
+ 310. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
+ 311. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
+ 312. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
+ 313. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay
+ 314. http://www.karlrunge.com/x11vnc/faq.html#faq-sound
+ 315. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
+ 316. mailto:xvml@karlrunge.com
+ 317. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks
=======================================================================
http://www.karlrunge.com/x11vnc/faq.html:
@@ -2096,150 +2153,153 @@ http://www.karlrunge.com/x11vnc/faq.html:
[68]Q-66: Can reverse connections be made to go through a Web or SOCKS
proxy or SSH?
- [69]Q-67: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a
+ [69]Q-67: Can x11vnc provide a multi-user desktop web login service as
+ an Apache CGI or PHP script?
+
+ [70]Q-68: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a
real display, but for a virtual one I keep around.)
- [70]Q-68: How can I use x11vnc on "headless" machines? Why might I
+ [71]Q-69: How can I use x11vnc on "headless" machines? Why might I
want to?
[Resource Usage and Performance]
- [71]Q-69: I have lots of memory, but why does x11vnc fail with
+ [72]Q-70: I have lots of memory, but why does x11vnc fail with
shmget: No space left on device or Minor opcode of failed
request: 1 (X_ShmAttach)?
- [72]Q-70: How can I make x11vnc use less system resources?
+ [73]Q-71: How can I make x11vnc use less system resources?
- [73]Q-71: How can I make x11vnc use MORE system resources?
+ [74]Q-72: How can I make x11vnc use MORE system resources?
- [74]Q-72: I use x11vnc over a slow link with high latency (e.g. dialup
+ [75]Q-73: I use x11vnc over a slow link with high latency (e.g. dialup
modem or broadband), is there anything I can do to speed things up?
- [75]Q-73: Does x11vnc support the X DAMAGE Xserver extension to find
+ [76]Q-74: Does x11vnc support the X DAMAGE Xserver extension to find
modified regions of the screen quickly and efficiently?
- [76]Q-74: My OpenGL application shows no screen updates unless I
+ [77]Q-75: My OpenGL application shows no screen updates unless I
supply the -noxdamage option to x11vnc.
- [77]Q-75: When I drag windows around with the mouse or scroll up and
+ [78]Q-76: When I drag windows around with the mouse or scroll up and
down things really bog down (unless I do the drag in a single, quick
motion.) Is there anything to do to improve things?
- [78]Q-76: Why not do something like wireframe animations to avoid the
+ [79]Q-77: Why not do something like wireframe animations to avoid the
windows "lurching" when being moved or resized?
- [79]Q-77: Can x11vnc try to apply heuristics to detect when a window
+ [80]Q-78: Can x11vnc try to apply heuristics to detect when a window
is scrolling its contents and use the CopyRect encoding for a speedup?
- [80]Q-78: Can x11vnc do client-side caching of pixel data? I.e. so
+ [81]Q-79: Can x11vnc do client-side caching of pixel data? I.e. so
when that pixel data is needed again it does not have to be
retransmitted over the network.
- [81]Q-79: Does x11vnc support TurboVNC?
+ [82]Q-80: Does x11vnc support TurboVNC?
[Mouse Cursor Shapes]
- [82]Q-80: Why isn't the mouse cursor shape (the little icon shape
+ [83]Q-81: Why isn't the mouse cursor shape (the little icon shape
where the mouse pointer is) correct as I move from window to window?
- [83]Q-81: When using XFIXES cursorshape mode, some of the cursors look
+ [84]Q-82: When using XFIXES cursorshape mode, some of the cursors look
really bad with extra black borders around the cursor and other cruft.
How can I improve their appearance?
- [84]Q-82: In XFIXES mode, are there any hacks to handle cursor
+ [85]Q-83: In XFIXES mode, are there any hacks to handle cursor
transparency ("alpha channel") exactly?
[Mouse Pointer]
- [85]Q-83: Why does the mouse arrow just stay in one corner in my
+ [86]Q-84: Why does the mouse arrow just stay in one corner in my
vncviewer, whereas my cursor (that does move) is just a dot?
- [86]Q-84: Can I take advantage of the TightVNC extension to the VNC
+ [87]Q-85: Can I take advantage of the TightVNC extension to the VNC
protocol where Cursor Positions Updates are sent back to all connected
clients (i.e. passive viewers can see the mouse cursor being moved
around by another viewer)?
- [87]Q-85: Is it possible to swap the mouse buttons (e.g. left-handed
+ [88]Q-86: Is it possible to swap the mouse buttons (e.g. left-handed
operation), or arbitrarily remap them? How about mapping button clicks
to keystrokes, e.g. to partially emulate Mouse wheel scrolling?
[Keyboard Issues]
- [88]Q-86: How can I get my AltGr and Shift modifiers to work between
+ [89]Q-87: How can I get my AltGr and Shift modifiers to work between
keyboards for different languages?
- [89]Q-87: When I try to type a "<" (i.e. less than) instead I get ">"
+ [90]Q-88: When I try to type a "<" (i.e. less than) instead I get ">"
(i.e. greater than)! Strangely, typing ">" works OK!!
- [90]Q-88: Extra Character Inserted, E.g.: When I try to type a "<"
+ [91]Q-89: Extra Character Inserted, E.g.: When I try to type a "<"
(i.e. less than) instead I get "<," (i.e. an extra comma.)
- [91]Q-89: I'm using an "international" keyboard (e.g. German "de", or
+ [92]Q-90: I'm using an "international" keyboard (e.g. German "de", or
Danish "dk") and the -modtweak mode works well if the VNC viewer is
run on a Unix/Linux machine with a similar keyboard. But if I run
the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or
Windows with any keyboard, I can't type some keys like: "@", "$",
"<", ">", etc. How can I fix this?
- [92]Q-90: When typing I sometimes get double, triple, or more of my
+ [93]Q-91: When typing I sometimes get double, triple, or more of my
keystrokes repeated. I'm sure I only typed them once, what can I do?
- [93]Q-91: The x11vnc -norepeat mode is in effect, but I still get
+ [94]Q-92: The x11vnc -norepeat mode is in effect, but I still get
repeated keystrokes!!
- [94]Q-92: After using x11vnc for a while, I find that I cannot type
+ [95]Q-93: After using x11vnc for a while, I find that I cannot type
some (or any) characters or my mouse clicks and drags no longer have
any effect, or they lead to strange effects. What happened?
- [95]Q-93: The machine where I run x11vnc has an AltGr key, but the
+ [96]Q-94: The machine where I run x11vnc has an AltGr key, but the
local machine where I run the VNC viewer does not. Is there a way I
can map a local unused key to send an AltGr? How about a Compose key
as well?
- [96]Q-94: I have a Sun machine I run x11vnc on. Its Sun keyboard has
+ [97]Q-95: I have a Sun machine I run x11vnc on. Its Sun keyboard has
just one Alt key labelled "Alt" and two Meta keys labelled with little
diamonds. The machine where I run the VNC viewer only has Alt keys.
How can I send a Meta keypress? (e.g. emacs needs this)
- [97]Q-95: Running x11vnc on HP-UX I cannot type "#" I just get a "3"
+ [98]Q-96: Running x11vnc on HP-UX I cannot type "#" I just get a "3"
instead.
- [98]Q-96: Can I map a keystroke to a mouse button click on the remote
+ [99]Q-97: Can I map a keystroke to a mouse button click on the remote
machine?
- [99]Q-97: How can I get Caps_Lock to work between my VNC viewer and
+ [100]Q-98: How can I get Caps_Lock to work between my VNC viewer and
x11vnc?
[Screen Related Issues and Features]
- [100]Q-98: The remote display is larger (in number of pixels) than the
+ [101]Q-99: The remote display is larger (in number of pixels) than the
local display I am running the vncviewer on. I don't like the
vncviewer scrollbars, what I can do?
- [101]Q-99: Does x11vnc support server-side framebuffer scaling? (E.g.
+ [102]Q-100: Does x11vnc support server-side framebuffer scaling? (E.g.
to make the desktop smaller.)
- [102]Q-100: Does x11vnc work with Xinerama? (i.e. multiple monitors
+ [103]Q-101: Does x11vnc work with Xinerama? (i.e. multiple monitors
joined together to form one big, single screen.)
- [103]Q-101: Can I use x11vnc on a multi-headed display that is not
+ [104]Q-102: Can I use x11vnc on a multi-headed display that is not
Xinerama (i.e. separate screens :0.0, :0.1, ... for each monitor)?
- [104]Q-102: Can x11vnc show only a portion of the display? (E.g. for a
+ [105]Q-103: Can x11vnc show only a portion of the display? (E.g. for a
special purpose application or a very large screen.)
- [105]Q-103: Does x11vnc support the XRANDR (X Resize, Rotate and
+ [106]Q-104: Does x11vnc support the XRANDR (X Resize, Rotate and
Reflection) extension? Whenever I rotate or resize the screen x11vnc
just seems to crash.
- [106]Q-104: Independent of any XRANDR, can I have x11vnc rotate and/or
+ [107]Q-105: Independent of any XRANDR, can I have x11vnc rotate and/or
reflect the screen that the VNC viewers see? (e.g. for a handheld
whose screen is rotated 90 degrees.)
- [107]Q-105: Why is the view in my VNC viewer completely black? Or why
+ [108]Q-106: Why is the view in my VNC viewer completely black? Or why
is everything flashing around randomly?
- [108]Q-106: I use Linux Virtual Terminals (VT's) to implement 'Fast
+ [109]Q-107: I use Linux Virtual Terminals (VT's) to implement 'Fast
User Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7,
Bobby is on Ctrl-Alt-F8, and Sid is on Ctrl-Alt-F1: they use those
keystrokes to switch between their sessions.) How come the view in a
@@ -2247,83 +2307,83 @@ http://www.karlrunge.com/x11vnc/faq.html:
otherwise all messed up unless the X session x11vnc is attached to is
in the active VT?
- [109]Q-107: I am using x11vnc where my local machine has "popup/hidden
+ [110]Q-108: I am using x11vnc where my local machine has "popup/hidden
taskbars" and the remote display where x11vnc runs also has
"popup/hidden taskbars" and they interfere and fight with each other.
What can I do?
- [110]Q-108: Help! x11vnc and my KDE screensaver keep switching each
+ [111]Q-109: Help! x11vnc and my KDE screensaver keep switching each
other on and off every few seconds.
- [111]Q-109: I am running the beryl 3D window manager (or compiz,
+ [112]Q-110: I am running the beryl 3D window manager (or compiz,
MythTv, Google Earth, or some other OpenGL app) and I do not get
screen updates in x11vnc.
- [112]Q-110: Can I use x11vnc to view my VMWare session remotely?
+ [113]Q-111: Can I use x11vnc to view my VMWare session remotely?
[Exporting non-X11 devices via VNC]
- [113]Q-111: Can non-X devices (e.g. a raw framebuffer) be viewed (and
+ [114]Q-112: Can non-X devices (e.g. a raw framebuffer) be viewed (and
even controlled) via VNC with x11vnc?
- [114]Q-112: Can I export the Linux Console (Virtual Terminals) via VNC
+ [115]Q-113: Can I export the Linux Console (Virtual Terminals) via VNC
using x11vnc?
- [115]Q-113: Can I export via VNC a Webcam or TV tuner framebuffer
+ [116]Q-114: Can I export via VNC a Webcam or TV tuner framebuffer
using x11vnc?
- [116]Q-114: Can I connect via VNC to a Qt-embedded/Qtopia application
+ [117]Q-115: Can I connect via VNC to a Qt-embedded/Qtopia application
running on my handheld or PC using the Linux console framebuffer (i.e.
not X11)?
- [117]Q-115: Now that non-X11 devices can be exported via VNC using
+ [118]Q-116: Now that non-X11 devices can be exported via VNC using
x11vnc, can I build it with no dependencies on X11 header files and
libraries?
- [118]Q-116: Does x11vnc support Mac OS X Aqua/Quartz displays natively
+ [119]Q-117: Does x11vnc support Mac OS X Aqua/Quartz displays natively
(i.e. no X11 involved)?
- [119]Q-117: Can x11vnc be used as a VNC reflector/repeater to improve
+ [120]Q-118: Can x11vnc be used as a VNC reflector/repeater to improve
performance for the case of a large number of simultaneous VNC viewers
(e.g. classroom broadcasting or a large demo)?
- [120]Q-118: Can x11vnc be used during a Linux, Solaris, etc. system
+ [121]Q-119: Can x11vnc be used during a Linux, Solaris, etc. system
Installation so the Installation can be done remotely?
[Misc: Clipboard, File Transfer/Sharing, Printing, Sound, Beeps,
Thanks, etc.]
- [121]Q-119: Does the Clipboard/Selection get transferred between the
+ [122]Q-120: Does the Clipboard/Selection get transferred between the
vncviewer and the X display?
- [122]Q-120: Can I use x11vnc to record a Shock Wave Flash (or other
+ [123]Q-121: Can I use x11vnc to record a Shock Wave Flash (or other
format) video of my desktop, e.g. to record a tutorial or demo?
- [123]Q-121: Can I transfer files back and forth with x11vnc?
+ [124]Q-122: Can I transfer files back and forth with x11vnc?
- [124]Q-122: Which UltraVNC extensions are supported?
+ [125]Q-123: Which UltraVNC extensions are supported?
- [125]Q-123: Can x11vnc emulate UltraVNC's Single Click helpdesk mode
+ [126]Q-124: Can x11vnc emulate UltraVNC's Single Click helpdesk mode
for Unix? I.e. something very simple for a naive user to initiate a
reverse vnc connection from their Unix desktop to a helpdesk
operator's VNC Viewer.
- [126]Q-124: Can I (temporarily) mount my local (viewer-side)
+ [127]Q-125: Can I (temporarily) mount my local (viewer-side)
Windows/Samba File share on the machine where x11vnc is running?
- [127]Q-125: Can I redirect CUPS print jobs from the remote desktop
+ [128]Q-126: Can I redirect CUPS print jobs from the remote desktop
where x11vnc is running to a printer on my local (viewer-side)
machine?
- [128]Q-126: How can I hear the sound (audio) from the remote
+ [129]Q-127: How can I hear the sound (audio) from the remote
applications on the desktop I am viewing via x11vnc?
- [129]Q-127: Why don't I hear the "Beeps" in my X session (e.g. when
+ [130]Q-128: Why don't I hear the "Beeps" in my X session (e.g. when
typing tput bel in an xterm)?
- [130]Q-128: Does x11vnc work with IPv6?
+ [131]Q-129: Does x11vnc work with IPv6?
- [131]Q-129: Thanks for your program or for your help! Can I make a
+ [132]Q-130: Thanks for your program or for your help! Can I make a
donation?
_________________________________________________________________
@@ -2336,7 +2396,7 @@ http://www.karlrunge.com/x11vnc/faq.html:
For the former error, you need to specify the X display to connect to
(it also needs to be on the same machine the x11vnc process is to run
- on.) Set your DISPLAY environment variable (or use the [132]-display
+ on.) Set your DISPLAY environment variable (or use the [133]-display
option) to specify it. Nearly always the correct value will be ":0"
(in fact, x11vnc will now assume :0 if given no other information.)
@@ -2353,9 +2413,9 @@ http://www.karlrunge.com/x11vnc/faq.html:
working when you try to start x11vnc via, say, a remote shell.
How to Solve: See the xauth(1), Xsecurity(7), and xhost(1) man pages
- or [133]this Howto for much info on X11 permissions. For example, you
+ or [134]this Howto for much info on X11 permissions. For example, you
may need to set your XAUTHORITY environment variable (or use the
- [134]-auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g.
+ [135]-auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g.
/home/joe/.Xauthority or /var/gdm/:0.Xauth or /var/lib/kdm/A:0-crWk72K
or /tmp/.gdmzndVlR, etc, etc.), or simply be sure you run x11vnc as
the correct user (i.e. the user who is logged into the X session you
@@ -2377,10 +2437,10 @@ http://www.karlrunge.com/x11vnc/faq.html:
x11vnc -display :0 -auth /var/gdm/:0.Xauth
(this is for the display manager gdm and requires root permission to
- read the gdm cookie file, see [135]this faq for other display manager
+ read the gdm cookie file, see [136]this faq for other display manager
cookie file names.)
- Note as of Feb/2007 you can also try the [136]-find option instead of
+ Note as of Feb/2007 you can also try the [137]-find option instead of
"-display ..." and see if that finds your display and Xauthority.
Less safe, but to avoid figuring out where the correct XAUTHORITY file
@@ -2389,7 +2449,7 @@ http://www.karlrunge.com/x11vnc/faq.html:
(from the same machine.) The person could then type "xhost -localhost"
after x11vnc has connected to go back to the default permissions.
Also, for some situations the "-users lurk=" option may soon be of use
- (please read the documentation on the [137]-users option.)
+ (please read the documentation on the [138]-users option.)
To test out your X11 permissions from a remote shell, set DISPLAY and
possibly XAUTHORITY (see your shell's man page, bash(1), tcsh(1), on
@@ -2408,7 +2468,7 @@ http://www.karlrunge.com/x11vnc/faq.html:
properly.)
Firewalls: Speaking of permissions, it should go without saying that
- the host-level [138]firewall will need to be configured to allow
+ the host-level [139]firewall will need to be configured to allow
connections in on a port. E.g. 5900 (default VNC port) or 22 (default
SSH port for tunnelling VNC.) Most systems these days have firewalls
turned on by default, so you will actively have to do something to
@@ -2457,63 +2517,56 @@ libssl.so libcrypto.so libcrypt.so
See `config.log' for more details.
there is quite a bit wrong with the build environment. Hopefully
- simply adding -dev packages and/or gcc will fix it.
+ simply adding -dev packages and/or gcc or make will fix it.
For Debian the list seems to be:
gcc
make
libc6-dev
- libjpeg62-dev
+ libjpeg8-dev (formerly libjpeg62-dev)
libx11-dev
+ x11proto-core-dev (formerly x-dev)
libxext-dev
+ libxtst-dev
+ libxdamage-dev
+ libxfixes-dev
libxrandr-dev
libxinerama-dev
- libxtst-dev
- x-dev
- xlibs-static-dev
+ libxss-dev (formerly xlibs-static-dev)
zlib1g-dev
libssl-dev
+ libavahi-client-dev
+ linux-libc-dev (only needed for linux console rawfb support)
- (note that depending on your OS version the above names may have been
- changed and/or additional packages may be needed.)
+ Note that depending on your OS version the above names may have been
+ changed and/or additional packages may be needed.
For Redhat the list seems to be:
gcc
make
glibc-devel
libjpeg-devel
- xorg-x11-devel or XFree86-devel
+ libX11-devel
+ xorg-x11-proto-devel
+ libXdamage-devel
+ libXfixes-devel
+ libXrandr-devel
zlib-devel
- openssl097a
-
- (there are probably some more now; send us a list for recent Redhat if
- you have it building and see the need to add more -devel packages.)
+ openssl-devel
+ avahi-devel
+ kernel-headers (only needed for linux console rawfb support)
For other distros or OS's the package names may not be the same but
will look similar. Also, distros tend to rename packages as well so
the above list may be out of date. So only use the above lists as
hints for the package names that are needed.
- Have a look at [139]Misc. Build Problems for additional fixes.
+ Have a look at [140]Misc. Build Problems for additional fixes.
Note: there is growing trend in Linux and other distros to slice up
core X11 software into more and smaller packages. So be prepared for
more headaches compiling software...
- libssl: One user pointed out that if you use a precompiled binary
- (either one you downloaded or built on another machine) there is a
- chance it won't work because that x11vnc binary requires libssl0.9.7
- but the system only has libssl0.9.8 (which evidently is incompatible
- with 0.9.7 and has a different SONAME.) Your distro should allow you
- do have both runtimes installed on your system:
- % dpkg -l libssl0.9.7 libssl0.9.8
- ...
- ii libssl0.9.7 0.9.7g-5ubuntu SSL shared libraries
- ii libssl0.9.8 0.9.8a-7ubuntu SSL shared libraries
-
- (in fact it should have installed both by default if it knew what it
- was doing.) See [140]here too.
-
Q-3: I just built x11vnc successfully, but when I use it my keystrokes
and mouse button clicks are ignored (I am able to move the mouse
@@ -4152,7 +4205,7 @@ exec @ARGV;
channel using an external tool like stunnel?
It is possible to use a "lighter weight" encryption setup than SSH or
- IPSEC. SSL tunnels such as [318]stunnel (also [319]stunnel.mirt.net)
+ IPSEC. SSL tunnels such as [318]stunnel (also [319]stunnel.org)
provide an encrypted channel without the need for Unix users,
passwords, and key passphrases required for ssh (and at the other
extreme SSL can also provide a complete signed certificate chain of
@@ -4438,7 +4491,7 @@ connect = 5900
tunnel for you using stunnel. The -ssl method is the preferred way,
but for historical reference we keep the -stunnel info here.
- The [358]-stunnel mode requires the [359]www.stunnel.org command
+ The [358]-stunnel mode requires the [359]stunnel.mirt.net command
stunnel(8) to be installed on the system.
Some -stunnel examples:
@@ -4834,15 +4887,19 @@ connect = 5900
SSL from the Internet with a Web browser to x11vnc running on their
workstations behind a firewall?
Yes. You will need to configure apache to forward these connections.
- It is discussed [390]here. This provides a clean alternative to the
- traditional method where the user uses SSH to log in through the
- gateway to create the encrypted port redirection to x11vnc running on
- her desktop.
+ It is discussed [390]here. This SSL VNC portal provides a clean
+ alternative to the traditional method where the user uses SSH to log
+ in through the gateway to create the encrypted port redirection to
+ x11vnc running on her desktop.
+
+ Also see the [391]desktop.cgi CGI script method that achieves much of
+ what this Apache VNC SSL portal method does (as long as desktop.cgi's
+ 'port redirection' mode is enabled.)
Q-57: Can I create and use my own SSL Certificate Authority (CA) with
x11vnc?
- Yes, see [391]this page for how to do this and the utility commands
+ Yes, see [392]this page for how to do this and the utility commands
x11vnc provides to create and manage many types of certificates and
private keys.
@@ -4861,14 +4918,14 @@ connect = 5900
need to have sufficient permissions to connect to the X display.
Here are some ideas:
- * Use the description under "Continuously" in the [392]FAQ on x11vnc
+ * Use the description under "Continuously" in the [393]FAQ on x11vnc
and Display Managers
- * Use the description in the [393]FAQ on x11vnc and inetd(8)
- * Use the description in the [394]FAQ on Unix user logins and
+ * Use the description in the [394]FAQ on x11vnc and inetd(8)
+ * Use the description in the [395]FAQ on Unix user logins and
inetd(8)
* Start x11vnc from your $HOME/.xsession (or $HOME/.xinitrc or
autostart script or ...)
- * Although less reliable, see the [395]x11vnc_loop rc.local hack
+ * Although less reliable, see the [396]x11vnc_loop rc.local hack
below.
The display manager scheme will not be specific to which user has the
@@ -4890,9 +4947,9 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
X startup scripts (traditionally .xsession/.xinitrc) may have to be in
a different directory or have a different basename. One user
recommends the description under 'Running Scripts Automatically' at
- [396]this link.
+ [397]this link.
- Firewalls: note all methods will require the host-level [397]firewall
+ Firewalls: note all methods will require the host-level [398]firewall
to be configured to allow connections in on a port. E.g. 5900 (default
VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems
these days have firewalls turned on by default, so you will actively
@@ -4916,23 +4973,30 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
It is usually possible to do this by just adjusting the XAUTHORITY
environment variable to point to the correct MIT-COOKIE auth file
- while running x11vnc as root, e.g. for the gnome display manager, gdm:
+ while running x11vnc as root, e.g. for the gnome display manager, GDM:
x11vnc -auth /var/gdm/:0.Xauth -display :0
- (the [398]-auth option sets the XAUTHORITY variable for you.)
+ (the [399]-auth option sets the XAUTHORITY variable for you.)
- There will be a similar thing for xdm using however a different auth
- directory path (perhaps something like
- /var/lib/xdm/authdir/authfiles/A:0-XQvaJk for xdm or
+ There will be a similar thing to do for xdm using however a different
+ auth directory path (perhaps something like
+ /var/lib/xdm/authdir/authfiles/A:0-XQvaJk) for the xdm greeter or
/var/lib/kdm/A:0-crWk72 (or /var/run/xauth/A:0-qQPftr, etc. etc) for
- kdm, where the random characters in the basename will vary.) Read your
- system docs to find out where the display manager cookie files are
- kept.
+ the kdm greeter. Of course, the random characters in the file basename
+ will vary and you will need to use the actual filename on your system.
+ Read your system docs to find out where the display manager cookie
+ files are kept.
Trick: sometimes ps(1) can reveal the X server process -auth argument
- (e.g. "ps wwwaux | grep auth") and hence the path to the auth file.
+ (e.g. "ps wwaux | grep auth") and hence the path to the auth file.
+
+ x11vnc must be run as root for this because the /var/gdm/:0.Xauth,
+ /var/lib/kdm/A:0-crWk72, etc. auth files are only readable by root. If
+ you do not want to run x11vnc as root, you can copy (as root or sudo)
+ the auth file to some location and make it readable by your userid.
+ Then run x11vnc as your userid with -auth pointed to the copied file.
- Update Dec/2009: use "[399]-auth guess" to have x11vnc try to guess
+ Update Dec/2009: use "[400]-auth guess" to have x11vnc try to guess
the location of the auth file for you.
You next connect to x11vnc with a VNC viewer, give your username and
@@ -4950,10 +5014,10 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
(BTW, the auth file should be in /var/dt), you'll also need to add
something like Dtlogin*grabServer:False to the Xconfig file
(/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see
- [400]the example at the end of this FAQ.) Then restart dtlogin, e.g.:
+ [401]the example at the end of this FAQ.) Then restart dtlogin, e.g.:
/etc/init.d/dtlogin stop; /etc/init.d/dtlogin start or reboot.
- Update Nov/2008: Regarding GDM KillInitClients: see the [401]-reopen
+ Update Nov/2008: Regarding GDM KillInitClients: see the [402]-reopen
option for another possible workaround.
Update Oct/2009: Regarding GDM KillInitClients: starting with x11vnc
@@ -4980,7 +5044,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
Please consider the security implications of this! The VNC display for
the X session always accessible (but hopefully password protected.)
- Add [402]-localhost if you only plan to access via a [403]SSH tunnel.
+ Add [403]-localhost if you only plan to access via a [404]SSH tunnel.
The name of the display manager startup script file depends on desktop
used and seem to be:
@@ -5018,7 +5082,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
-forever -bg
where you should customize the exact command to your needs (e.g.
- [404]-localhost for SSH tunnel-only access; [405]-ssl SAVE for SSL
+ [405]-localhost for SSH tunnel-only access; [406]-ssl SAVE for SSL
access; etc.)
Happy, happy, joy, joy: Note that we do not need to specify -display
@@ -5026,7 +5090,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
and XAUTHORITY environment variables for the Xsetup script!!!
You may also want to force the VNC port with something like "-rfbport
- 5900" (or [406]-N) to avoid autoselecting one if 5900 is already
+ 5900" (or [407]-N) to avoid autoselecting one if 5900 is already
taken.
_________________________________________________________________
@@ -5042,7 +5106,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
Then restart: /usr/sbin/gdm-restart (or reboot.) The
KillInitClients=false setting is important: without it x11vnc will be
- killed immediately after the user logs in. Here are [407]full details
+ killed immediately after the user logs in. Here are [408]full details
on how to configure gdm
_________________________________________________________________
@@ -5084,16 +5148,16 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
If you do not want to deal with any display manager startup scripts,
here is a kludgey script that can be run manually or out of a boot
- file like rc.local: [408]x11vnc_loop It will need some local
+ file like rc.local: [409]x11vnc_loop It will need some local
customization before running. Because the XAUTHORITY auth file must be
guessed by this script, use of the display manager script method
- described above is greatly preferred. There is also the [409]-loop
+ described above is greatly preferred. There is also the [410]-loop
option that does something similar.
If the machine is a traditional Xterminal you may want to read
- [410]this FAQ.
+ [411]this FAQ.
- Firewalls: note all methods will require the host-level [411]firewall
+ Firewalls: note all methods will require the host-level [412]firewall
to be configured to allow connections in on a port. E.g. 5900 (default
VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems
these days have firewalls turned on by default, so you will actively
@@ -5109,7 +5173,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_sh
- where the shell script /usr/local/bin/x11vnc_sh uses the [412]-inetd
+ where the shell script /usr/local/bin/x11vnc_sh uses the [413]-inetd
option and looks something like (you'll need to customize to your
settings.)
#!/bin/sh
@@ -5122,7 +5186,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
and that confuses it greatly, causing it to abort.) If you do not use
a wrapper script as above but rather call x11vnc directly in
/etc/inetd.conf and do not redirect stderr to a file, then you must
- specify the -q (aka [413]-quiet) option: "/usr/local/bin/x11vnc -q
+ specify the -q (aka [414]-quiet) option: "/usr/local/bin/x11vnc -q
-inetd ...". When you supply both -q and -inet and no "-o logfile"
then stderr will automatically be closed (to prevent, e.g. library
stderr messages leaking out to the viewer.) The recommended practice
@@ -5130,12 +5194,12 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
script with "2>logfile" redirection because the errors and warnings
printed out are very useful in troubleshooting problems.
- Note also the need to set XAUTHORITY via [414]-auth to point to the
+ Note also the need to set XAUTHORITY via [415]-auth to point to the
MIT-COOKIE auth file to get permission to connect to the X display
(setting and exporting the XAUTHORITY variable accomplishes the same
thing.) See the x11vnc_loop file in the previous question for more
ideas on what that auth file may be, etc. The scheme described in the
- [415]FAQ on Unix user logins and inetd(8) works around the XAUTHORITY
+ [416]FAQ on Unix user logins and inetd(8) works around the XAUTHORITY
issue nicely.
Note: On Solaris you cannot have the bare number 5900 in
@@ -5201,8 +5265,8 @@ service x11vncservice
#!/bin/sh
COLUMNS=256
export COLUMNS
-authfile=`ps wwwaux | grep '/X.*-auth' | grep -v grep | sed -e 's/^.*-auth *//'
- -e 's/ .*$//' | head -n 1`
+authfile=`ps wwaux | grep '/X.*-auth' | grep -v grep | sed -e 's/^.*-auth *//'
+-e 's/ .*$//' | head -n 1`
if [ -r "$authfile" ]; then
exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -display :0 -a
@@ -5220,9 +5284,9 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1
it automatically?
Yes, as of Feb/2007 x11vnc supports mDNS / Zeroconf advertising of its
- service via the Avahi client library. Use the option [416]-avahi (same
- as [417]-mdns or [418]-zeroconf) to enable it. Depending on your setup
- you may need to install [419]Avahi (including the development/build
+ service via the Avahi client library. Use the option [417]-avahi (same
+ as [418]-mdns or [419]-zeroconf) to enable it. Depending on your setup
+ you may need to install [420]Avahi (including the development/build
packages), enable the server: avahi-daemon and avahi-dnsconfd, and
possibly open up UDP port 5353 on your firewall.
@@ -5251,11 +5315,11 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1
machine and then attach to it? How about starting an X session if one
cannot be found?
- The easiest way to do this is via [420]inetd(8) using the [421]-unixpw
- and [422]-display WAIT options. The reason inetd(8) makes this easier
+ The easiest way to do this is via [421]inetd(8) using the [422]-unixpw
+ and [423]-display WAIT options. The reason inetd(8) makes this easier
is that it starts a new x11vnc process for each new user connection.
Otherwise a wrapper would have to listen for connections and spawn new
- x11vnc's (see [423]this example and also the [424]-loopbg option.)
+ x11vnc's (see [424]this example and also the [425]-loopbg option.)
inetd(8) is not required for this, but it makes some aspects more
general.
@@ -5263,23 +5327,23 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1
hostname:0, and do not need to memorize a special VNC display number
just for their personal use, etc.
- Update: Use the [425]-find, [426]-create, [427]-svc, and [428]-xdmsvc
+ Update: Use the [426]-find, [427]-create, [428]-svc, and [429]-xdmsvc
options that are shorthand for common FINDCREATEDISPLAY usage modes
(e.g. terminal services) described below. (i.e. simply use "-svc"
instead of the cumbersome "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb
-unixpw -users unixpw= -ssl SAVE")
- The [429]-display WAIT option makes x11vnc wait until a VNC viewer is
+ The [430]-display WAIT option makes x11vnc wait until a VNC viewer is
connected before attaching to the X display.
Additionally it can be used to run an external command that returns
the DISPLAY and XAUTHORITY data. We provide some useful builtin ones
(FINDDISPLAY and FINDCREATEDISPLAY below), but in principle one could
supply his own script: "-display WAIT:cmd=/path/to/find_display" where
- the script find_display might look something like [430]this.
+ the script find_display might look something like [431]this.
A default script somewhat like the above is used under "-display
- WAIT:cmd=FINDDISPLAY" (same as [431]-find) The format for any such
+ WAIT:cmd=FINDDISPLAY" (same as [432]-find) The format for any such
command is that it returns DISPLAY=:disp as the first line and any
remaining lines are either XAUTHORITY=file or raw xauth data (the
above example does the latter.) If applicable (-unixpw mode), the
@@ -5290,10 +5354,10 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1
only the X server process ID is known it appends ",XPID=n" (a chvt
will be attempted by x11vnc.)
- Tip: Note that the [432]-find option is an alias for "-display
+ Tip: Note that the [433]-find option is an alias for "-display
WAIT:cmd=FINDDISPLAY". Use it!
- The [433]-unixpw option allows [434]UNIX password logins. It
+ The [434]-unixpw option allows [435]UNIX password logins. It
conveniently knows the Unix username whose X display should be found.
Here are a couple /etc/inetd.conf examples of this usage:
5900 stream tcp nowait nobody /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd
@@ -5303,19 +5367,19 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1
-unixpw \
-find -o /var/log/x11vnc.log -ssl SAVE -users unixpw=
- Note we have used the [435]-find alias and the very long lines have
+ Note we have used the [436]-find alias and the very long lines have
been split. An alternative is to use a wrapper script, e.g.
/usr/local/bin/x11vnc.sh that has all of the options. (see also the
- [436]-svc alias.)
+ [437]-svc alias.)
In the first inetd line x11vnc is run as user "nobody" and stays user
nobody during the whole session. The permissions of the log files and
certs directory will need to be set up to allow "nobody" to use them.
In the second one x11vnc is run as root and switches to the user that
- logs in due to the "[437]-users unixpw=" option.
+ logs in due to the "[438]-users unixpw=" option.
- Note that [438]SSL is required for this mode because otherwise the
+ Note that [439]SSL is required for this mode because otherwise the
Unix password would be passed in clear text over the network. In
general -unixpw is not required for this sort of scheme, but it is
convenient because it determines exactly who the Unix user is whose
@@ -5323,17 +5387,17 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1
to use some method to work out DISPLAY, XAUTHORITY, etc (perhaps you
use multiple inetd ports and hardwire usernames for different ports.)
- If you really want to disable the SSL or SSH [439]-localhost
+ If you really want to disable the SSL or SSH [440]-localhost
constraints (this is not recommended unless you really know what you
are doing: Unix passwords sent in clear text is a very bad idea...)
- read the [440]-unixpw documentation.
+ read the [441]-unixpw documentation.
A inetd(8) scheme for a fixed user that doesn't use SSL or unix
passwds could be:
/usr/local/bin/x11vnc -inetd -users =fred -find -rfbauth /home/fred/.vnc/pass
wd -o /var/log/x11vnc.log
- The "[441]-users =fred" option will cause x11vnc to switch to user
+ The "[442]-users =fred" option will cause x11vnc to switch to user
fred and then find his X display. The VNC password (-rfbauth) as
opposed to Unix password (-unixpw) is used to authenticate the VNC
client.
@@ -5350,8 +5414,11 @@ wd -o /var/log/x11vnc.log
tries to start up an X server (normally it just attaches to an
existing one.)
+ For virtual sessions you will need to install the Xvfb program (e.g.
+ apt-get install xvfb) or our Xdummy program (see below.)
+
By default it will only try to start up virtual (non-hardware) X
- servers: first [442]Xvfb and if that is not available then Xdummy
+ servers: first [443]Xvfb and if that is not available then Xdummy
(included in the x11vnc source code.) Note that Xdummy only works on
Linux whereas Xvfb works just about everywhere (and in some situations
Xdummy must be run as root.) An advantage of Xdummy over Xvfb is that
@@ -5365,16 +5432,16 @@ wd -o /var/log/x11vnc.log
-ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY
Where the very long lines have been split. See below where that long
- and cumbersome last line is replaced by the [443]-svc alias.
+ and cumbersome last line is replaced by the [444]-svc alias.
- The above mode will allow direct SSL (e.g. [444]ss_vncviewer or
- [445]SSVNC) access and also Java Web browers access via:
+ The above mode will allow direct SSL (e.g. [445]ss_vncviewer or
+ [446]SSVNC) access and also Java Web browers access via:
https://hostname:5900/.
- Tip: Note that the [446]-create option is an alias for "-display
+ Tip: Note that the [447]-create option is an alias for "-display
WAIT:cmd=FINDCREATEDISPLAY-Xvfb".
- Tip: Note that [447]-svc is a short hand for the long "-ssl SAVE
+ Tip: Note that [448]-svc is a short hand for the long "-ssl SAVE
-unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY" part.
Unlike -create, this alias also sets up SSL encryption and Unix
password login.
@@ -5386,7 +5453,7 @@ wd -o /var/log/x11vnc.log
Tip: In addition to the usual unixpw parameters, inside the VNC viewer
the user can specify after his username (following a ":" see
- [448]-display WAIT for details) for FINDCREATEDISPLAY they can add
+ [449]-display WAIT for details) for FINDCREATEDISPLAY they can add
"geom=WxH" or "geom=WxHxD" to specify the width, height, and
optionally the color depth. E.g. "fred:geom=800x600" at the login:
prompt. Also if the env. var X11VNC_CREATE_GEOM is set to the desired
@@ -5420,10 +5487,10 @@ bin/x11vnc -svc
To print out the script in this case use "-display
WAIT:cmd=FINDCREATEDISPLAY-print". To change the preference of
Xservers and which to try list them, e.g.: "-display
- WAIT:cmd=FINDCREATEDISPLAY-X,Xvfb,Xdummy" or use "[449]-create_xsrv
+ WAIT:cmd=FINDCREATEDISPLAY-X,Xvfb,Xdummy" or use "[450]-create_xsrv
X,Xvfb,Xdummy". The "X" one means to try to start up a real, hardware
X server, e.g. startx(1) (if there is already a real X server running
- this may only work on Linux and the chvt program may [450]need to be
+ this may only work on Linux and the chvt program may [451]need to be
run to switch to the correct Linux virtual terminal.) x11vnc will try
to run chvt automatically if it can determine which VT should be
switched to.
@@ -5452,7 +5519,7 @@ bin/x11vnc -svc
will also typically block UDP (port 177 for XDMCP) by default
effectively limiting the UDP connections to localhost.
- Tip: Note that [451]-xdmsvc is a short hand alias for the long "-ssl
+ Tip: Note that [452]-xdmsvc is a short hand alias for the long "-ssl
SAVE -unixpw -users unixpw= -display
WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp". So we simply use:
service x11vnc
@@ -5521,15 +5588,15 @@ t:5
Q-63: Can I have x11vnc restart itself after it terminates?
One could do this in a shell script, but now there is an option
- [452]-loop that makes it easier. Of course when x11vnc restarts it
+ [453]-loop that makes it easier. Of course when x11vnc restarts it
needs to have permissions to connect to the (potentially new) X
display. This mode could be useful if the X server restarts often. Use
e.g. "-loop5000" to sleep 5000 ms between restarts. Also "-loop2000,5"
to sleep 2000 ms and only restart 5 times.
- One can also use the [453]-loopbg to emulate inetd(8) to some degree,
+ One can also use the [454]-loopbg to emulate inetd(8) to some degree,
where each connected process runs in the background. It could be
- combined, say, with the [454]-svc option to provide simple terminal
+ combined, say, with the [455]-svc option to provide simple terminal
services without using inetd(8).
@@ -5537,7 +5604,7 @@ t:5
web browser?
To have x11vnc serve up a Java VNC viewer applet to any web browsers
- that connect to it, run x11vnc with this [455]option:
+ that connect to it, run x11vnc with this [456]option:
-httpdir /path/to/the/java/classes/dir
(this directory will contain the files index.vnc and, for example,
@@ -5556,7 +5623,7 @@ t:5
then you can connect to that URL with any Java enabled browser. Feel
free to customize the default index.vnc file in the classes directory.
- As of May/2005 the [456]-http option will try to guess where the Java
+ As of May/2005 the [457]-http option will try to guess where the Java
classes jar file is by looking in expected locations and ones relative
to the x11vnc binary.
@@ -5565,7 +5632,7 @@ t:5
either the java or appletviewer commands to run the program.
java -cp ./VncViewer.jar VncViewer HOST far-away.east PORT 5900
- Proxies: See the [457]discussion here if the web browser must use a
+ Proxies: See the [458]discussion here if the web browser must use a
web proxy to connect to the internet. It is tricky to get Java applets
to work in this case: a signed applet must be used so it can connect
to the proxy and ask for the redirection to the VNC server. One way to
@@ -5581,7 +5648,7 @@ t:5
As of Mar/2004 x11vnc supports reverse connections. On Unix one starts
the VNC viewer in listen mode: "vncviewer -listen" (see your
documentation for Windows, etc), and then starts up x11vnc with the
- [458]-connect option. To connect immediately at x11vnc startup time
+ [459]-connect option. To connect immediately at x11vnc startup time
use the "-connect host:port" option (use commas for a list of hosts to
connect to.) The ":port" is optional (default is VNC listening port is
5500.)
@@ -5590,11 +5657,11 @@ t:5
file is checked periodically (about once a second) for new hosts to
connect to.
- The [459]-remote control option (aka -R) can also be used to do this
+ The [460]-remote control option (aka -R) can also be used to do this
during an active x11vnc session, e.g.:
x11vnc -display :0 -R connect:hostname.domain
- Use the "[460]-connect_or_exit" option to have x11vnc exit if the
+ Use the "[461]-connect_or_exit" option to have x11vnc exit if the
reverse connection fails. Also, note the "-rfbport 0" option disables
TCP listening for connections (potentially useful for reverse
connection mode, assuming you do not want any "forward" connections.)
@@ -5607,7 +5674,7 @@ x11vnc -display :0 -R connect:hostname.domain
X11VNC_REVERSE_CONNECTION_NO_AUTH=1" to x11vnc.
Vncconnect command: To use the vncconnect(1) program (from the core
- VNC package at www.realvnc.com) specify the [461]-vncconnect option to
+ VNC package at www.realvnc.com) specify the [462]-vncconnect option to
x11vnc (Note: as of Dec/2004 -vncconnect is now the default.)
vncconnect(1) must be pointed to the same X11 DISPLAY as x11vnc (since
it uses X properties to communicate with x11vnc.) If you do not have
@@ -5626,7 +5693,7 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1"
proxy or SSH?
Yes, as of Oct/2007 x11vnc supports reverse connections through
- proxies: use the "[462]-proxy host:port" option. The default is to
+ proxies: use the "[463]-proxy host:port" option. The default is to
assume the proxy is a Web proxy. Note that most Web proxies only allow
proxy destination connections to ports 443 (HTTPS) and 563 (SNEWS) and
so this might not be too useful unless the proxy has been modified
@@ -5646,11 +5713,11 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1"
connections.
An experimental mode is "-proxy http://host:port/..." where the URL
- (e.g. a CGI script) is retrieved via the GET method. See [463]-proxy
+ (e.g. a CGI script) is retrieved via the GET method. See [464]-proxy
for more info.
Another experimental mode is "-proxy ssh://user@host" in which case a
- SSH tunnel is used for the proxying. See [464]-proxy for more info.
+ SSH tunnel is used for the proxying. See [465]-proxy for more info.
Up to 3 proxies may be chained together by listing them by commas
e.g.: "-proxy http://host1:port1,socks5://host2:port2" in case one
@@ -5658,7 +5725,34 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1"
listening viewer.
- Q-67: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real
+ Q-67: Can x11vnc provide a multi-user desktop web login service as an
+ Apache CGI or PHP script?
+ Yes. See the example script [466]desktop.cgi for ideas. It is in the
+ source tree in the directory x11vnc/misc. It serves x11vnc's SSL
+ enabled Java Applet to the web browser with the correct connection
+ information for the user's virtual desktop (an [467]Xvfb session via
+ [468]-create; be sure to add the Xvfb package.) HTTPS/SSL enabled
+ Apache should be used to serve the script to avoid unix and vnc
+ passwords from being sent in cleartext and sniffed.
+
+ By default it uses a separate VNC port for each user desktop (either
+ by autoprobing in a range of ports or using a port based on the userid
+ number.) The web server's firewall must allow incoming connections to
+ these ports.
+
+ It is somewhat difficult to do all of this with x11vnc listening on a
+ single port, however there is also a 'fixed port' scheme described in
+ the script based on [469]-loopbg that works fairly well (but more
+ experience is needed to see what problems contention for the same port
+ causes; however at worst one user may need to re-login.)
+
+ There is also an optional 'port redirection' mode for desktop.cgi that
+ allows redirection to other machines inside the firewall already
+ running SSL enabled VNC servers. This provides much of the
+ functionality as the [470]SSL Portal and is easier to set up.
+
+
+ Q-68: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real
display, but for a virtual one I keep around.)
You can, but you would not be doing this for performance reasons (for
@@ -5672,14 +5766,17 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1"
Another method, faster and more accurate, is to use the "dummy" Device
Driver in XFree86/Xorg (see below.)
+ For these virtual sessions you will need to install the Xvfb program
+ (e.g. apt-get install xvfb) or our Xdummy program (see below.)
+
In either case, one can view this desktop both remotely and also
- [465]locally using vncviewer. Make sure vncviewer's "-encodings raw"
+ [471]locally using vncviewer. Make sure vncviewer's "-encodings raw"
is in effect for local viewing (compression seems to slow things down
locally.) For local viewing you set up a "bare" window manager that
- just starts up vncviewer and nothing else ([466]See how below.)
+ just starts up vncviewer and nothing else ([472]See how below.)
Here is one way to start up Xvfb:
- xinit -- /usr/X11R6/bin/Xvfb :1 -cc 4 -screen 0 1024x768x16
+ xinit -- /usr/bin/Xvfb :1 -cc 4 -screen 0 1024x768x16
This starts up a 16bpp virtual display. To export it via VNC use
x11vnc -display :1 ...
@@ -5696,19 +5793,19 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1"
"screen scrape" it very efficiently (more than, say, 100X faster than
normal video hardware.)
- Update Nov/2006: See the [467]FINDCREATEDISPLAY discussion of the
- "[468]-display WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or
+ Update Nov/2006: See the [473]FINDCREATEDISPLAY discussion of the
+ "[474]-display WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or
Xdummy, or even real ones by changing an option) X servers are started
automatically for new users connecting. This provides a "desktop
service" for the machine. You either get your real X session or your
virtual (Xvfb/Xdummy) one whenever you connect to the machine
- (inetd(8) is a nice way to provide this service.) The [469]-find,
- [470]-create, [471]-svc, and [472]-xdmsvc aliases can also come in
+ (inetd(8) is a nice way to provide this service.) The [475]-find,
+ [476]-create, [477]-svc, and [478]-xdmsvc aliases can also come in
handy here.
There are some annoyances WRT Xvfb however. The default keyboard
mapping seems to be very poor. One should run x11vnc with
- [473]-add_keysyms option to have keysyms added automatically. Also, to
+ [479]-add_keysyms option to have keysyms added automatically. Also, to
add the Shift_R and Control_R modifiers something like this is needed:
#!/bin/sh
xmodmap -e "keycode any = Shift_R"
@@ -5720,7 +5817,7 @@ xmodmap -e "keycode any = Alt_R"
xmodmap -e "keycode any = Meta_L"
xmodmap -e "add Mod1 = Alt_L Alt_R Meta_L"
- (note: these are applied automatically in the [474]FINDCREATEDISPLAY
+ (note: these are applied automatically in the [480]FINDCREATEDISPLAY
mode of x11vnc.) Perhaps the Xvfb options -xkbdb or -xkbmap could be
used to get a better default keyboard mapping...
@@ -5735,11 +5832,11 @@ xmodmap -e "add Mod1 = Alt_L Alt_R Meta_L"
The main drawback to this method (besides requiring extra
configuration and possibly root permission) is that it also does the
- Linux Virtual Console/Terminal (VC/VT) [475]switching even though it
+ Linux Virtual Console/Terminal (VC/VT) [481]switching even though it
does not need to (since it doesn't use a real framebuffer.) There are
some "dual headed" (actually multi-headed/multi-user) patches to the X
server that turn off the VT usage in the X server. Update: As of
- Jul/2005 we have an LD_PRELOAD script [476]Xdummy that allows you to
+ Jul/2005 we have an LD_PRELOAD script [482]Xdummy that allows you to
use a stock (i.e. unpatched) Xorg or XFree86 server with the "dummy"
driver and not have any VT switching problems! An advantage of Xdummy
over Xvfb is that Xdummy supports RANDR dynamic screen resizing.
@@ -5766,7 +5863,7 @@ x11vnc -display :5 -rfbport 5905 -bg
vncviewer -geometry +0+0 -encodings raw -passwd $HOME/.vnc/passwd localhost:5
The display numbers (VNC and X) will likely be different (you could
- also try [477]-find), and you may not need the -passwd. Recent RealVNC
+ also try [483]-find), and you may not need the -passwd. Recent RealVNC
viewers might be this:
#!/bin/sh
x11vnc -display :5 -rfbport 5905 -bg
@@ -5784,10 +5881,10 @@ t:5
XDM/GDM/KDM One-Shot X sessions: For the general replacement of Xvnc
by Xvfb+x11vnc, one user describes a similar setup he created where
the X sessions are one-shot's (destroyed after the vncviewer
- disconnects) and it uses the XDM/GDM/KDM login greeter [478]here.
+ disconnects) and it uses the XDM/GDM/KDM login greeter [484]here.
- Q-68: How can I use x11vnc on "headless" machines? Why might I want
+ Q-69: How can I use x11vnc on "headless" machines? Why might I want
to?
An interesting application of x11vnc is to let it export displays of
@@ -5799,7 +5896,7 @@ t:5
An X server can be started on the headless machine (sometimes this
requires configuring the X server to not fail if it cannot detect a
keyboard or mouse, see the next paragraph.) Then you can export that X
- display via x11vnc (e.g. see [479]this FAQ) and access it from
+ display via x11vnc (e.g. see [485]this FAQ) and access it from
anywhere on the network via a VNC viewer.
Some tips on getting X servers to start on machines without keyboard
@@ -5823,15 +5920,15 @@ t:5
cards as it can hold to provide multiple simultaneous access or
testing on different kinds of video hardware.
- See also the [480]FINDCREATEDISPLAY discussion of the "[481]-display
+ See also the [486]FINDCREATEDISPLAY discussion of the "[487]-display
WAIT:cmd=FINDDISPLAY" option where virtual Xvfb or Xdummy, or real X
servers are started automatically for new users connecting. The
- [482]-find, [483]-create, [484]-svc, and [485]-xdmsvc aliases can also
+ [488]-find, [489]-create, [490]-svc, and [491]-xdmsvc aliases can also
come in handy here.
[Resource Usage and Performance]
- Q-69: I have lots of memory, but why does x11vnc fail with shmget:
+ Q-70: I have lots of memory, but why does x11vnc fail with shmget:
No space left on device or Minor opcode of failed request: 1
(X_ShmAttach)?
@@ -5849,7 +5946,7 @@ t:5
19/03/2004 10:10:58 error creating tile-row shm for len=4
19/03/2004 10:10:58 reverting to single_copytile mode
- Here is a shell script [486]shm_clear to list and prompt for removal
+ Here is a shell script [492]shm_clear to list and prompt for removal
of your unattached shm segments (attached ones are skipped.) I use it
while debugging x11vnc (I use "shm_clear -y" to assume "yes" for each
prompt.) If x11vnc is regularly not cleaning up its shm segments,
@@ -5883,49 +5980,49 @@ ied)
in /etc/system. See the next paragraph for more workarounds.
To minimize the number of shm segments used by x11vnc try using the
- [487]-onetile option (corresponds to only 3 shm segments used, and
+ [493]-onetile option (corresponds to only 3 shm segments used, and
adding -fs 1.0 knocks it down to 2.) If you are having much trouble
with shm segments, consider disabling shm completely via the
- [488]-noshm option. Performance will be somewhat degraded but when
+ [494]-noshm option. Performance will be somewhat degraded but when
done over local machine sockets it should be acceptable (see an
- [489]earlier question discussing -noshm.)
+ [495]earlier question discussing -noshm.)
- Q-70: How can I make x11vnc use less system resources?
+ Q-71: How can I make x11vnc use less system resources?
- The [490]-nap (now on by default; use -nonap to disable) and
- "[491]-wait n" (where n is the sleep between polls in milliseconds,
+ The [496]-nap (now on by default; use -nonap to disable) and
+ "[497]-wait n" (where n is the sleep between polls in milliseconds,
the default is 30 or so) option are good places to start. In addition,
- something like "[492]-sb 15" will cause x11vnc to go into a deep-sleep
+ something like "[498]-sb 15" will cause x11vnc to go into a deep-sleep
mode after 15 seconds of no activity (instead of the default 60.)
Reducing the X server bits per pixel depth (e.g. to 16bpp or even
8bpp) will further decrease memory I/O and network I/O. The ShadowFB X
server setting will make x11vnc's screen polling less severe. Using
- the [493]-onetile option will use less memory and use fewer shared
- memory slots (add [494]-fs 1.0 for one less slot.)
+ the [499]-onetile option will use less memory and use fewer shared
+ memory slots (add [500]-fs 1.0 for one less slot.)
- Q-71: How can I make x11vnc use MORE system resources?
+ Q-72: How can I make x11vnc use MORE system resources?
- You can try [495]-threads (note this mode can be unstable and/or
+ You can try [501]-threads (note this mode can be unstable and/or
crash; and as of May/2008 is strongly discouraged, see the option
description) or dial down the wait time (e.g. -wait 1) and possibly
- dial down [496]-defer as well. Note that if you try to increase the
+ dial down [502]-defer as well. Note that if you try to increase the
"frame rate" too much you can bog down the server end with the extra
work it needs to do compressing the framebuffer data, etc.
That said, it is possible to "stream" video via x11vnc if the video
window is small enough. E.g. a 256x192 xawtv TV capture window (using
- the x11vnc [497]-id option) can be streamed over a LAN or wireless at
+ the x11vnc [503]-id option) can be streamed over a LAN or wireless at
a reasonable frame rate. If the graphics card's framebuffer read rate
- is [498]faster than normal then the video window size and frame rate
- can be much higher. The use of [499]TurboVNC and/or TurboJPEG can make
+ is [504]faster than normal then the video window size and frame rate
+ can be much higher. The use of [505]TurboVNC and/or TurboJPEG can make
the frame rate somewhat higher still (but most of this hinges on the
graphics card's read rate.)
- Q-72: I use x11vnc over a slow link with high latency (e.g. dialup
+ Q-73: I use x11vnc over a slow link with high latency (e.g. dialup
modem or broadband), is there anything I can do to speed things up?
Some things you might want to experiment with (many of which will help
@@ -5937,7 +6034,7 @@ ied)
* Use a smaller desktop size (e.g. 1024x768 instead of 1280x1024)
* Make sure the desktop background is a solid color (the background
is resent every time it is re-exposed.) Consider using the
- [500]-solid [color] option to try to do this automatically.
+ [506]-solid [color] option to try to do this automatically.
* Configure your window manager or desktop "theme" to not use fancy
images, shading, and gradients for the window decorations, etc.
Disable window animations, etc. Maybe your desktop has a "low
@@ -5946,9 +6043,9 @@ ied)
-> Use Smooth Scrolling (deselect it.)
* Avoid small scrolls of large windows using the Arrow keys or
scrollbar. Try to use PageUp/PageDown instead. (not so much of a
- problem in x11vnc 0.7.2 if [501]-scrollcopyrect is active and
+ problem in x11vnc 0.7.2 if [507]-scrollcopyrect is active and
detecting scrolls for the application.)
- * If the [502]-wireframe option is not available (earlier than
+ * If the [508]-wireframe option is not available (earlier than
x11vnc 0.7.2 or you have disabled it via -nowireframe) then
Disable Opaque Moves and Resizes in the window manager/desktop.
* However if -wireframe is active (on by default in x11vnc 0.7.2)
@@ -5971,7 +6068,7 @@ ied)
noticed.
VNC viewer parameters:
- * Use a [503]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer
+ * Use a [509]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer
with ZRLE encoding is not too bad either; some claim it is
faster.)
* Make sure the tight (or zrle) encoding is being used (look at
@@ -5979,7 +6076,7 @@ ied)
* Request 8 bits per pixel using -bgr233 (up to 4X speedup over
depth 24 TrueColor (32bpp), but colors will be off)
* RealVNC 4.x viewer has some extremely low color modes (only 64 and
- even 8 colors.) [504]SSVNC does too. The colors are poor, but it
+ even 8 colors.) [510]SSVNC does too. The colors are poor, but it
is usually noticeably faster than bgr233 (256 colors.)
* Try increasing the TightVNC -compresslevel (compresses more on
server side before sending, but uses more CPU)
@@ -5993,39 +6090,39 @@ ied)
file.
x11vnc parameters:
- * Make sure the [505]-wireframe option is active (it should be on by
+ * Make sure the [511]-wireframe option is active (it should be on by
default) and you have Opaque Moves/Resizes Enabled in the window
manager.
- * Make sure the [506]-scrollcopyrect option is active (it should be
+ * Make sure the [512]-scrollcopyrect option is active (it should be
on by default.) This detects scrolls in many (but not all)
applications an applies the CopyRect encoding for a big speedup.
* Enforce a solid background when VNC viewers are connected via
- [507]-solid
- * Try x11vnc's client-side caching [508]client-side caching scheme:
- [509]-ncache
- * Specify [510]-speeds modem to force the wireframe and
+ [513]-solid
+ * Try x11vnc's client-side caching [514]client-side caching scheme:
+ [515]-ncache
+ * Specify [516]-speeds modem to force the wireframe and
scrollcopyrect heuristic parameters (and any future ones) to those
of a dialup modem connection (or supply the rd,bw,lat numerical
values that characterize your link.)
* If wireframe and scrollcopyrect aren't working, try using the more
- drastic [511]-nodragging (no screen updates when dragging mouse,
+ drastic [517]-nodragging (no screen updates when dragging mouse,
but sometimes you miss visual feedback)
- * Set [512]-fs 1.0 (disables fullscreen updates)
- * Try increasing [513]-wait or [514]-defer (reduces the maximum
+ * Set [518]-fs 1.0 (disables fullscreen updates)
+ * Try increasing [519]-wait or [520]-defer (reduces the maximum
"frame rate", but won't help much for large screen changes)
- * Try the [515]-progressive pixelheight mode with the block
+ * Try the [521]-progressive pixelheight mode with the block
pixelheight 100 or so (delays sending vertical blocks since they
may change while viewer is receiving earlier ones)
- * If you just want to watch one (simple) window use [516]-id or
- [517]-appshare (cuts down extraneous polling and updates, but can
+ * If you just want to watch one (simple) window use [522]-id or
+ [523]-appshare (cuts down extraneous polling and updates, but can
be buggy or insufficient)
- * Set [518]-nosel (disables all clipboard selection exchange)
- * Use [519]-nocursor and [520]-nocursorpos (repainting the remote
+ * Set [524]-nosel (disables all clipboard selection exchange)
+ * Use [525]-nocursor and [526]-nocursorpos (repainting the remote
cursor position and shape takes resources and round trips)
* On very slow links (e.g. <= 28.8) you may need to increase the
- [521]-readtimeout n setting if it sometimes takes more than 20sec
+ [527]-readtimeout n setting if it sometimes takes more than 20sec
to paint the full screen, etc.
- * Do not use [522]-fixscreen to automatically refresh the whole
+ * Do not use [528]-fixscreen to automatically refresh the whole
screen, tap three Alt_L's then the screen has painting errors
(rare problem.)
@@ -6076,7 +6173,7 @@ ied)
* TBD.
- Q-73: Does x11vnc support the X DAMAGE Xserver extension to find
+ Q-74: Does x11vnc support the X DAMAGE Xserver extension to find
modified regions of the screen quickly and efficiently?
Yes, as of Mar/2005 x11vnc will use the X DAMAGE extension by default
@@ -6094,7 +6191,7 @@ ied)
Note that the DAMAGE extension does not speed up the actual reading of
pixels from the video card framebuffer memory, by, say, mirroring them
- in main memory. So reading the fb is still painfully [523]slow (e.g.
+ in main memory. So reading the fb is still painfully [529]slow (e.g.
5MB/sec), and so even using X DAMAGE when large changes occur on the
screen the bulk of the time is still spent retrieving them. Not ideal,
but use of the ShadowFB XFree86/Xorg option speeds up the reading
@@ -6112,45 +6209,45 @@ ied)
DAMAGE rectangles to contain real damage. The larger rectangles are
only used as hints to focus the traditional scanline polling (i.e. if
a scanline doesn't intersect a recent DAMAGE rectangle, the scan is
- skipped.) You can use the "[524]-xd_area A" option to adjust the size
+ skipped.) You can use the "[530]-xd_area A" option to adjust the size
of the trusted DAMAGE rectangles. The default is 20000 pixels (e.g. a
140x140 square, etc.) Use "-xd_area 0" to disable the cutoff and trust
all DAMAGE rectangles.
- The option "[525]-xd_mem f" may also be of use in tuning the
- algorithm. To disable using DAMAGE entirely use "[526]-noxdamage".
+ The option "[531]-xd_mem f" may also be of use in tuning the
+ algorithm. To disable using DAMAGE entirely use "[532]-noxdamage".
- Q-74: My OpenGL application shows no screen updates unless I supply
+ Q-75: My OpenGL application shows no screen updates unless I supply
the -noxdamage option to x11vnc.
One user reports in his environment (MythTV using the NVIDIA OpenGL
drivers) he gets no updates after the initial screen is drawn unless
- he uses the "[527]-noxdamage" option.
+ he uses the "[533]-noxdamage" option.
This seems to be a bug in the X DAMAGE implementation of that driver.
You may have to use -noxdamage as well. A way to autodetect this will
be tried, probably the best it will do is automatically stop using X
DAMAGE.
- A developer for [528]MiniMyth reports that the 'alphapulse' tag of the
+ A developer for [534]MiniMyth reports that the 'alphapulse' tag of the
theme G.A.N.T. can also cause problems, and should be avoided when
using VNC.
- Update: see [529]this FAQ too.
+ Update: see [535]this FAQ too.
- Q-75: When I drag windows around with the mouse or scroll up and down
+ Q-76: When I drag windows around with the mouse or scroll up and down
things really bog down (unless I do the drag in a single, quick
motion.) Is there anything to do to improve things?
- This problem is primarily due to [530]slow hardware read rates from
+ This problem is primarily due to [536]slow hardware read rates from
video cards: as you scroll or move a large window around the screen
changes are much too rapid for x11vnc to keep up them (it can usually
only read the video card at about 5-10 MB/sec, so it can take a good
fraction of a second to read the changes induce from moving a large
window, if this to be done a number of times in succession the window
or scroll appears to "lurch" forward.) See the description in the
- [531]-pointer_mode option for more info. The next bottleneck is
+ [537]-pointer_mode option for more info. The next bottleneck is
compressing all of these changes and sending them out to connected
viewers, however the VNC protocol is pretty much self-adapting with
respect to that (updates are only packaged and sent when viewers ask
@@ -6160,27 +6257,27 @@ ied)
default should now be much better than before and dragging small
windows around should no longer be a huge pain. If for some reason
these changes make matters worse, you can go back to the old way via
- the "[532]-pointer_mode 1" option.
+ the "[538]-pointer_mode 1" option.
- Also added was the [533]-nodragging option that disables all screen
+ Also added was the [539]-nodragging option that disables all screen
updates while dragging with the mouse (i.e. mouse motion with a button
held down.) This gives the snappiest response, but might be undesired
in some circumstances when you want to see the visual feedback while
dragging (e.g. menu traversal or text selection.)
- As of Dec/2004 the [534]-pointer_mode n option was introduced. n=1 is
+ As of Dec/2004 the [540]-pointer_mode n option was introduced. n=1 is
the original mode, n=2 an improvement, etc.. See the -pointer_mode n
help for more info.
- Also, in some circumstances the [535]-threads option can improve
+ Also, in some circumstances the [541]-threads option can improve
response considerably. Be forewarned that if more than one vncviewer
is connected at the same time then libvncserver may not be thread safe
(try to get the viewers to use different VNC encodings, e.g. tight and
ZRLE.) This option can be unstable and so as of Feb/2008 it is
disabled by default. Set env. X11VNC_THREADED=1 to re-enable.
- As of Apr/2005 two new options (see the [536]wireframe FAQ and
- [537]scrollcopyrect FAQ below) provide schemes to sweep this problem
+ As of Apr/2005 two new options (see the [542]wireframe FAQ and
+ [543]scrollcopyrect FAQ below) provide schemes to sweep this problem
under the rug for window moves or resizes and for some (but not all)
window scrolls. These are the preferred way of avoiding the "lurching"
problem, contact me if they are not working. Note on SuSE and some
@@ -6193,7 +6290,7 @@ Section "Module"
EndSection
- Q-76: Why not do something like wireframe animations to avoid the
+ Q-77: Why not do something like wireframe animations to avoid the
windows "lurching" when being moved or resized?
Nice idea for a hack! As of Apr/2005 x11vnc by default will apply
@@ -6204,8 +6301,8 @@ EndSection
the window move/resize stops, it returns to normal processing: you
should only see the window appear in the new position. This spares you
from interacting with a "lurching" window between all of the
- intermediate steps. BTW the lurching is due to [538]slow video card
- read rates (see [539]here too.) A displacement, even a small one, of a
+ intermediate steps. BTW the lurching is due to [544]slow video card
+ read rates (see [545]here too.) A displacement, even a small one, of a
large window requires a non-negligible amount of time, a good fraction
of a second, to read in from the hardware framebuffer.
@@ -6213,7 +6310,7 @@ EndSection
for -wireframe to do any good.
The mode is currently on by default because most people are afflicted
- with the problem. It can be disabled with the [540]-nowireframe option
+ with the problem. It can be disabled with the [546]-nowireframe option
(aka -nowf.) Why might one want to turn off the wireframing? Since
x11vnc is merely guessing when windows are being moved/resized, it may
guess poorly for your window-manager or desktop, or even for the way
@@ -6259,13 +6356,13 @@ EndSection
* Maximum time to show a wireframe animation.
* Minimum time between sending wireframe outlines.
- See the [541]"-wireframe tweaks" option for more details. On a slow
+ See the [547]"-wireframe tweaks" option for more details. On a slow
link, e.g. dialup modem, the parameters may be automatically adjusted
for better response.
CopyRect encoding: In addition to the above there is the
- [542]"-wirecopyrect mode" option. It is also on by default. This
+ [548]"-wirecopyrect mode" option. It is also on by default. This
instructs x11vnc to not only show the wireframe animation, but to also
instruct all connected VNC viewers to locally translate the window
image data from the original position to the new position on the
@@ -6296,7 +6393,7 @@ EndSection
-nowirecopyrect if this or other painting errors are unacceptable.
- Q-77: Can x11vnc try to apply heuristics to detect when a window is
+ Q-78: Can x11vnc try to apply heuristics to detect when a window is
scrolling its contents and use the CopyRect encoding for a speedup?
Another nice idea for a hack! As of May/2005 x11vnc will by default
@@ -6313,7 +6410,7 @@ EndSection
requiring the image data to be transmitted over the network. For fast
links the speedup is primarily due to x11vnc not having to read the
scrolled framebuffer data from the X server (recall that reading from
- the hardware framebuffer is [543]slow.)
+ the hardware framebuffer is [549]slow.)
To do this x11vnc uses the RECORD X extension to snoop the X11
protocol between the X client with the focus window and the X server.
@@ -6340,10 +6437,10 @@ EndSection
the X server display: if one falls too far behind it could become a
mess...
- The initial implementation of [544]-scrollcopyrect option is useful in
+ The initial implementation of [550]-scrollcopyrect option is useful in
that it detects many scrolls and thus gives a much nicer working
- environment (especially when combined with the [545]-wireframe
- [546]-wirecopyrect [547]options, which are also on by default; and if
+ environment (especially when combined with the [551]-wireframe
+ [552]-wirecopyrect [553]options, which are also on by default; and if
you are willing to enable the ShadowFB things are very fast.) The fact
that there aren't long delays or lurches during scrolling is the
primary improvement.
@@ -6376,10 +6473,10 @@ EndSection
One can tap the Alt_L key (Left "Alt" key) 3 times in a row to
signal x11vnc to refresh the screen to all viewers. Your
VNC-viewer may have its own screen refresh hot-key or button. See
- also: [548]-fixscreen
+ also: [554]-fixscreen
* Some applications, notably OpenOffice, do XCopyArea scrolls in
weird ways that assume ancestor window clipping is taking place.
- See the [549]-scr_skip option for ways to tweak this on a
+ See the [555]-scr_skip option for ways to tweak this on a
per-application basis.
* Selecting text while dragging the mouse may be slower, especially
if the Button-down event happens near the window's edge. This is
@@ -6396,7 +6493,7 @@ EndSection
because it fails to detect scrolls in it. Sometimes clicking
inside the application window or selecting some text in it to
force the focus helps.
- * When using the [550]-scale option there will be a quick CopyRect
+ * When using the [556]-scale option there will be a quick CopyRect
scroll, but it needs to be followed by a slower "cleanup" update.
This is because for a fixed finite screen resolution (e.g. 75 dpi)
scaling and copyrect-ing are not exactly independent. Scaling
@@ -6409,7 +6506,7 @@ EndSection
If you find the -scrollcopyrect behavior too approximate or
distracting you can go back to the standard polling-only update method
- with the [551]-noscrollcopyrect (or -noscr for short.) If you find
+ with the [557]-noscrollcopyrect (or -noscr for short.) If you find
some extremely bad and repeatable behavior for -scrollcopyrect please
report a bug.
@@ -6430,13 +6527,13 @@ EndSection
errors.
- Q-78: Can x11vnc do client-side caching of pixel data? I.e. so when
+ Q-79: Can x11vnc do client-side caching of pixel data? I.e. so when
that pixel data is needed again it does not have to be retransmitted
over the network.
- As of Dec/2006 in the [552]0.9 development tarball there is an
+ As of Dec/2006 in the [558]0.9 development tarball there is an
experimental client-side caching implementation enabled by the
- "[553]-ncache n" option. In fact, during the test period it was on by
+ "[559]-ncache n" option. In fact, during the test period it was on by
default with n set to 10. To disable it use "-noncache".
It is a simple scheme where a (very large) lower portion of the
@@ -6463,7 +6560,7 @@ EndSection
there is a bug: you can scroll down in your viewer and see a strange
"history" of windows on your desktop. This is working as intended. One
will need to try to adjust the size of his VNC Viewer window so the
- cache area cannot be seen. [554]SSVNC (see below) can do this
+ cache area cannot be seen. [560]SSVNC (see below) can do this
automatically.
At some point LibVNCServer may implement a "rfbFBCrop" pseudoencoding
@@ -6473,7 +6570,7 @@ EndSection
rendering...)
The Enhanced TightVNC Viewer (SSVNC) Unix viewer has a nice
- [555]-ycrop option to help hide the pixel cache area from view. It
+ [561]-ycrop option to help hide the pixel cache area from view. It
will turn on automatically if the framebuffer appears to be very tall
(height more than twice the width), or you can supply the actual value
for the height. If the screen is resized by scaling, etc, the ycrop
@@ -6504,7 +6601,7 @@ EndSection
an additional factor of 2 in memory use.
However, even in the smallest usage mode with n equal 2 and
- [556]-ncache_no_rootpixmap set (this requires only 2X additional
+ [562]-ncache_no_rootpixmap set (this requires only 2X additional
framebuffer memory) there is still a noticable improvement for many
activities, although it is not as dramatic as with, say n equal 12 and
rootpixmap (desktop background) caching enabled.
@@ -6515,7 +6612,7 @@ EndSection
be tuned to use less, or the VNC community will extend the protocol to
allow caching and replaying of compressed blobs of data.
- Another option to experiment with is "[557]-ncache_cr". By specifying
+ Another option to experiment with is "[563]-ncache_cr". By specifying
it, x11vnc will try to do smooth opaque window moves instead of its
wireframe. This can give a very nice effect (note: on Unix the realvnc
viewer seems to be smoother than the tightvnc viewer), but can lead to
@@ -6568,28 +6665,28 @@ EndSection
improving VNC performance by client side caching.
- Q-79: Does x11vnc support TurboVNC?
+ Q-80: Does x11vnc support TurboVNC?
As of Feb/2009 (development tarball) there is an experimental kludge
to let you build x11vnc using TurboVNC's modified TightVNC encoding.
- [558]TurboVNC is part of the [559]VirtualGL project. It does two main
+ [564]TurboVNC is part of the [565]VirtualGL project. It does two main
things to speed up the TightVNC encoding:
* It eliminates bottlenecks, overheads, wait-times in the TightVNC
encoding implementation and instead only worries about sending
very well (and quickly) compressed JPEG data.
* A fast proprietary JPEG implemention is used (Intel IPP on x86)
- instead of the usual libjpeg implementation. [560]TurboJPEG is an
+ instead of the usual libjpeg implementation. [566]TurboJPEG is an
interface library, libturbojpeg, provided by the project that
achieves this.
TurboVNC works very well over LAN and evidently fast Broadband too.
When using it with x11vnc in such a situation you may want to dial
- down the delays, e.g. "[561]-wait 5" and "[562]-defer 5" (or even a
+ down the delays, e.g. "[567]-wait 5" and "[568]-defer 5" (or even a
smaller setting) to poll and pump things out more quickly.
See the instructions in "x11vnc/misc/turbovnc/README" for how to build
x11vnc with TurboVNC support. You will also need to download the
- [563]TurboJPEG software.
+ [569]TurboJPEG software.
In brief, the steps look like this:
cd x11vnc-x.y.z/x11vnc/misc/turbovnc
@@ -6601,22 +6698,22 @@ EndSection
where you replace "/DIR" with the directory containing libturbojpeg.so
you downloaded separately. If it works out well enough TurboVNC
support will be integrated into x11vnc and more of its tuning features
- will be implemented. Support for TurboVNC in [564]SSVNC viewer has
+ will be implemented. Support for TurboVNC in [570]SSVNC viewer has
been added as an experiment as well. If you try either one, let us
know how it went.
There also may be some Linux.i686 and Darwin.i386 x11vnc binaries with
- TurboVNC support in the [565]misc. bins directory. For other platforms
+ TurboVNC support in the [571]misc. bins directory. For other platforms
you will need to compile yourself.
On relatively cheap and old hardware (Althon64 X2 5000+ / GeForce
- 6200) x11vnc and [566]SSVNC, both TurboVNC enabled, were able to
+ 6200) x11vnc and [572]SSVNC, both TurboVNC enabled, were able to
sustain 13.5 frames/sec (fps) and 15 Megapixels/sec using the
VirtualGL supplied OpenGL benchmark program glxspheres. VirtualGL on
- higher-end hardware can sustain [567]20-30 fps with the glxspheres
+ higher-end hardware can sustain [573]20-30 fps with the glxspheres
benchmark.
- Potential Slowdown: As we describe [568]elsewhere, unless you use
+ Potential Slowdown: As we describe [574]elsewhere, unless you use
x11vnc with an X server using, say, NVidia proprietary drivers (or a
virtual X server like Xvfb or Xdummy, or in ShadowFB mode), then the
read rate from the graphics card can be rather slow (e.g. 10 MB/sec)
@@ -6641,7 +6738,7 @@ EndSection
[Mouse Cursor Shapes]
- Q-80: Why isn't the mouse cursor shape (the little icon shape where
+ Q-81: Why isn't the mouse cursor shape (the little icon shape where
the mouse pointer is) correct as I move from window to window?
On X servers supporting XFIXES or Solaris/IRIX Overlay extensions it
@@ -6656,23 +6753,23 @@ EndSection
this is because the cursor shape is often downloaded to the graphics
hardware (video card), but I could be mistaken.
- A simple kludge is provided by the "[569]-cursor X" option that
+ A simple kludge is provided by the "[575]-cursor X" option that
changes the cursor when the mouse is on the root background (or any
window has the same cursor as the root background.) Note that desktops
like GNOME or KDE often cover up the root background, so this won't
- work for those cases. Also see the "[570]-cursor some" option for
+ work for those cases. Also see the "[576]-cursor some" option for
additional kludges.
Note that as of Aug/2004 on Solaris using the SUN_OVL overlay
extension and IRIX, x11vnc can show the correct mouse cursor when the
- [571]-overlay option is supplied. See [572]this FAQ for more info.
+ [577]-overlay option is supplied. See [578]this FAQ for more info.
Also as of Dec/2004 XFIXES X extension support has been added to allow
exact extraction of the mouse cursor shape. XFIXES fixes the problem
of the cursor-shape being write-only: x11vnc can now query the X
server for the current shape and send it back to the connected
viewers. XFIXES is available on recent Linux Xorg based distros and
- [573]Solaris 10.
+ [579]Solaris 10.
The only XFIXES issue is the handling of alpha channel transparency in
cursors. If a cursor has any translucency then in general it must be
@@ -6680,10 +6777,10 @@ EndSection
situations where the cursor transparency can also handled exactly:
when the VNC Viewer requires the cursor shape be drawn into the VNC
framebuffer or if you apply a patch to your VNC Viewer to extract
- hidden alpha channel data under 32bpp. [574]Details can be found here.
+ hidden alpha channel data under 32bpp. [580]Details can be found here.
- Q-81: When using XFIXES cursorshape mode, some of the cursors look
+ Q-82: When using XFIXES cursorshape mode, some of the cursors look
really bad with extra black borders around the cursor and other cruft.
How can I improve their appearance?
@@ -6713,17 +6810,17 @@ EndSection
for most cursor themes and you don't have to worry about it.
In case it still looks bad for your cursor theme, there are (of
- course!) some tunable parameters. The "[575]-alphacut n" option lets
+ course!) some tunable parameters. The "[581]-alphacut n" option lets
you set the threshold "n" (between 0 and 255): cursor pixels with
alpha values below n will be considered completely transparent while
values equal to or above n will be completely opaque. The default is
- 240. The "[576]-alphafrac f" option tries to correct individual
+ 240. The "[582]-alphafrac f" option tries to correct individual
cursors that did not fare well with the default -alphacut value: if a
cursor has less than fraction f (between 0.0 and 1.0) of its pixels
selected by the default -alphacut, the threshold is lowered until f of
its pixels are selected. The default fraction is 0.33.
- Finally, there is an option [577]-alpharemove that is useful for
+ Finally, there is an option [583]-alpharemove that is useful for
themes where many cursors are light colored (e.g. "whiteglass".)
XFIXES returns the cursor data with the RGB values pre-multiplied by
the alpha value. If the white cursors look too grey, specify
@@ -6741,7 +6838,7 @@ EndSection
heavily on redglass) look fine with the apparent default of alphacut:255.
- Q-82: In XFIXES mode, are there any hacks to handle cursor
+ Q-83: In XFIXES mode, are there any hacks to handle cursor
transparency ("alpha channel") exactly?
As of Jan/2005 libvncserver has been modified to allow an alpha
@@ -6749,10 +6846,10 @@ EndSection
alpha channel data to libvncserver. However, this data will only be
used for VNC clients that do not support the CursorShapeUpdates VNC
extension (or have disabled it.) It can be disabled for all clients
- with the [578]-nocursorshape x11vnc option. In this case the cursor is
+ with the [584]-nocursorshape x11vnc option. In this case the cursor is
drawn, correctly blended with the background, into the VNC framebuffer
before being sent out to the client. So the alpha blending is done on
- the x11vnc side. Use the [579]-noalphablend option to disable this
+ the x11vnc side. Use the [585]-noalphablend option to disable this
behavior (always approximate transparent cursors with opaque RGB
values.)
@@ -6776,17 +6873,17 @@ EndSection
example on how to change the Windows TightVNC viewer to achieve the
same thing (send me the patch if you get that working.)
- This patch is applied to the [580]Enhanced TightVNC Viewer (SSVNC)
+ This patch is applied to the [586]Enhanced TightVNC Viewer (SSVNC)
package we provide.
[Mouse Pointer]
- Q-83: Why does the mouse arrow just stay in one corner in my
+ Q-84: Why does the mouse arrow just stay in one corner in my
vncviewer, whereas my cursor (that does move) is just a dot?
- This default takes advantage of a [581]tightvnc extension
+ This default takes advantage of a [587]tightvnc extension
(CursorShapeUpdates) that allows specifying a cursor image shape for
- the local VNC viewer. You may disable it with the [582]-nocursor
+ the local VNC viewer. You may disable it with the [588]-nocursor
option to x11vnc if your viewer does not have this extension.
Note: as of Aug/2004 this should be fixed: the default for
@@ -6795,22 +6892,22 @@ EndSection
can also be disabled via -nocursor.
- Q-84: Can I take advantage of the TightVNC extension to the VNC
+ Q-85: Can I take advantage of the TightVNC extension to the VNC
protocol where Cursor Positions Updates are sent back to all connected
clients (i.e. passive viewers can see the mouse cursor being moved
around by another viewer)?
- Use the [583]-cursorpos option when starting x11vnc. A VNC viewer must
+ Use the [589]-cursorpos option when starting x11vnc. A VNC viewer must
support the Cursor Positions Updates for the user to see the mouse
motions (the TightVNC viewers support this.) As of Aug/2004 -cursorpos
- is the default. See also [584]-nocursorpos and [585]-nocursorshape.
+ is the default. See also [590]-nocursorpos and [591]-nocursorshape.
- Q-85: Is it possible to swap the mouse buttons (e.g. left-handed
+ Q-86: Is it possible to swap the mouse buttons (e.g. left-handed
operation), or arbitrarily remap them? How about mapping button clicks
to keystrokes, e.g. to partially emulate Mouse wheel scrolling?
- You can remap the mouse buttons via something like: [586]-buttonmap
+ You can remap the mouse buttons via something like: [592]-buttonmap
13-31 (or perhaps 12-21.) Also, note that xmodmap(1) lets you directly
adjust the X server's button mappings, but in some circumstances it
might be more desirable to have x11vnc do it.
@@ -6818,7 +6915,7 @@ EndSection
One user had an X server with only one mouse button(!) and was able to
map all of the VNC client mouse buttons to it via: -buttonmap 123-111.
- Note that the [587]-debug_pointer option prints out much info for
+ Note that the [593]-debug_pointer option prints out much info for
every mouse/pointer event and is handy in solving problems.
To map mouse button clicks to keystrokes you can use the alternate
@@ -6840,7 +6937,7 @@ EndSection
Exactly what keystroke "scrolling" events they should be bound to
depends on one's taste. If this method is too approximate, one could
- consider not using [588]-buttonmap but rather configuring the X server
+ consider not using [594]-buttonmap but rather configuring the X server
to think it has a mouse with 5 buttons even though the physical mouse
does not. (e.g. 'Option "ZAxisMapping" "4 5"'.)
@@ -6867,10 +6964,10 @@ EndSection
"click" usually gives a multi-line scroll.)
[Keyboard Issues]
- Q-86: How can I get my AltGr and Shift modifiers to work between
+ Q-87: How can I get my AltGr and Shift modifiers to work between
keyboards for different languages?
- The option [589]-modtweak should help here. It is a mode that monitors
+ The option [595]-modtweak should help here. It is a mode that monitors
the state of the Shift and AltGr Modifiers and tries to deduce the
correct keycode to send, possibly by sending fake modifier key presses
and releases in addition to the actual keystroke.
@@ -6879,25 +6976,25 @@ EndSection
to get the old behavior.) This was done because it was noticed on
newer XFree86 setups even on bland "us" keyboards like "pc104 us"
XFree86 included a "ghost" key with both "<" and ">" it. This key does
- not exist on the keyboard (see [590]this FAQ for more info.) Without
+ not exist on the keyboard (see [596]this FAQ for more info.) Without
-modtweak there was then an ambiguity in the reverse map keysym =>
keycode, making it so the "<" symbol could not be typed.
- Also see the [591]FAQ about the -xkb option for a more powerful method
+ Also see the [597]FAQ about the -xkb option for a more powerful method
of modifier tweaking for use on X servers with the XKEYBOARD
extension.
When trying to resolve keyboard mapping problems, note that the
- [592]-debug_keyboard option prints out much info for every keystroke
+ [598]-debug_keyboard option prints out much info for every keystroke
and so can be useful debugging things.
Note that one user had a strange setup and none of the above helped.
- His solution was to disable all of the above and use [593]-nomodtweak.
+ His solution was to disable all of the above and use [599]-nomodtweak.
This is the simplest form of keystroke insertion and it actually
solved the problem. Try it if the other options don't help.
- Q-87: When I try to type a "<" (i.e. less than) instead I get ">"
+ Q-88: When I try to type a "<" (i.e. less than) instead I get ">"
(i.e. greater than)! Strangely, typing ">" works OK!!
Does your keyboard have a single key with both "<" and ">" on it? Even
@@ -6905,9 +7002,9 @@ EndSection
(e.g. pc105 in the XF86Config file when it should be something else,
say pc104.)
- Short Cut: Try the [594]-xkb or [595]-sloppy_keys options and see if
+ Short Cut: Try the [600]-xkb or [601]-sloppy_keys options and see if
that helps the situation. The discussion below is a bit outdated (e.g.
- [596]-modtweak is now the default) but it is useful reference for
+ [602]-modtweak is now the default) but it is useful reference for
various tricks and so is kept.
@@ -6950,25 +7047,25 @@ EndSection
-remap less-comma
These are convenient in that they do not modify the actual X server
- settings. The former ([597]-modtweak) is a mode that monitors the
+ settings. The former ([603]-modtweak) is a mode that monitors the
state of the Shift and AltGr modifiers and tries to deduce the correct
keycode sequence to send. Since Jul/2004 -modtweak is now the default.
- The latter ([598]-remap less-comma) is an immediate remapping of the
+ The latter ([604]-remap less-comma) is an immediate remapping of the
keysym less to the keysym comma when it comes in from a client (so
when Shift is down the comma press will yield "<".)
- See also the [599]FAQ about the -xkb option as a possible workaround
+ See also the [605]FAQ about the -xkb option as a possible workaround
using the XKEYBOARD extension.
- Note that the [600]-debug_keyboard option prints out much info for
+ Note that the [606]-debug_keyboard option prints out much info for
every keystroke to aid debugging keyboard problems.
- Q-88: Extra Character Inserted, E.g.: When I try to type a "<" (i.e.
+ Q-89: Extra Character Inserted, E.g.: When I try to type a "<" (i.e.
less than) instead I get "<," (i.e. an extra comma.)
This is likely because you press "Shift" then "<" but then released
- the Shift key before releasing the "<". Because of a [601]keymapping
+ the Shift key before releasing the "<". Because of a [607]keymapping
ambiguity the last event "< up" is interpreted as "," because that key
unshifted is the comma.
@@ -6976,16 +7073,16 @@ EndSection
characters: in general it can happen whenever the Shift key is
released early.
- This should not happen in [602]-xkb mode, because it works hard to
+ This should not happen in [608]-xkb mode, because it works hard to
resolve the ambiguities. If you do not want to use -xkb, try the
- option [603]-sloppy_keys to attempt a similar type of algorithm.
+ option [609]-sloppy_keys to attempt a similar type of algorithm.
One user had this problem for Italian and German keyboards with the
key containing ":" and "." When he typed ":" he would get an extra "."
inserted after the ":". The solution was -sloppy_keys.
- Q-89: I'm using an "international" keyboard (e.g. German "de", or
+ Q-90: I'm using an "international" keyboard (e.g. German "de", or
Danish "dk") and the -modtweak mode works well if the VNC viewer is
run on a Unix/Linux machine with a similar keyboard. But if I run
the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or
@@ -7006,7 +7103,7 @@ EndSection
In both cases no AltGr is sent to the VNC server, but we know AltGr is
needed on the physical international keyboard to type a "@".
- This all worked fine with x11vnc running with the [604]-modtweak
+ This all worked fine with x11vnc running with the [610]-modtweak
option (it figures out how to adjust the Modifier keys (Shift or
AltGr) to get the "@".) However it fails under recent versions of
XFree86 (and the X.org fork.) These run the XKEYBOARD extension by
@@ -7023,7 +7120,7 @@ EndSection
* there is a new option -xkb to use the XKEYBOARD extension API to
do the Modifier key tweaking.
- The [605]-xkb option seems to fix all of the missing keys: "@", "<",
+ The [611]-xkb option seems to fix all of the missing keys: "@", "<",
">", etc.: it is recommended that you try it if you have this sort of
problem. Let us know if there are any remaining problems (see the next
paragraph for some known problems.) If you specify the -debug_keyboard
@@ -7031,7 +7128,7 @@ EndSection
debugging output (send it along with any problems you report.)
Update: as of Jun/2005 x11vnc will try to automatically enable
- [606]-xkb if it appears that would be beneficial (e.g. if it sees any
+ [612]-xkb if it appears that would be beneficial (e.g. if it sees any
of "@", "<", ">", "[" and similar keys are mapped in a way that needs
the -xkb to access them.) To disable this automatic check use -noxkb.
@@ -7046,7 +7143,7 @@ EndSection
was attached to keycode 93 (no physical key generates this
keycode) while ISO_Level3_Shift was attached to keycode 113. The
keycode skipping option was used to disable the ghost key:
- [607]-skip_keycodes 93
+ [613]-skip_keycodes 93
* In implementing -xkb we noticed that some characters were still
not getting through, e.g. "~" and "^". This is not really an
XKEYBOARD problem. What was happening was the VNC viewer was
@@ -7064,16 +7161,16 @@ EndSection
What to do? In general the VNC protocol has not really solved this
problem: what should be done if the VNC viewer sends a keysym not
recognized by the VNC server side? Workarounds can possibly be
- created using the [608]-remap x11vnc option:
+ created using the [614]-remap x11vnc option:
-remap asciitilde-dead_tilde,asciicircum-dead_circumflex
etc. Use -remap filename if the list is long. Please send us your
workarounds for this problem on your keyboard. Perhaps we can have
x11vnc adjust automatically at some point. Also see the
- [609]-add_keysyms option in the next paragraph.
- Update: for convenience "[610]-remap DEAD" does many of these
+ [615]-add_keysyms option in the next paragraph.
+ Update: for convenience "[616]-remap DEAD" does many of these
mappings at once.
- * To complement the above workaround using the [611]-remap, an
- option [612]-add_keysyms was added. This option instructs x11vnc
+ * To complement the above workaround using the [617]-remap, an
+ option [618]-add_keysyms was added. This option instructs x11vnc
to bind any unknown Keysyms coming in from VNC viewers to unused
Keycodes in the X server. This modifies the global state of the X
server. When x11vnc exits it removes the extra keymappings it
@@ -7084,7 +7181,7 @@ EndSection
disable.
- Q-90: When typing I sometimes get double, triple, or more of my
+ Q-91: When typing I sometimes get double, triple, or more of my
keystrokes repeated. I'm sure I only typed them once, what can I do?
This may be due to an interplay between your X server's key autorepeat
@@ -7092,7 +7189,7 @@ EndSection
Short answer: disable key autorepeating by running the command "xset r
off" on the Xserver where x11vnc is run (restore via "xset r on") or
- use the new (Jul/2004) [613]-norepeat x11vnc option. You will still
+ use the new (Jul/2004) [619]-norepeat x11vnc option. You will still
have autorepeating because that is taken care of on your VNC viewer
side.
@@ -7116,18 +7213,18 @@ EndSection
off", does the problem go away?
The workaround is to manually apply "xset r off" and "xset r on" as
- needed, or to use the [614]-norepeat (which has since Dec/2004 been
+ needed, or to use the [620]-norepeat (which has since Dec/2004 been
made the default.) Note that with X server autorepeat turned off the
VNC viewer side of the connection will (nearly always) do its own
autorepeating so there is no big loss here, unless someone is also
working at the physical display and misses his autorepeating.
- Q-91: The x11vnc -norepeat mode is in effect, but I still get repeated
+ Q-92: The x11vnc -norepeat mode is in effect, but I still get repeated
keystrokes!!
Are you using x11vnc to log in to an X session via display manager?
- (as described in [615]this FAQ) If so, x11vnc is starting before your
+ (as described in [621]this FAQ) If so, x11vnc is starting before your
session and it disables autorepeat when you connect, but then after
you log in your session startup (GNOME, KDE, ...) could be resetting
the autorepeat to be on. Or it could be something inside your desktop
@@ -7147,7 +7244,7 @@ EndSection
should figure out how to disable that somehow.
- Q-92: After using x11vnc for a while, I find that I cannot type some
+ Q-93: After using x11vnc for a while, I find that I cannot type some
(or any) characters or my mouse clicks and drags no longer have any
effect, or they lead to strange effects. What happened?
@@ -7188,11 +7285,11 @@ EndSection
desktop manages these "warps". If the viewer is not notified it cannot
know it needs to release the modifiers.
- You can also use the [616]-clear_mods option to try to clear all of
+ You can also use the [622]-clear_mods option to try to clear all of
the modifier keys at x11vnc startup. You will still have to be careful
that you do not leave the modifier key pressed down during your
session. It is difficult to prevent this problem from occurring (short
- of using [617]-remap to prevent sending all of the problem modifier
+ of using [623]-remap to prevent sending all of the problem modifier
keys, which would make the destkop pretty unusable.)
During a session these x11vnc remote control commands can also help:
@@ -7205,16 +7302,16 @@ EndSection
Num_Lock down. When these are locked on the remote side it can
sometimes lead to strange desktop behavior (e.g. cannot drag or click
on windows.) As above you may not notice this because the lock isn't
- down on the local (Viewer) side. See [618]this FAQ on lock keys
- problem. These options may help avoid the problem: [619]-skip_lockkeys
- and [620]-capslock. See also [621]-clear_all.
+ down on the local (Viewer) side. See [624]this FAQ on lock keys
+ problem. These options may help avoid the problem: [625]-skip_lockkeys
+ and [626]-capslock. See also [627]-clear_all.
- Q-93: The machine where I run x11vnc has an AltGr key, but the local
+ Q-94: The machine where I run x11vnc has an AltGr key, but the local
machine where I run the VNC viewer does not. Is there a way I can map
a local unused key to send an AltGr? How about a Compose key as well?
- Something like "[622]-remap Super_R-Mode_switch" x11vnc option may
+ Something like "[628]-remap Super_R-Mode_switch" x11vnc option may
work. Note that Super_R is the "Right Windoze(tm) Flaggie" key; you
may want to choose another. The -debug_keyboard option comes in handy
in finding keysym names (so does xev(1).)
@@ -7225,7 +7322,7 @@ EndSection
specify remappings from a file.
- Q-94: I have a Sun machine I run x11vnc on. Its Sun keyboard has just
+ Q-95: I have a Sun machine I run x11vnc on. Its Sun keyboard has just
one Alt key labelled "Alt" and two Meta keys labelled with little
diamonds. The machine where I run the VNC viewer only has Alt keys.
How can I send a Meta keypress? (e.g. emacs needs this)
@@ -7237,13 +7334,13 @@ EndSection
Since xmodmap(1) modifies the X server mappings you may not want to do
this (because it affects local work on that machine.) Something like
- the [623]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones
+ the [629]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones
needs, and does not modify the X server environment. Note that you
cannot send Alt_L in this case, maybe -remap Super_L-Meta_L would be a
better choice if the Super_L key is typically unused in Unix.
- Q-95: Running x11vnc on HP-UX I cannot type "#" I just get a "3"
+ Q-96: Running x11vnc on HP-UX I cannot type "#" I just get a "3"
instead.
One user reports this problem on HP-UX Rel_B.11.23. The problem was
@@ -7257,7 +7354,7 @@ EndSection
and similar triple mappings (with two in the AltGr/Mode_switch group)
of a keysum to a single keycode.
- Use the [624]-nomodtweak option as a workaround. You can also use
+ Use the [630]-nomodtweak option as a workaround. You can also use
xmodmap to correct these mappings in the server, e.g.:
xmodmap -e "keycode 47 = 3 numbersign"
@@ -7266,12 +7363,12 @@ EndSection
handle these mappings better.
- Q-96: Can I map a keystroke to a mouse button click on the remote
+ Q-97: Can I map a keystroke to a mouse button click on the remote
machine?
This can be done directly in some X servers using AccessX and
Pointer_EnableKeys, but is a bit awkward. It may be more convenient to
- have x11vnc do the remapping. This can be done via the [625]-remap
+ have x11vnc do the remapping. This can be done via the [631]-remap
option using the fake "keysyms" Button1, Button2, etc. as the "to"
keys (i.e. the ones after the "-")
@@ -7280,7 +7377,7 @@ EndSection
button "paste" because (using XFree86/Xorg Emulate3Buttons) you have
to click both buttons on the touch pad at the same time. This
remapping:
- [626]-remap Super_R-Button2
+ [632]-remap Super_R-Button2
maps the Super_R "flag" key press to the Button2 click, thereby making
X pasting a bit easier.
@@ -7289,7 +7386,7 @@ EndSection
are generated immediately on the x11vnc side. When the key is released
(i.e. goes up) no events are generated.
- Q-97: How can I get Caps_Lock to work between my VNC viewer and
+ Q-98: How can I get Caps_Lock to work between my VNC viewer and
x11vnc?
This is a little tricky because it is possible to get the Caps_Lock
@@ -7299,13 +7396,13 @@ EndSection
Caps_Lock in the viewer your local machine goes into the Caps_Lock on
state and sends keysym "A" say when you press "a". x11vnc will then
fake things up so that Shift is held down to generate "A". The
- [627]-skip_lockkeys option should help to accomplish this. For finer
- grain control use something like: "[628]-remap Caps_Lock-None".
+ [633]-skip_lockkeys option should help to accomplish this. For finer
+ grain control use something like: "[634]-remap Caps_Lock-None".
- Also try the [629]-nomodtweak and [630]-capslock options.
+ Also try the [635]-nomodtweak and [636]-capslock options.
Another useful option that turns off any Lock keys on the remote side
- at startup and end is the [631]-clear_all option. During a session you
+ at startup and end is the [637]-clear_all option. During a session you
can run these remote control commands to modify the Lock keys:
x11vnc -R clear_locks
x11vnc -R clear_all
@@ -7315,7 +7412,7 @@ EndSection
etc.)
[Screen Related Issues and Features]
- Q-98: The remote display is larger (in number of pixels) than the
+ Q-99: The remote display is larger (in number of pixels) than the
local display I am running the vncviewer on. I don't like the
vncviewer scrollbars, what I can do?
@@ -7334,15 +7431,15 @@ EndSection
There may also be scaling viewers out there (e.g. TightVNC or UltraVNC
on Windows) that automatically shrink or expand the remote framebuffer
to fit the local display. Especially for hand-held devices. See also
- [632]the next FAQ on x11vnc scaling.
+ [638]the next FAQ on x11vnc scaling.
- Q-99: Does x11vnc support server-side framebuffer scaling? (E.g. to
+ Q-100: Does x11vnc support server-side framebuffer scaling? (E.g. to
make the desktop smaller.)
As of Jun/2004 x11vnc provides basic server-side scaling. It is a
global scaling of the desktop, not a per-client setting. To enable it
- use the "[633]-scale fraction" option. "fraction" can either be a
+ use the "[639]-scale fraction" option. "fraction" can either be a
floating point number (e.g. -scale 0.75) or the alternative m/n
fraction notation (e.g. -scale 3/4.) Note that if fraction is greater
than one the display is magnified.
@@ -7367,7 +7464,7 @@ EndSection
One can also use the ":nb" with an integer scale factor (say "-scale
2:nb") to use x11vnc as a screen magnifier for vision impaired
- [634]applications. Since with integer scale factors the framebuffers
+ [640]applications. Since with integer scale factors the framebuffers
become huge and scaling operations time consuming, be sure to use
":nb" for the fastest response.
@@ -7393,7 +7490,7 @@ EndSection
If one desires per-client scaling for something like 1:1 from a
workstation and 1:2 from a smaller device (e.g. handheld), currently
the only option is to run two (or more) x11vnc processes with
- different scalings listening on separate ports ([635]-rfbport option,
+ different scalings listening on separate ports ([641]-rfbport option,
etc.)
Update: As of May/2006 x11vnc also supports the UltraVNC server-side
@@ -7403,8 +7500,8 @@ EndSection
"-rfbversion 3.6" for this to be recognized by UltraVNC viewers.
BTW, whenever you run two or more x11vnc's on the same X display and
- use the [636]GUI, then to avoid all of the x11vnc's simultaneously
- answering the gui you will need to use something like [637]"-connect
+ use the [642]GUI, then to avoid all of the x11vnc's simultaneously
+ answering the gui you will need to use something like [643]"-connect
file1 -gui ..." with different connect files for each x11vnc you want
to control via the gui (or remote-control.) The "-connect file1" usage
gives separate communication channels between a x11vnc process and the
@@ -7413,12 +7510,12 @@ EndSection
Update: As of Mar/2005 x11vnc now scales the mouse cursor with the
same scale factor as the screen. If you don't want that, use the
- [638]"-scale_cursor frac" option to set the cursor scaling to a
+ [644]"-scale_cursor frac" option to set the cursor scaling to a
different factor (e.g. use "-scale_cursor 1" to keep the cursor at its
natural unscaled size.)
- Q-100: Does x11vnc work with Xinerama? (i.e. multiple monitors joined
+ Q-101: Does x11vnc work with Xinerama? (i.e. multiple monitors joined
together to form one big, single screen.)
Yes, it should generally work because it simply polls the big
@@ -7441,26 +7538,26 @@ EndSection
screen is not rectangular (e.g. 1280x1024 and 1024x768 monitors joined
together), then there will be "non-existent" areas on the screen. The
X server will return "garbage" image data for these areas and so they
- may be distracting to the viewer. The [639]-blackout x11vnc option
+ may be distracting to the viewer. The [645]-blackout x11vnc option
allows you to blacken-out rectangles by manually specifying their
WxH+X+Y geometries. If your system has the libXinerama library, the
- [640]-xinerama x11vnc option can be used to have it automatically
+ [646]-xinerama x11vnc option can be used to have it automatically
determine the rectangles to be blackened out. (Note on 8bpp
PseudoColor displays the fill color may not be black.) Update:
- [641]-xinerama is now on by default.
+ [647]-xinerama is now on by default.
Some users have reported that the mouse does not behave properly for
their Xinerama display: i.e. the mouse cannot be moved to all regions
- of the large display. If this happens try using the [642]-xwarppointer
+ of the large display. If this happens try using the [648]-xwarppointer
option. This instructs x11vnc to fake mouse pointer motions using the
XWarpPointer function instead of the XTestFakeMotionEvent XTEST
function. (This may be due to a bug in the X server for XTEST when
- Xinerama is enabled.) Update: As of Dec/2006 [643]-xwarppointer will
+ Xinerama is enabled.) Update: As of Dec/2006 [649]-xwarppointer will
be applied automatically if Xinerama is detected. To disable use:
-noxwarppointer
- Q-101: Can I use x11vnc on a multi-headed display that is not Xinerama
+ Q-102: Can I use x11vnc on a multi-headed display that is not Xinerama
(i.e. separate screens :0.0, :0.1, ... for each monitor)?
You can, but it is a little bit awkward: you must start separate
@@ -7478,32 +7575,32 @@ EndSection
Note: if you are running on Solaris 8 or earlier you can easily hit up
against the maximum of 6 shm segments per process (for Xsun in this
case) from running multiple x11vnc processes. You should modify
- /etc/system as mentioned in another [644]FAQ to increase the limit. It
- is probably also a good idea to run with the [645]-onetile option in
+ /etc/system as mentioned in another [650]FAQ to increase the limit. It
+ is probably also a good idea to run with the [651]-onetile option in
this case (to limit each x11vnc to 3 shm segments), or even
- [646]-noshm to use no shm segments.
+ [652]-noshm to use no shm segments.
- Q-102: Can x11vnc show only a portion of the display? (E.g. for a
+ Q-103: Can x11vnc show only a portion of the display? (E.g. for a
special purpose application or a very large screen.)
- As of Mar/2005 x11vnc has the "[647]-clip WxH+X+Y" option to select a
+ As of Mar/2005 x11vnc has the "[653]-clip WxH+X+Y" option to select a
rectangle of width W, height H and offset (X, Y). Thus the VNC screen
will be the clipped sub-region of the display and be only WxH in size.
- One user used -clip to split up a large [648]Xinerama screen into two
+ One user used -clip to split up a large [654]Xinerama screen into two
more managable smaller screens.
This also works to view a sub-region of a single application window if
- the [649]-id or [650]-sid options are used. The offset is measured
+ the [655]-id or [656]-sid options are used. The offset is measured
from the upper left corner of the selected window.
- Q-103: Does x11vnc support the XRANDR (X Resize, Rotate and
+ Q-104: Does x11vnc support the XRANDR (X Resize, Rotate and
Reflection) extension? Whenever I rotate or resize the screen x11vnc
just seems to crash.
As of Dec/2004 x11vnc supports XRANDR. You enable it with the
- [651]-xrandr option to make x11vnc monitor XRANDR events and also trap
+ [657]-xrandr option to make x11vnc monitor XRANDR events and also trap
X server errors if the screen change occurred in the middle of an X
call like XGetImage. Once it traps the screen change it will create a
new framebuffer using the new screen.
@@ -7513,9 +7610,9 @@ EndSection
then the viewer will automatically resize. Otherwise, the new
framebuffer is fit as best as possible into the original viewer size
(portions of the screen may be clipped, unused, etc.) For these
- viewers you can try the [652]-padgeom option to make the region big
+ viewers you can try the [658]-padgeom option to make the region big
enough to hold all resizes and rotations. We have fixed this problem
- for the TightVNC Viewer on Unix: [653]SSVNC
+ for the TightVNC Viewer on Unix: [659]SSVNC
If you specify "-xrandr newfbsize" then vnc viewers that do not
support NewFBSize will be disconnected before the resize. If you
@@ -7523,21 +7620,21 @@ EndSection
terminate.
- Q-104: Independent of any XRANDR, can I have x11vnc rotate and/or
+ Q-105: Independent of any XRANDR, can I have x11vnc rotate and/or
reflect the screen that the VNC viewers see? (e.g. for a handheld
whose screen is rotated 90 degrees.)
- As of Jul/2006 there is the [654]-rotate option allow this. E.g's:
+ As of Jul/2006 there is the [660]-rotate option allow this. E.g's:
"-rotate +90", "-rotate -90", "-rotate x", etc.
- Q-105: Why is the view in my VNC viewer completely black? Or why is
+ Q-106: Why is the view in my VNC viewer completely black? Or why is
everything flashing around randomly?
See the next FAQ for a possible explanation.
- Q-106: I use Linux Virtual Terminals (VT's) to implement 'Fast User
+ Q-107: I use Linux Virtual Terminals (VT's) to implement 'Fast User
Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7,
Bobby is on Ctrl-Alt-F8, and Sid is on Ctrl-Alt-F1: they use those
keystrokes to switch between their sessions.) How come the view in a
@@ -7566,7 +7663,7 @@ EndSection
"chvt 7" for VT #7.
- Q-107: I am using x11vnc where my local machine has "popup/hidden
+ Q-108: I am using x11vnc where my local machine has "popup/hidden
taskbars" and the remote display where x11vnc runs also has
"popup/hidden taskbars" and they interfere and fight with each other.
What can I do?
@@ -7581,7 +7678,7 @@ EndSection
click on the task bar panel, and uncheck "enable auto-hide" from the
panel properties dialog box. This will make the panel always visible.
- Q-108: Help! x11vnc and my KDE screensaver keep switching each other
+ Q-109: Help! x11vnc and my KDE screensaver keep switching each other
on and off every few seconds.
This is a new (Jul/2006) problem seen, say, on the version of KDE that
@@ -7592,13 +7689,13 @@ EndSection
This may be a bug in kdesktop_lock. For now the only workaround is to
disable the screensaver. You can try using another one such as
- straight xscreensaver (see the instructions [655]here for how to
+ straight xscreensaver (see the instructions [661]here for how to
disable kdesktop_lock.) If you have more info on this or see it
outside of KDE please let us know.
Update: It appears this is due to kdesktop_lock enabling the screen
saver when the Monitor is in DPMS low-power state (e.g. standby,
- suspend, or off.) In Nov/2006 the x11vnc [656]-nodpms option was added
+ suspend, or off.) In Nov/2006 the x11vnc [662]-nodpms option was added
as a workaround. Normally it is a good thing that the monitor powers
down (since x11vnc can still poll the framebuffer in this state), but
if you experience the kdesktop_lock problem you can specify the
@@ -7608,22 +7705,22 @@ EndSection
disable the screensaver.) Feel free to file a bug against
kdesktop_lock with KDE.
- Q-109: I am running the beryl 3D window manager (or compiz, MythTv,
+ Q-110: I am running the beryl 3D window manager (or compiz, MythTv,
Google Earth, or some other OpenGL app) and I do not get screen
updates in x11vnc.
This appears to be because the 3D OpenGL/GLX hardware screen updates
do not get reported via the XDAMAGE mechanism. So this is a bug in
- [657]beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video
+ [663]beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video
card driver.
- As a workaround apply the [658]-noxdamage option. As of Feb/2007
+ As a workaround apply the [664]-noxdamage option. As of Feb/2007
x11vnc will try to autodetect the problem and disable XDAMAGE if is
appears to be missing a lot of updates. But if you know you are using
- beryl you might as well always supply -noxdamage. Thanks to [659]this
+ beryl you might as well always supply -noxdamage. Thanks to [665]this
user who reported the problem and discovered the workaround.
- A developer for [660]MiniMyth reports that the 'alphapulse' tag of the
+ A developer for [666]MiniMyth reports that the 'alphapulse' tag of the
theme G.A.N.T. can also cause problems, and should be avoided when
using VNC.
@@ -7632,7 +7729,7 @@ EndSection
responsiveness (especially for typing) and also leads to unnecessary
CPU and memory I/O load due to the extra polling.
- Q-110: Can I use x11vnc to view my VMWare session remotely?
+ Q-111: Can I use x11vnc to view my VMWare session remotely?
Yes, since VMWare usually runs as an X application you can view it via
x11vnc in the normal way.
@@ -7643,9 +7740,9 @@ EndSection
* Fullscreen mode
The way VMWare does Fullscreen mode on Linux is to display the Guest
- desktop in a separate Virtual Terminal (e.g. VT 8) (see [661]this FAQ
+ desktop in a separate Virtual Terminal (e.g. VT 8) (see [667]this FAQ
on VT's for background.) Unfortunately, this Fullscreen VT is not an X
- server. So x11vnc cannot access it (however, [662]see this discussion
+ server. So x11vnc cannot access it (however, [668]see this discussion
of -rawfb for a possible workaround.) x11vnc works fine with "Normal X
application window" and "Quick-Switch mode" because these use X.
@@ -7666,13 +7763,13 @@ EndSection
improve response. One can also cut the display depth (e.g. to 16bpp)
in this 2nd X session to improve video performance. This 2nd X session
emulates Fullscreen mode to some degree and can be viewed via x11vnc
- as long as the VMWare X session [663]is in the active VT.
+ as long as the VMWare X session [669]is in the active VT.
Also note that with a little bit of playing with "xwininfo -all
-children" output one can extract the (non-toplevel) window-id of the
of the Guest desktop only when VMWare is running as a normal X
application. Then one can export just the guest desktop (i.e. without
- the VMWare menu buttons) by use of the [664]-id windowid option. The
+ the VMWare menu buttons) by use of the [670]-id windowid option. The
caveats are the X session VMWare is in must be in the active VT and
the window must be fully visible, so this mode is not terribly
convenient, but could be useful in some circumstances (e.g. running
@@ -7684,14 +7781,14 @@ EndSection
[Exporting non-X11 devices via VNC]
- Q-111: Can non-X devices (e.g. a raw framebuffer) be viewed (and even
+ Q-112: Can non-X devices (e.g. a raw framebuffer) be viewed (and even
controlled) via VNC with x11vnc?
As of Apr/2005 there is support for this. Two options were added:
- "[665]-rawfb string" (to indicate the raw frame buffer device, file,
- etc. and its parameters) and "[666]-pipeinput command" (to provide an
+ "[671]-rawfb string" (to indicate the raw frame buffer device, file,
+ etc. and its parameters) and "[672]-pipeinput command" (to provide an
external program that will inject or otherwise process mouse and
- keystroke input.) Some useful [667]-pipeinput schemes, VID, CONSOLE,
+ keystroke input.) Some useful [673]-pipeinput schemes, VID, CONSOLE,
and UINPUT, have since been built into x11vnc for convenience.
This non-X mode for x11vnc is somewhat experimental because it is so
@@ -7731,9 +7828,9 @@ EndSection
access method.) Only use file if map isn't working. BTW, "mmap" is an
alias for "map" and if you do not supply a type and the file exists,
map is assumed (see the -help output and below for some exceptions to
- this.) The "snap:" setting applies the [668]-snapfb option with
+ this.) The "snap:" setting applies the [674]-snapfb option with
"file:" type reading (this is useful for exporting webcams or TV tuner
- video; see [669]the next FAQ for more info.)
+ video; see [675]the next FAQ for more info.)
Also, if the string is of the form "setup:cmd" then cmd is run and the
first line of its output retrieved and used as the rawfb string. This
@@ -7778,7 +7875,7 @@ EndSection
screen to either shm or a mapped file. The format of these is XWD and
so the initial header should be skipped. BTW, since XWD is not
strictly RGB the view will only be approximate, but usable. Of course
- for the case of Xvfb x11vnc can poll it much better via the [670]X
+ for the case of Xvfb x11vnc can poll it much better via the [676]X
API, but you get the idea.
By default in -rawfb mode x11vnc will actually close any X display it
@@ -7809,13 +7906,13 @@ minal #2)
tty1-tty6), or X graphical display (usually starting at tty7.) In
addition to the text console other graphical ones may be viewed and
interacted with as well, e.g. DirectFB or SVGAlib apps, VMWare non-X
- fullscreen, or [671]Qt-embedded apps (PDAs/Handhelds.) By default the
+ fullscreen, or [677]Qt-embedded apps (PDAs/Handhelds.) By default the
pipeinput mechanisms UINPUT and CONSOLE (keystrokes only) are
automatically attempted in this mode under "-rawfb console".
The Video4Linux Capture device, /dev/video0, etc is either a Webcam or
a TV capture device and needs to have its driver enabled in the
- kernel. See [672]this FAQ for details. If specified via "-rawfb Video"
+ kernel. See [678]this FAQ for details. If specified via "-rawfb Video"
then the pipeinput method "VID" is applied (it lets you change video
parameters dynamically via keystrokes.)
@@ -7823,10 +7920,10 @@ minal #2)
also useful in testing.
- All of the above [673]-rawfb options are just for viewing the raw
+ All of the above [679]-rawfb options are just for viewing the raw
framebuffer (although some of the aliases do imply keystroke and mouse
pipeinput methods.) That may be enough for certain applications of
- this feature (e.g. suppose a [674]video camera mapped its framebuffer
+ this feature (e.g. suppose a [680]video camera mapped its framebuffer
into memory and you just wanted to look at it via VNC.)
To handle the pointer and keyboard input from the viewer users the
"-pipeinput cmd" option was added to indicate a helper program to
@@ -7864,7 +7961,7 @@ minal #2)
keystrokes into the Linux console (e.g. the virtual consoles:
/dev/tty1, /dev/tty2, etc) in x11vnc/misc/vcinject.pl. It is based on
the vncterm/LinuxVNC.c program also in the libvncserver CVS. So to
- view and interact with VT #2 (assuming it is the [675]active VT) one
+ view and interact with VT #2 (assuming it is the [681]active VT) one
can run something like:
x11vnc -rawfb map:/dev/fb0@1024x768x16 -pipeinput './vcinject.pl 2'
@@ -7919,7 +8016,7 @@ minal #2)
better to use the more accurate and faster LinuxVNC program. The
advantage x11vnc -rawfb might have is that it can allow interaction
with a non-text application, e.g. one based on SVGAlib or
- [676]Qt-embedded Also, for example the [677]VMWare Fullscreen mode is
+ [682]Qt-embedded Also, for example the [683]VMWare Fullscreen mode is
actually viewable under -rawfb and can be interacted with if uinput is
enabled.
@@ -7936,7 +8033,7 @@ minal #2)
program that passes the framebuffer to libvncserver.
- Q-112: Can I export the Linux Console (Virtual Terminals) via VNC
+ Q-113: Can I export the Linux Console (Virtual Terminals) via VNC
using x11vnc?
Yes, you may need to be root to access the devices that make up the
@@ -7981,12 +8078,12 @@ minal #2)
startx (or similar, e.g. gdm) in the virtual terminal. A 2nd x11vnc
could be used to see if the X server is now working correctly.
- Q-113: Can I export via VNC a Webcam or TV tuner framebuffer using
+ Q-114: Can I export via VNC a Webcam or TV tuner framebuffer using
x11vnc?
- Yes, this is possible to some degree with the [678]-rawfb option.
+ Yes, this is possible to some degree with the [684]-rawfb option.
There is no X11 involved: snapshots from the video capture device are
- used for the screen image data. See the [679]previous FAQ on -rawfb
+ used for the screen image data. See the [685]previous FAQ on -rawfb
for background. For best results, use x11vnc version 0.8.1 or later.
Roughly, one would do something like this:
@@ -7998,7 +8095,7 @@ minal #2)
snapshot to a file that you point -rawfb to; ask me if it is not clear
what to do.)
- The "snap:" enforces [680]-snapfb mode which appears to be necessary.
+ The "snap:" enforces [686]-snapfb mode which appears to be necessary.
The read pointer for video capture devices cannot be repositioned
(which would be needed for scanline polling), but you can read a full
frame of data from the device.
@@ -8020,7 +8117,7 @@ minal #2)
Many video4linux drivers tend to set the framebuffer to be 24bpp (as
opposed to 32bpp.) Since this can cause problems with VNC viewers,
- etc, the [681]-24to32 option will be automatically imposed when in
+ etc, the [687]-24to32 option will be automatically imposed when in
24bpp.
Note that by its very nature, video capture involves rapid change in
@@ -8028,7 +8125,7 @@ minal #2)
wavering in brightness is always happening. This can lead to much
network bandwidth consumption for the VNC traffic and also local CPU
and I/O resource usage. You may want to experiment with "dialing down"
- the framerate via the [682]-wait, [683]-slow_fb, or [684]-defer
+ the framerate via the [688]-wait, [689]-slow_fb, or [690]-defer
options. Decreasing the window size and bpp also helps.
@@ -8117,16 +8214,16 @@ minal #2)
format to HI240, RGB565, RGB24, RGB32, RGB555, and
GREY respectively. See -rawfb video for details.
- See also the [685]-freqtab option to supply your own xawtv channel to
+ See also the [691]-freqtab option to supply your own xawtv channel to
frequency mappings for your country (only ntsc-cable-us is built into
x11vnc.)
- Q-114: Can I connect via VNC to a Qt-embedded/Qtopia application
+ Q-115: Can I connect via VNC to a Qt-embedded/Qtopia application
running on my handheld or PC using the Linux console framebuffer (i.e.
not X11)?
- Yes, the basic method for this is the [686]-rawfb scheme where the
+ Yes, the basic method for this is the [692]-rawfb scheme where the
Linux console framebuffer (usually /dev/fb0) is polled and the uinput
driver is used to inject keystrokes and mouse input. Often you will
just have to type:
@@ -8139,7 +8236,7 @@ minal #2)
x11vnc -rawfb /dev/fb0@640x480x16
Also, to force usage of the uinput injection method use "-pipeinput
- UINPUT". See the [687]-pipeinput description for tunable parameters,
+ UINPUT". See the [693]-pipeinput description for tunable parameters,
etc.
One problem with the x11vnc uinput scheme is that it cannot guess the
@@ -8155,7 +8252,7 @@ minal #2)
Even with the correct acceleration setting there is still some drift
(probably because of the mouse threshold where the acceleration kicks
in) and so x11vnc needs to reposition the cursor from 0,0 about 5
- times a second. See the [688]-pipeinput UINPUT option for tuning
+ times a second. See the [694]-pipeinput UINPUT option for tuning
parameters that can be set (there are some experimental thresh=N
tuning parameters as well)
@@ -8187,10 +8284,10 @@ minal #2)
not work.
- Q-115: Now that non-X11 devices can be exported via VNC using x11vnc,
+ Q-116: Now that non-X11 devices can be exported via VNC using x11vnc,
can I build it with no dependencies on X11 header files and libraries?
- Yes, as of Jul/2006 x11vnc enables building for [689]-rawfb only
+ Yes, as of Jul/2006 x11vnc enables building for [695]-rawfb only
support. Just do something like when building:
./configure --without-x (plus any other flags)
make
@@ -8201,16 +8298,16 @@ minal #2)
know what you did.
- Q-116: Does x11vnc support Mac OS X Aqua/Quartz displays natively
+ Q-117: Does x11vnc support Mac OS X Aqua/Quartz displays natively
(i.e. no X11 involved)?
Yes, since Nov/2006 in the development tree (x11vnc-0.8.4 tarball)
there is support for native Mac OS X Aqua/Quartz displays using the
- [690]-rawfb mechanism described above. The mouse and keyboard input is
+ [696]-rawfb mechanism described above. The mouse and keyboard input is
achieved via Mac OS X API's.
- So you can use x11vnc as an alternative to [691]OSXvnc (aka Vine
- Server), or [692]Apple Remote Desktop (ARD). Perhaps there is some
+ So you can use x11vnc as an alternative to [697]OSXvnc (aka Vine
+ Server), or [698]Apple Remote Desktop (ARD). Perhaps there is some
x11vnc feature you'd like to use on Mac OS X, etc. For a number of
activities (e.g. window drags) it seems to be faster than OSXvnc.
@@ -8220,7 +8317,7 @@ minal #2)
(XDarwin) running on Mac OS X (people often install this software to
display remote X11 apps on their Mac OS X system, or use some old
favorites locally such as xterm.) However in this case x11vnc will
- only work reasonably in single window [693]-id windowid mode (and the
+ only work reasonably in single window [699]-id windowid mode (and the
window may need to have mouse focus.)
If you do not have the DISPLAY env. variable set, x11vnc will assume
@@ -8238,9 +8335,9 @@ minal #2)
./configure --without-x
make
- Win2VNC/x2vnc: One handy use is to use the [694]-nofb mode to
+ Win2VNC/x2vnc: One handy use is to use the [700]-nofb mode to
redirect mouse and keyboard input to a nearby Mac (i.e. one to the
- side of your desk) via [695]x2vnc or Win2VNC. See [696]this FAQ for
+ side of your desk) via [701]x2vnc or Win2VNC. See [702]this FAQ for
more info.
Options: Here are the Mac OS X specific x11vnc options:
@@ -8310,17 +8407,17 @@ rm -f $tmp
command for you.) Then once you are connected via VNC, iconify the
Terminal windows (you can't delete them since that will kill x11vnc.)
- Q-117: Can x11vnc be used as a VNC reflector/repeater to improve
+ Q-118: Can x11vnc be used as a VNC reflector/repeater to improve
performance for the case of a large number of simultaneous VNC viewers
(e.g. classroom broadcasting or a large demo)?
- Yes, as of Feb/2007 there is the "[697]-reflect host:N" option to
+ Yes, as of Feb/2007 there is the "[703]-reflect host:N" option to
connect to the VNC server "host:N" (either another x11vnc or any other
VNC server) and re-export it. VNC viewers then connect to the
x11vnc(s) running -reflect.
The -reflect option is the same as: "-rawfb vnc:host:N". See the
- [698]-rawfb description under "VNC HOST" for more details.
+ [704]-rawfb description under "VNC HOST" for more details.
You can replace "host:N" with "listen" or "listen:port" for reverse
connections.
@@ -8381,18 +8478,18 @@ rm -f $tmp
re-exports via VNC to its clients C.) However, CopyRect and
CursorShape encodings are preserved in the reflection and that helps.
Dragging windows with the mouse can be a problem (especially if S is
- not doing wireframing somehow, consider [699]-nodragging if the
+ not doing wireframing somehow, consider [705]-nodragging if the
problem is severe) For a really fast reflector/repeater it would have
to be implemented from scratch with performance in mind. See these
other projects:
- [700]http://sourceforge.net/projects/vnc-reflector/,
- [701]http://www.tightvnc.com/projector/ (closed source?),
+ [706]http://sourceforge.net/projects/vnc-reflector/,
+ [707]http://www.tightvnc.com/projector/ (closed source?),
Automation via Reverse Connections: Instead of having the R's
connect directly to S and then the C's connect directly to the R they
should use, some convenience can be achieved by using reverse
- connections (the x11vnc "[702]"-connect host1,host2,..." option.)
+ connections (the x11vnc "[708]"-connect host1,host2,..." option.)
Suppose all the clients "C" are started up in Listen mode:
client1> vncviewer -listen
client2> vncviewer -listen
@@ -8419,7 +8516,7 @@ rm -f $tmp
us know what you did. A really nice thing would be some sort of
auto-discovery of your repeater, etc...
- Q-118: Can x11vnc be used during a Linux, Solaris, etc. system
+ Q-119: Can x11vnc be used during a Linux, Solaris, etc. system
Installation so the Installation can be done remotely?
This can be done, but it doesn't always work because it depends on how
@@ -8451,7 +8548,7 @@ rm -f $tmp
If the Solaris install is an older X-based one, there will be a menu
for you to get a terminal window. From that window you might be able
to retrieve x11vnc.static via wget, scp, or ftp. Remember to do "chmod
- 755 ./x11vnc.static" and then find the -auth file as in [703]this FAQ.
+ 755 ./x11vnc.static" and then find the -auth file as in [709]this FAQ.
If it is a Linux install that uses an X server (e.g. SuSE and probably
Fedora), then you can often get a shell by pressing Ctrl-Alt-F2 or
@@ -8460,8 +8557,8 @@ rm -f $tmp
wget http://192.168.0.22/x11vnc.static
chmod 755 ./x11vnc.static
- Find the name of the auth file as in [704]this FAQ. (maybe run "ps
- wwwaux | grep auth".) Then run it like this:
+ Find the name of the auth file as in [710]this FAQ. (maybe run "ps
+ wwaux | grep auth".) Then run it like this:
./x11vnc.static -forever -nopw -display :0 -auth /tmp/wherever/the/authfile
then press Alt-F7 to go back to the X install. You should now be able
@@ -8469,7 +8566,7 @@ rm -f $tmp
the display being :1, etc.
If there is a firewall blocking incoming connections during the
- install, use the [705]"-connect hostname" option option for a reverse
+ install, use the [711]"-connect hostname" option option for a reverse
connection to the hostname running the VNC viewer in listen mode.
Debian based installs are either console-text or console-framebuffer
@@ -8512,7 +8609,7 @@ rm -f $tmp
[Misc: Clipboard, File Transfer/Sharing, Printing, Sound, Beeps,
Thanks, etc.]
- Q-119: Does the Clipboard/Selection get transferred between the
+ Q-120: Does the Clipboard/Selection get transferred between the
vncviewer and the X display?
As of Jan/2004 x11vnc supports the "CutText" part of the RFB (aka VNC)
@@ -8531,7 +8628,7 @@ rm -f $tmp
as 'for power users' or 'an Easter Egg'. As soon as text is
highlighted it is set to the PRIMARY selection and so it is
immediately ready for pasting, usually via the Middle Mouse Button or
- "Shift+Insert". See [706]this jwz link for more information.
+ "Shift+Insert". See [712]this jwz link for more information.
x11vnc's default behavior is to watch both CLIPBOARD and PRIMARY and
whenever one of them changes, it sends the new text to connected
@@ -8548,37 +8645,37 @@ rm -f $tmp
You may not like these defaults. Here are ways to change the behavior:
* If you don't want the Clipboard/Selection exchanged at all use the
- [707]-nosel option.
+ [713]-nosel option.
* If you want changes in PRIMARY to be ignored use the
- [708]-noprimary option.
+ [714]-noprimary option.
* If you want changes in CLIPBOARD to be ignored use the
- [709]-noclipboard option.
+ [715]-noclipboard option.
* If you don't want x11vnc to set PRIMARY to the "CutText" received
- from viewers use the [710]-nosetprimary option.
+ from viewers use the [716]-nosetprimary option.
* If you don't want x11vnc to set CLIPBOARD to the "CutText"
- received from viewers use the [711]-nosetclipboard option.
+ received from viewers use the [717]-nosetclipboard option.
- You can also fine-tune it a bit with the [712]-seldir dir option and
- also [713]-input.
+ You can also fine-tune it a bit with the [718]-seldir dir option and
+ also [719]-input.
You may need to watch out for desktop utilities such as KDE's
"Klipper" that do odd things with the selection, clipboard, and
cutbuffers.
- Q-120: Can I use x11vnc to record a Shock Wave Flash (or other format)
+ Q-121: Can I use x11vnc to record a Shock Wave Flash (or other format)
video of my desktop, e.g. to record a tutorial or demo?
Yes, it is possible with a number of tools that record VNC and
transform it to swf format or others. One such popular tool is
- [714]pyvnc2swf. There are a number of [715]tutorials (broken link?) on
+ [720]pyvnc2swf. There are a number of [721]tutorials (broken link?) on
how to do this. Another option is to use the vnc2mpg that comes in the
LibVNCServer package.
An important thing to remember when doing this is that tuning
parameters should be applied to x11vnc to speed up its polling for
this sort of application, e.g. "-wait 10 -defer 10".
- Q-121: Can I transfer files back and forth with x11vnc?
+ Q-122: Can I transfer files back and forth with x11vnc?
As of Oct/2005 and May/2006 x11vnc enables, respectively, the TightVNC
and UltraVNC file transfer implementations that were added to
@@ -8586,11 +8683,11 @@ rm -f $tmp
(and Windows viewers only support filetransfer it appears... but they
do work to some degree under Wine on Linux.)
- The [716]SSVNC Unix VNC viewer supports UltraVNC file transfer by use
+ The [722]SSVNC Unix VNC viewer supports UltraVNC file transfer by use
of a Java helper program.
TightVNC file transfer is off by default, if you want to enable it use
- the [717]-tightfilexfer option.
+ the [723]-tightfilexfer option.
UltraVNC file transfer is off by default, to enable it use something
like "-rfbversion 3.6 -permitfiletransfer"
@@ -8613,7 +8710,7 @@ rm -f $tmp
IMPORTANT: please understand if -ultrafilexfer or -tightfilexfer is
specified and you run x11vnc as root for, say, inetd or display
manager (gdm, kdm, ...) access and you do not have it switch users via
- the [718]-users option, then VNC Viewers that connect are able to do
+ the [724]-users option, then VNC Viewers that connect are able to do
filetransfer reads and writes as *root*.
The UltraVNC and TightVNC settings can be toggled on and off inside
@@ -8626,13 +8723,13 @@ rm -f $tmp
control you will probably be foiled by the "-rfbversion 3.6" issue.
- Q-122: Which UltraVNC extensions are supported?
+ Q-123: Which UltraVNC extensions are supported?
Some of them are supported. To get UltraVNC Viewers to attempt to use
these extensions you will need to supply this option to x11vnc:
-rfbversion 3.6
- Or use [719]-ultrafilexfer which is an alias for the above option and
+ Or use [725]-ultrafilexfer which is an alias for the above option and
"-permitfiletransfer". UltraVNC evidently treats any other RFB version
number as non-UltraVNC.
@@ -8644,31 +8741,31 @@ rm -f $tmp
* 1/n Server Scaling
* rfbEncodingUltra compression encoding
- The [720]SSVNC Unix VNC viewer supports these UltraVNC extensions.
+ The [726]SSVNC Unix VNC viewer supports these UltraVNC extensions.
- To disable SingleWindow and ServerInput use [721]-noultraext (the
+ To disable SingleWindow and ServerInput use [727]-noultraext (the
others are managed by LibVNCServer.) See this option too:
- [722]-noserverdpms.
+ [728]-noserverdpms.
- Also, the [723]UltraVNC repeater proxy is supported for use with
- reverse connections: "[724]-connect repeater://host:port+ID:NNNN". Use
+ Also, the [729]UltraVNC repeater proxy is supported for use with
+ reverse connections: "[730]-connect repeater://host:port+ID:NNNN". Use
it for both plaintext and SSL connections. This mode can send any
string before switching to the VNC protocol, and so could be used with
other proxy/gateway tools. Also, a perl repeater implemention is here:
- [725]ultravnc_repeater.pl
+ [731]ultravnc_repeater.pl
- Q-123: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for
+ Q-124: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for
Unix? I.e. something very simple for a naive user to initiate a
reverse vnc connection from their Unix desktop to a helpdesk
operator's VNC Viewer.
- Yes, UltraVNC's [726]Single Click (SC) mode can be emulated fairly
+ Yes, UltraVNC's [732]Single Click (SC) mode can be emulated fairly
well on Unix.
We use the term "helpdesk" below, but it could be any sort of remote
assistance you want to set up, e.g. something for Unix-using friends
- or family to use. This includes [727]Mac OS X.
+ or family to use. This includes [733]Mac OS X.
Assume you create a helpdesk directory "hd" on your website:
http://www.mysite.com/hd (any website that you can upload files to
@@ -8724,7 +8821,7 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc
So I guess this is about 3-4 clicks (start a terminal and paste) and
pressing "Enter" instead of "single click"...
- See [728]this page for some variations on this method, e.g. how to add
+ See [734]this page for some variations on this method, e.g. how to add
a password, SSL Certificates, etc.
@@ -8736,11 +8833,11 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc
A bit of obscurity security could be put in with a -passwd, -rfbauth
options, etc. (note that x11vnc will require a password even for
- reverse connections.) More info [729]here.
+ reverse connections.) More info [735]here.
Firewalls: If the helpdesk (you) with the vncviewer is behind a
- NAT/Firewall/Router the [730]router will have to be configured to
+ NAT/Firewall/Router the [736]router will have to be configured to
redirect a port (i.e. 5500 or maybe different one if you like) to the
vncviewer machine. If the vncviewer machine also has its own
host-level firewall, you will have to open up the port there as well.
@@ -8750,7 +8847,7 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc
configuring a router to do a port redirection (i.e. on your side, the
HelpDesk.) To avoid modifying either firewall/router, one would need
some public (IP address reachable on the internet) redirection/proxy
- service. Perhaps such a thing exists. [731]http://sc.uvnc.com provides
+ service. Perhaps such a thing exists. [737]http://sc.uvnc.com provides
this service for their UltraVNC Single Click users.
@@ -8786,7 +8883,7 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc
As of Apr/2007 x11vnc supports reverse connections in SSL and so we
can do this. On the Helpdesk side (Viewer) you will need STUNNEL or
- better use the [732]Enhanced TightVNC Viewer (SSVNC) package we
+ better use the [738]Enhanced TightVNC Viewer (SSVNC) package we
provide that automates all of the SSL for you.
To do this create a file named "vncs" in the website "hd" directory
@@ -8816,11 +8913,11 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc
with the hostnames or IP addresses customized to your case.
- The only change from the "vnc" above is the addition of the [733]-ssl
+ The only change from the "vnc" above is the addition of the [739]-ssl
option to x11vnc. This will create a temporary SSL cert: openssl(1)
will need to be installed on the user's end. A fixed SSL cert file
could be used to avoid this (and provide some authentication; more
- info [734]here.)
+ info [740]here.)
The naive user will be doing this:
wget -qO - http://www.mysite.com/hd/vncs | sh -
@@ -8829,7 +8926,7 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc
But before that, the helpdesk operator needs to have "vncviewer
-listen" running as before, however he needs an SSL tunnel at his end.
- The easiest way to do this is use [735]Enhanced TightVNC Viewer
+ The easiest way to do this is use [741]Enhanced TightVNC Viewer
(SSVNC). Start it, and select Options -> 'Reverse VNC Connection
(-listen)'. Then UN-select 'Verify All Certs' (this can be enabled
later if you want; you'll need the x11vnc SSL certificate), and click
@@ -8859,7 +8956,7 @@ connect = localhost:5501
answer the prompts with whatever you want; you can take the default
for all of them if you like. The openssl(1) package must be installed.
- See [736]this link and [737]this one too for more info on SSL certs.
+ See [742]this link and [743]this one too for more info on SSL certs.
This creates $HOME/.vnc/certs/server-self:mystunnel.pem, then you
would change the "stunnel.cfg" to look something like:
foreground = yes
@@ -8880,7 +8977,7 @@ connect = localhost:5501
then all bets are off!.
More SSL variations and info about certificates can be found
- [738]here.
+ [744]here.
OpenSSL libssl.so.0.9.7 problems:
@@ -8890,16 +8987,16 @@ connect = localhost:5501
distros are currently a bit of a mess regarding which version of
libssl is installed.
- You will find the [739]details here.
+ You will find the [745]details here.
- Q-124: Can I (temporarily) mount my local (viewer-side) Windows/Samba
+ Q-125: Can I (temporarily) mount my local (viewer-side) Windows/Samba
File share on the machine where x11vnc is running?
You will have to use an external network redirection for this.
Filesystem mounting is not part of the VNC protocol.
- We show a simple [740]Samba example here.
+ We show a simple [746]Samba example here.
First you will need a tunnel to redirect the SMB requests from the
remote machine to the one you sitting at. We use an ssh tunnel:
@@ -8939,17 +9036,17 @@ d,ip=127.0.0.1,port=1139
far-away> smbumount /home/fred/smb-haystack-pub
At some point we hope to fold some automation for SMB ssh redir setup
- into the [741]Enhanced TightVNC Viewer (SSVNC) package we provide (as
+ into the [747]Enhanced TightVNC Viewer (SSVNC) package we provide (as
of Sep 2006 it is there for testing.)
- Q-125: Can I redirect CUPS print jobs from the remote desktop where
+ Q-126: Can I redirect CUPS print jobs from the remote desktop where
x11vnc is running to a printer on my local (viewer-side) machine?
You will have to use an external network redirection for this.
Printing is not part of the VNC protocol.
- We show a simple Unix to Unix [742]CUPS example here. Non-CUPS port
+ We show a simple Unix to Unix [748]CUPS example here. Non-CUPS port
redirections (e.g. LPD) should also be possible, but may be a bit more
tricky. If you are viewing on Windows SMB and don't have a local cups
server it may be trickier still (see below.)
@@ -9031,11 +9128,11 @@ d,ip=127.0.0.1,port=1139
"localhost".
At some point we hope to fold some automation for CUPS ssh redir setup
- into the [743]Enhanced TightVNC Viewer (SSVNC) package we provide (as
+ into the [749]Enhanced TightVNC Viewer (SSVNC) package we provide (as
of Sep 2006 it is there for testing.)
- Q-126: How can I hear the sound (audio) from the remote applications
+ Q-127: How can I hear the sound (audio) from the remote applications
on the desktop I am viewing via x11vnc?
You will have to use an external network audio mechanism for this.
@@ -9132,11 +9229,11 @@ or:
the applications will fail to run because LD_PRELOAD will point to
libraries of the wrong wordsize.
* At some point we hope to fold some automation for esd or artsd ssh
- redir setup into the [744]Enhanced TightVNC Viewer (SSVNC) package
+ redir setup into the [750]Enhanced TightVNC Viewer (SSVNC) package
we provide (as of Sep/2006 it is there for testing.)
- Q-127: Why don't I hear the "Beeps" in my X session (e.g. when typing
+ Q-128: Why don't I hear the "Beeps" in my X session (e.g. when typing
tput bel in an xterm)?
As of Dec/2003 "Beep" XBell events are tracked by default. The X
@@ -9144,31 +9241,65 @@ or:
in Solaris, see Xserver(1) for how to turn it on via +kb), and so you
won't hear them if the extension is not present.
- If you don't want to hear the beeps use the [745]-nobell option. If
+ If you don't want to hear the beeps use the [751]-nobell option. If
you want to hear the audio from the remote applications, consider
- trying a [746]redirector such as esd.
+ trying a [752]redirector such as esd.
+
+
+ Q-129: Does x11vnc work with IPv6?
+
+ Currently the only way to do this is via a separate helper program
+ such as [753]inetd. You configure x11vnc to be run from inetd or
+ xinetd and instruct it to listen on an IPv6 address. For xinetd the
+ setting "flags = IPv6" will be needed. For inetd.conf, for example:
+ 5900 stream tcp6 nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_wrapper.sh
+ We also provide a transitional tool in "[754]x11vnc/misc/inet6to4"
+ that acts as a relay for any IPv4 application to allow connections
+ over IPv6. For example:
+ inet6to4 5900 localhost:5900
- Q-128: Does x11vnc work with IPv6?
+ where x11vnc is listening on IPv4 port 5900.
- Currently the only way to do this is via [747]inetd. You configure
- x11vnc to be run from inetd or xinetd and instruct it to listen on an
- IPv6 address. For xinetd the setting "flags = IPv6" will be needed.
+ Also note that not all VNC Viewers are IPv6 enabled, so a redirector
+ may also be needed for them. "inet6to4 -r ..." can do this as well.
+
+ # ./inet6to4 -help
+
+ inet6to4: Act as an ipv6-to-ipv4 relay for tcp applications that
+ do not support ipv6.
+
+ Usage: inet6to4
+ inet6to4 -r
+
+ Examples: inet6to4 5900 localhost:5900
+ inet6to4 8080 web1:80
+ inet6to4 -r 5900 fe80::217:f2ff:fee6:6f5a%eth0:5900
+
+ The -r option reverses the direction of translation (e.g. for ipv4
+ clients that need to connect to ipv6 servers.) Reversing is the default
+ if this script is named 'inet4to6' (e.g. by a symlink.)
+
+ Use Ctrl-C to stop this program.
+
+ You can also set env. vars INET6TO4_LOOP=1 or INET6TO4_LOOP=BG
+ to have an outer loop restarting this program (BG means do that
+ in the background), and INET6TO4_LOGFILE for a log file.
+ Also set INET6TO4_VERBOSE to verbosity level and INET6TO4_WAITTIME
+ and INET6TO4_PIDFILE (see below.)
+
+ The "INET6TO4_LOOP=BG" and "INET6TO4_LOGFILE=..." env. variables make
+ the tool run reliably as a daemon for very long periods. Read the top
+ part of the script for more information.
- Unfortunately this will be inefficient if multiple VNC Viewers are
- connected at the same time (there will be a separate x11vnc for each
- connection.) Some sort of ipv4-to-ipv6 redirector tool (perhaps even a
- perl script) could be useful to avoid this.
- Also note that not all VNC Viewers are [748]IPv6 enabled, so a
- redirector could even be needed on the client side.
Contributions:
- Q-129: Thanks for your program or for your help! Can I make a
+ Q-130: Thanks for your program or for your help! Can I make a
donation?
Please do (any amount is appreciated; very few have donated) and thank
@@ -9246,78 +9377,78 @@ References
66. http://www.karlrunge.com/x11vnc/faq.html#faq-java-http
67. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect
68. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy
- 69. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
- 70. http://www.karlrunge.com/x11vnc/faq.html#faq-headless
- 71. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm
- 72. http://www.karlrunge.com/x11vnc/faq.html#faq-less-resource
- 73. http://www.karlrunge.com/x11vnc/faq.html#faq-more-resource
- 74. http://www.karlrunge.com/x11vnc/faq.html#faq-slow-link
- 75. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage
- 76. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage-opengl
- 77. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode
- 78. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe
- 79. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect
- 80. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching
- 81. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc
- 82. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-shape
- 83. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha
- 84. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks
- 85. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-arrow
- 86. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-positions
- 87. http://www.karlrunge.com/x11vnc/faq.html#faq-buttonmap-opt
- 88. http://www.karlrunge.com/x11vnc/faq.html#faq-altgr
- 89. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless
- 90. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless-sloppy
- 91. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak
- 92. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys
- 93. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys-still
- 94. http://www.karlrunge.com/x11vnc/faq.html#faq-mod-stuck-down
- 95. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-opt
- 96. http://www.karlrunge.com/x11vnc/faq.html#faq-sun-alt-meta
- 97. http://www.karlrunge.com/x11vnc/faq.html#faq-hpux-multi-key
- 98. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-button-click
- 99. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock
- 100. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars
- 101. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling
- 102. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama
- 103. http://www.karlrunge.com/x11vnc/faq.html#faq-multi-screen
- 104. http://www.karlrunge.com/x11vnc/faq.html#faq-clip-screen
- 105. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr
- 106. http://www.karlrunge.com/x11vnc/faq.html#faq-rotate
- 107. http://www.karlrunge.com/x11vnc/faq.html#faq-black-screen
- 108. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
- 109. http://www.karlrunge.com/x11vnc/faq.html#faq-hidden-taskbars
- 110. http://www.karlrunge.com/x11vnc/faq.html#faq-kde-screensaver
- 111. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl
- 112. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware
- 113. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
- 114. http://www.karlrunge.com/x11vnc/faq.html#faq-linux-vt
- 115. http://www.karlrunge.com/x11vnc/faq.html#faq-video
- 116. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded
- 117. http://www.karlrunge.com/x11vnc/faq.html#faq-no-x11
- 118. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
- 119. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect
- 120. http://www.karlrunge.com/x11vnc/faq.html#faq-os-install
- 121. http://www.karlrunge.com/x11vnc/faq.html#faq-clipboard
- 122. http://www.karlrunge.com/x11vnc/faq.html#faq-record-swf
- 123. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer
- 124. http://www.karlrunge.com/x11vnc/faq.html#faq-ultravnc
- 125. http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
- 126. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares
- 127. http://www.karlrunge.com/x11vnc/faq.html#faq-cups
- 128. http://www.karlrunge.com/x11vnc/faq.html#faq-sound
- 129. http://www.karlrunge.com/x11vnc/faq.html#faq-beeps
- 130. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6
- 131. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks
- 132. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display
- 133. http://www.tldp.org/HOWTO/Remote-X-Apps.html
- 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
- 135. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
- 136. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
- 138. http://www.karlrunge.com/x11vnc/index.html#firewalls
- 139. http://www.karlrunge.com/x11vnc/miscbuild.html
- 140. http://www.karlrunge.com/x11vnc/faq.html#infaq_libssl-problems
+ 69. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login
+ 70. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
+ 71. http://www.karlrunge.com/x11vnc/faq.html#faq-headless
+ 72. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm
+ 73. http://www.karlrunge.com/x11vnc/faq.html#faq-less-resource
+ 74. http://www.karlrunge.com/x11vnc/faq.html#faq-more-resource
+ 75. http://www.karlrunge.com/x11vnc/faq.html#faq-slow-link
+ 76. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage
+ 77. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage-opengl
+ 78. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode
+ 79. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe
+ 80. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect
+ 81. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching
+ 82. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc
+ 83. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-shape
+ 84. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha
+ 85. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks
+ 86. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-arrow
+ 87. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-positions
+ 88. http://www.karlrunge.com/x11vnc/faq.html#faq-buttonmap-opt
+ 89. http://www.karlrunge.com/x11vnc/faq.html#faq-altgr
+ 90. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless
+ 91. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless-sloppy
+ 92. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak
+ 93. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys
+ 94. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys-still
+ 95. http://www.karlrunge.com/x11vnc/faq.html#faq-mod-stuck-down
+ 96. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-opt
+ 97. http://www.karlrunge.com/x11vnc/faq.html#faq-sun-alt-meta
+ 98. http://www.karlrunge.com/x11vnc/faq.html#faq-hpux-multi-key
+ 99. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-button-click
+ 100. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock
+ 101. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars
+ 102. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling
+ 103. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama
+ 104. http://www.karlrunge.com/x11vnc/faq.html#faq-multi-screen
+ 105. http://www.karlrunge.com/x11vnc/faq.html#faq-clip-screen
+ 106. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr
+ 107. http://www.karlrunge.com/x11vnc/faq.html#faq-rotate
+ 108. http://www.karlrunge.com/x11vnc/faq.html#faq-black-screen
+ 109. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
+ 110. http://www.karlrunge.com/x11vnc/faq.html#faq-hidden-taskbars
+ 111. http://www.karlrunge.com/x11vnc/faq.html#faq-kde-screensaver
+ 112. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl
+ 113. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware
+ 114. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
+ 115. http://www.karlrunge.com/x11vnc/faq.html#faq-linux-vt
+ 116. http://www.karlrunge.com/x11vnc/faq.html#faq-video
+ 117. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded
+ 118. http://www.karlrunge.com/x11vnc/faq.html#faq-no-x11
+ 119. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
+ 120. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect
+ 121. http://www.karlrunge.com/x11vnc/faq.html#faq-os-install
+ 122. http://www.karlrunge.com/x11vnc/faq.html#faq-clipboard
+ 123. http://www.karlrunge.com/x11vnc/faq.html#faq-record-swf
+ 124. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer
+ 125. http://www.karlrunge.com/x11vnc/faq.html#faq-ultravnc
+ 126. http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick
+ 127. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares
+ 128. http://www.karlrunge.com/x11vnc/faq.html#faq-cups
+ 129. http://www.karlrunge.com/x11vnc/faq.html#faq-sound
+ 130. http://www.karlrunge.com/x11vnc/faq.html#faq-beeps
+ 131. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6
+ 132. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks
+ 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display
+ 134. http://www.tldp.org/HOWTO/Remote-X-Apps.html
+ 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
+ 136. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
+ 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
+ 139. http://www.karlrunge.com/x11vnc/index.html#firewalls
+ 140. http://www.karlrunge.com/x11vnc/miscbuild.html
141. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding
142. http://www.karlrunge.com/x11vnc/x11vnc_sunos4.html
143. http://www.karlrunge.com/x11vnc/index.html#building
@@ -9495,13 +9626,13 @@ References
315. http://www.karlrunge.com/x11vnc/chainingssh.html#gateway_double_ssh
316. http://www.karlrunge.com/x11vnc/index.html#tunnelling
317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 318. http://www.stunnel.org/
- 319. http://stunnel.mirt.net/
+ 318. http://stunnel.mirt.net/
+ 319. http://www.stunnel.org/
320. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
321. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
322. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify
323. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
- 324. http://www.stunnel.org/
+ 324. http://stunnel.mirt.net/
325. http://www.karlrunge.com/x11vnc/ssl.html
326. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
327. http://www.karlrunge.com/x11vnc/ssvnc.html
@@ -9536,7 +9667,7 @@ References
356. http://www.karlrunge.com/x11vnc/ssl.html
357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
358. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel
- 359. http://www.stunnel.org/
+ 359. http://stunnel.mirt.net/
360. http://www.karlrunge.com/x11vnc/faq.html#infaq_viewer-side-stunnel
361. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
362. http://www.karlrunge.com/x11vnc/ssvnc.html
@@ -9568,364 +9699,370 @@ References
388. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
389. http://www.karlrunge.com/x11vnc/ssvnc.html
390. http://www.karlrunge.com/x11vnc/ssl-portal.html
- 391. http://www.karlrunge.com/x11vnc/ssl.html
- 392. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously
- 393. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
- 394. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
- 395. http://www.karlrunge.com/x11vnc/faq.html#infaq_x11vnc_loop
- 396. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset
- 397. http://www.karlrunge.com/x11vnc/index.html#firewalls
- 398. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
+ 391. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login
+ 392. http://www.karlrunge.com/x11vnc/ssl.html
+ 393. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously
+ 394. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
+ 395. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
+ 396. http://www.karlrunge.com/x11vnc/faq.html#infaq_x11vnc_loop
+ 397. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset
+ 398. http://www.karlrunge.com/x11vnc/index.html#firewalls
399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
- 400. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris
- 401. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen
- 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
- 403. http://www.karlrunge.com/x11vnc/index.html#tunnelling
- 404. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
- 405. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 406. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N
- 407. http://www.jirka.org/gdm-documentation/x241.html
- 408. http://www.karlrunge.com/x11vnc/x11vnc_loop
- 409. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
- 410. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth
- 411. http://www.karlrunge.com/x11vnc/index.html#firewalls
- 412. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd
- 413. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q,
- 414. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
- 415. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
- 416. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi
- 417. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-mdns
- 418. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf
- 419. http://www.avahi.org/
- 420. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
- 421. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 423. http://www.karlrunge.com/x11vnc/faq.html#infaq_stunnel-inetd
- 424. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
- 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 427. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 428. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 430. http://www.karlrunge.com/x11vnc/find_display.html
- 431. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 400. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
+ 401. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris
+ 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen
+ 403. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
+ 404. http://www.karlrunge.com/x11vnc/index.html#tunnelling
+ 405. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
+ 406. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N
+ 408. http://www.jirka.org/gdm-documentation/x241.html
+ 409. http://www.karlrunge.com/x11vnc/x11vnc_loop
+ 410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
+ 411. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth
+ 412. http://www.karlrunge.com/x11vnc/index.html#firewalls
+ 413. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd
+ 414. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q,
+ 415. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth
+ 416. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
+ 417. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi
+ 418. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-mdns
+ 419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf
+ 420. http://www.avahi.org/
+ 421. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
+ 422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 423. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 424. http://www.karlrunge.com/x11vnc/faq.html#infaq_stunnel-inetd
+ 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
+ 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 427. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 428. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
+ 430. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 431. http://www.karlrunge.com/x11vnc/find_display.html
432. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 434. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords
- 435. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
- 438. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
- 439. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
- 440. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
- 442. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
- 443. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 444. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
- 445. http://www.karlrunge.com/x11vnc/ssvnc.html
- 446. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create_xsrv
- 450. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
- 451. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
+ 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 434. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 435. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords
+ 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 438. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
+ 439. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int
+ 440. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost
+ 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 442. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
+ 443. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
+ 444. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 445. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
+ 446. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create_xsrv
+ 451. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
+ 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
453. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
- 454. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 455. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir
- 456. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http
- 457. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy
- 458. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 459. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote
- 460. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit
- 461. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect
- 462. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy
+ 454. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
+ 455. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 456. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir
+ 457. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http
+ 458. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy
+ 459. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 460. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote
+ 461. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit
+ 462. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect
463. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy
464. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy
- 465. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess
- 466. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess
- 467. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
- 468. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 469. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 470. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 471. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 472. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 473. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
- 474. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
- 475. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
- 476. http://www.karlrunge.com/x11vnc/Xdummy
- 477. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 478. http://www.karlrunge.com/x11vnc/xdm_one_shot.html
- 479. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously
+ 465. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy
+ 466. http://www.karlrunge.com/x11vnc/desktop.cgi.pl
+ 467. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
+ 468. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 469. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop
+ 470. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal
+ 471. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess
+ 472. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess
+ 473. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
+ 474. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 475. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 476. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 477. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 478. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
+ 479. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
480. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
- 481. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 482. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 483. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 484. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
- 485. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
- 486. http://www.karlrunge.com/x11vnc/shm_clear
- 487. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
- 488. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
- 489. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm
- 490. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap
- 491. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
- 492. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb
+ 481. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
+ 482. http://www.karlrunge.com/x11vnc/Xdummy
+ 483. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 484. http://www.karlrunge.com/x11vnc/xdm_one_shot.html
+ 485. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously
+ 486. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay
+ 487. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 488. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 489. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 490. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc
+ 491. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc
+ 492. http://www.karlrunge.com/x11vnc/shm_clear
493. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
- 494. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs
- 495. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
- 496. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
- 497. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 498. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
- 499. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc
- 500. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
- 501. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
- 502. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
- 503. http://www.tightvnc.com/
- 504. http://www.karlrunge.com/x11vnc/ssvnc.html
- 505. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
- 506. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
- 507. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
- 508. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching
- 509. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
- 510. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-speeds
- 511. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
- 512. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs
- 513. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
- 514. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
- 515. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive
- 516. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 517. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare
- 518. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
- 519. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor
- 520. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos
- 521. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout
- 522. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen
- 523. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
- 524. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area
- 525. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem
- 526. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
- 527. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
- 528. http://minimyth.org/
- 529. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl
- 530. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
- 531. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
- 532. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
- 533. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
- 534. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
- 535. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
- 536. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe
- 537. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect
- 538. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode
- 539. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
- 540. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
- 541. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
- 542. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
- 543. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
- 544. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
- 545. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
- 546. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect
- 547. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe
- 548. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen
- 549. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip
- 550. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
- 551. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
- 552. http://www.karlrunge.com/x11vnc/index.html#beta-test
- 553. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
- 554. http://www.karlrunge.com/x11vnc/ssvnc.html
- 555. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop
- 556. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_no_rootpixmap
- 557. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr
- 558. http://www.virtualgl.org/About/TurboVNC
- 559. http://www.virtualgl.org/
- 560. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100
- 561. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
- 562. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
- 563. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100
- 564. http://www.karlrunge.com/x11vnc/ssvnc.html
- 565. http://www.karlrunge.com/x11vnc/bins
- 566. http://www.karlrunge.com/x11vnc/ssvnc.html
- 567. http://www.virtualgl.org/About/Reports
- 568. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
- 569. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
- 570. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
- 571. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay
- 572. http://www.karlrunge.com/x11vnc/faq.html#infaq_the-overlay-mode
- 573. http://www.karlrunge.com/x11vnc/index.html#solaris10-build
- 574. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks
- 575. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut
- 576. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac
- 577. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove
- 578. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape
- 579. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend
- 580. http://www.karlrunge.com/x11vnc/ssvnc.html
- 581. http://www.tightvnc.com/
- 582. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor
- 583. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos
- 584. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos
- 585. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape
- 586. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap
- 587. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer
- 588. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap
- 589. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
- 590. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless
- 591. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak
- 592. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
- 593. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
- 594. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 595. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
- 596. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
- 597. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
- 598. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 599. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak
- 600. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
- 601. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless
- 602. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 603. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
- 604. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
- 605. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 606. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 607. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes
- 608. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 609. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
- 610. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 611. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 612. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
- 613. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
- 614. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
- 615. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
- 616. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods
+ 494. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
+ 495. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm
+ 496. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap
+ 497. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
+ 498. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb
+ 499. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
+ 500. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs
+ 501. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
+ 502. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
+ 503. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 504. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
+ 505. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc
+ 506. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
+ 507. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
+ 508. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
+ 509. http://www.tightvnc.com/
+ 510. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 511. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
+ 512. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
+ 513. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid
+ 514. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching
+ 515. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
+ 516. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-speeds
+ 517. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
+ 518. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs
+ 519. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
+ 520. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
+ 521. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive
+ 522. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 523. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare
+ 524. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
+ 525. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor
+ 526. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos
+ 527. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout
+ 528. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen
+ 529. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
+ 530. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area
+ 531. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem
+ 532. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
+ 533. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
+ 534. http://minimyth.org/
+ 535. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl
+ 536. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
+ 537. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
+ 538. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
+ 539. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
+ 540. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode
+ 541. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads
+ 542. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe
+ 543. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect
+ 544. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode
+ 545. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
+ 546. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
+ 547. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
+ 548. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
+ 549. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
+ 550. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
+ 551. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe
+ 552. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect
+ 553. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe
+ 554. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen
+ 555. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip
+ 556. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
+ 557. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect
+ 558. http://www.karlrunge.com/x11vnc/index.html#beta-test
+ 559. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache
+ 560. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 561. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop
+ 562. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_no_rootpixmap
+ 563. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr
+ 564. http://www.virtualgl.org/About/TurboVNC
+ 565. http://www.virtualgl.org/
+ 566. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100
+ 567. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
+ 568. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
+ 569. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100
+ 570. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 571. http://www.karlrunge.com/x11vnc/bins
+ 572. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 573. http://www.virtualgl.org/About/Reports
+ 574. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow
+ 575. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
+ 576. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor
+ 577. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay
+ 578. http://www.karlrunge.com/x11vnc/faq.html#infaq_the-overlay-mode
+ 579. http://www.karlrunge.com/x11vnc/index.html#solaris10-build
+ 580. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks
+ 581. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut
+ 582. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac
+ 583. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove
+ 584. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape
+ 585. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend
+ 586. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 587. http://www.tightvnc.com/
+ 588. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor
+ 589. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos
+ 590. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos
+ 591. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape
+ 592. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap
+ 593. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer
+ 594. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap
+ 595. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 596. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless
+ 597. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak
+ 598. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
+ 599. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 600. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 601. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
+ 602. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 603. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 604. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 605. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak
+ 606. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
+ 607. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless
+ 608. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 609. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
+ 610. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 611. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 612. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 613. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes
+ 614. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 615. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
+ 616. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
617. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 618. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock
- 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
- 620. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
- 621. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
- 622. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 618. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
+ 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
+ 620. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
+ 621. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
+ 622. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods
623. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 624. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
- 625. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 626. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
+ 624. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock
+ 625. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
+ 626. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
+ 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
628. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 629. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
- 630. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
- 631. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
- 632. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling
- 633. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
- 634. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html
- 635. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
- 636. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui
- 637. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 638. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor
- 639. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout
- 640. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
- 641. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
- 642. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
- 643. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
- 644. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm
- 645. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
- 646. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
- 647. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip
- 648. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama
- 649. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 650. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 651. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr
- 652. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom
- 653. http://www.karlrunge.com/x11vnc/ssvnc.html
- 654. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate
- 655. http://www.jwz.org/xscreensaver/man1.html
- 656. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms
- 657. http://www.beryl-project.org/
- 658. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
- 659. http://www.dslinux.org/blogs/pepsiman/?p=73
- 660. http://minimyth.org/
- 661. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
- 662. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
- 663. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
- 664. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 665. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 666. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
- 667. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
- 668. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
- 669. http://www.karlrunge.com/x11vnc/faq.html#faq-video
- 670. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
- 671. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded
- 672. http://www.karlrunge.com/x11vnc/faq.html#faq-video
- 673. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 674. http://www.karlrunge.com/x11vnc/faq.html#faq-video
- 675. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
- 676. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded
- 677. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware
- 678. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 679. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
- 680. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
- 681. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32
- 682. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
- 683. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb
- 684. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
- 685. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab
- 686. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
- 687. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
- 688. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
- 689. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 690. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 691. http://www.testplant.com/products/vine_server/OS_X
- 692. http://www.apple.com/remotedesktop/
- 693. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 694. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb
- 695. http://fredrik.hubbe.net/x2vnc.html
- 696. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc
- 697. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
- 698. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 699. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
- 700. http://sourceforge.net/projects/vnc-reflector/
- 701. http://www.tightvnc.com/projector/
- 702. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 703. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
- 704. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
- 705. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 706. http://www.jwz.org/doc/x-cut-and-paste.html
- 707. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
- 708. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary
- 709. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noclipboard
- 710. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetprimary
- 711. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetclipboard
- 712. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir
- 713. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input
- 714. http://www.unixuser.org/~euske/vnc2swf/
- 715. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/
- 716. http://www.karlrunge.com/x11vnc/ssvnc.html
- 717. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer
- 718. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
- 719. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
- 720. http://www.karlrunge.com/x11vnc/ssvnc.html
- 721. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext
- 722. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
- 723. http://www.uvnc.com/addons/repeater.html
- 724. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 725. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl
- 726. http://www.uvnc.com/addons/singleclick.html
- 727. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
- 728. http://www.karlrunge.com/x11vnc/single-click.html
- 729. http://www.karlrunge.com/x11vnc/single-click.html
- 730. http://www.karlrunge.com/x11vnc/index.html#firewalls
- 731. http://sc.uvnc.com/
- 732. http://www.karlrunge.com/x11vnc/ssvnc.html
- 733. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 629. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 630. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
+ 631. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 632. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 633. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
+ 634. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 635. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
+ 636. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
+ 637. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
+ 638. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling
+ 639. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
+ 640. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html
+ 641. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
+ 642. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui
+ 643. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 644. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor
+ 645. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout
+ 646. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
+ 647. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
+ 648. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
+ 649. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
+ 650. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm
+ 651. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
+ 652. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
+ 653. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip
+ 654. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama
+ 655. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 656. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 657. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr
+ 658. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom
+ 659. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 660. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate
+ 661. http://www.jwz.org/xscreensaver/man1.html
+ 662. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms
+ 663. http://www.beryl-project.org/
+ 664. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
+ 665. http://www.dslinux.org/blogs/pepsiman/?p=73
+ 666. http://minimyth.org/
+ 667. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
+ 668. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
+ 669. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
+ 670. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 671. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 672. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
+ 673. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
+ 674. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
+ 675. http://www.karlrunge.com/x11vnc/faq.html#faq-video
+ 676. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
+ 677. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded
+ 678. http://www.karlrunge.com/x11vnc/faq.html#faq-video
+ 679. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 680. http://www.karlrunge.com/x11vnc/faq.html#faq-video
+ 681. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc
+ 682. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded
+ 683. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware
+ 684. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 685. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
+ 686. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
+ 687. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32
+ 688. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
+ 689. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb
+ 690. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
+ 691. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab
+ 692. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb
+ 693. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
+ 694. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
+ 695. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 696. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 697. http://www.testplant.com/products/vine_server/OS_X
+ 698. http://www.apple.com/remotedesktop/
+ 699. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 700. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb
+ 701. http://fredrik.hubbe.net/x2vnc.html
+ 702. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc
+ 703. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
+ 704. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 705. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
+ 706. http://sourceforge.net/projects/vnc-reflector/
+ 707. http://www.tightvnc.com/projector/
+ 708. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 709. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
+ 710. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager
+ 711. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 712. http://www.jwz.org/doc/x-cut-and-paste.html
+ 713. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
+ 714. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary
+ 715. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noclipboard
+ 716. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetprimary
+ 717. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetclipboard
+ 718. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir
+ 719. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input
+ 720. http://www.unixuser.org/~euske/vnc2swf/
+ 721. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/
+ 722. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 723. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer
+ 724. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
+ 725. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
+ 726. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 727. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext
+ 728. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
+ 729. http://www.uvnc.com/addons/repeater.html
+ 730. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 731. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl
+ 732. http://www.uvnc.com/addons/singleclick.html
+ 733. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx
734. http://www.karlrunge.com/x11vnc/single-click.html
- 735. http://www.karlrunge.com/x11vnc/ssvnc.html
- 736. http://www.karlrunge.com/x11vnc/single-click.html
- 737. http://www.karlrunge.com/x11vnc/ssl.html
- 738. http://www.karlrunge.com/x11vnc/single-click.html
- 739. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems
- 740. http://www.samba.org/
+ 735. http://www.karlrunge.com/x11vnc/single-click.html
+ 736. http://www.karlrunge.com/x11vnc/index.html#firewalls
+ 737. http://sc.uvnc.com/
+ 738. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 739. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 740. http://www.karlrunge.com/x11vnc/single-click.html
741. http://www.karlrunge.com/x11vnc/ssvnc.html
- 742. http://www.cups.org/
- 743. http://www.karlrunge.com/x11vnc/ssvnc.html
- 744. http://www.karlrunge.com/x11vnc/ssvnc.html
- 745. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
- 746. http://www.karlrunge.com/x11vnc/faq.html#faq-sound
- 747. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
- 748. http://jungla.dit.upm.es/~acosta/paginas/vncIPv6.html
+ 742. http://www.karlrunge.com/x11vnc/single-click.html
+ 743. http://www.karlrunge.com/x11vnc/ssl.html
+ 744. http://www.karlrunge.com/x11vnc/single-click.html
+ 745. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems
+ 746. http://www.samba.org/
+ 747. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 748. http://www.cups.org/
+ 749. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 750. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 751. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
+ 752. http://www.karlrunge.com/x11vnc/faq.html#faq-sound
+ 753. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd
+ 754. http://www.karlrunge.com/x11vnc/inet6to4
=======================================================================
http://www.karlrunge.com/x11vnc/chainingssh.html:
@@ -11220,11 +11357,21 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html:
([2]ss_vncviewer) can also take advantage of the method described here
with its -proxy option.
- Simpler Solutions: This apache solution may be too much for you. It is
- mainly intended for automatically redirecting to MULTIPLE workstations
- inside the firewall. If you only have one inside machine that you want
- to access, the method described here is overly complicated. See
- [3]below for some simpler (and still non-SSH) encrypted setups.
+ _________________________________________________________________
+
+ Simpler Solutions: This apache SSL VNC portal solution may be too much
+ for you. It is mainly intended for automatically redirecting to
+ MULTIPLE workstations inside the firewall. If you only have one or two
+ inside machines that you want to access, the method described here is
+ overly complicated! See [3]below for some simpler (and still non-SSH)
+ encrypted setups.
+
+ Also see the recent (Mar/2010) [4]desktop.cgi x11vnc desktop web login
+ CGI script that achieves much of what the method describes here
+ (especially if its 'port redirection' feature is enabled.)
+ _________________________________________________________________
+
+
There are numerous ways to achieve this with Apache. We present one of
the simplest ones here.
@@ -11232,7 +11379,7 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html:
Important: these sorts of schemes allow incoming connections from
anywhere on the Internet to fixed ports on machines inside the
firewall. Care must be taken to implement and test thoroughly. If one
- is paranoid one can (and should) add [4]extra layers of protection.
+ is paranoid one can (and should) add [5]extra layers of protection.
(e.g. extra passwords, packet filtering, SSL certificate verification,
etc).
@@ -11259,7 +11406,7 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html:
It is the last item that makes it tricky (otherwise the method
described on this page will work). If you are interested in such a
solution and are willing to run a separate helper program
- (connect_switch) [5]look here. Also, see [6]this apache patch.
+ (connect_switch) [6]look here. Also, see [7]this apache patch.
_________________________________________________________________
Example:
@@ -11276,7 +11423,7 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html:
In this example suppose the gateway machine running apache is named
"www.gateway.east" (e.g. it may also provide normal web service). We
also choose the Internet-facing port for this VNC service to be port
- 563. One could choose any port, including the [7]default HTTP port 80.
+ 563. One could choose any port, including the [8]default HTTP port 80.
Detail: We choose 563 because it is the rarely used SNEWS port that is
often allowed by Web proxies for the CONNECT method. The idea is the
@@ -11301,8 +11448,8 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html:
i.e. we force SSL VNC connections, port 5915, serve the Java VNC
viewer applet, and require a VNC password (another option would be
- [8]-unixpw). The above command could also be run out of [9]inetd(8).
- It can also be used to [10]autodetect the user's display and
+ [9]-unixpw). The above command could also be run out of [10]inetd(8).
+ It can also be used to [11]autodetect the user's display and
Xauthority data.
@@ -11434,7 +11581,7 @@ hostname2 15
This will involve downloading a signed java viewer applet jar file
that is able to interact with the internal proxy for the VNC
- connection. See [11]this FAQ for more info on how this works. Note:
+ connection. See [12]this FAQ for more info on how this works. Note:
sometimes with the Proxy case if you see 'Bad Gateway' error you will
have to wait 10 or so seconds and then hit reload. This seems to be
due to having to wait for a Connection Keepalive to terminate...
@@ -11506,7 +11653,7 @@ blah,blah...
of a outgoing proxy socket connection. Use it only if the Web browser
is inside a separate Web proxying environment (i.e. large corporation)
- The rewrites with parameter urlPrefix are described under [12]Tricks
+ The rewrites with parameter urlPrefix are described under [13]Tricks
for Better Response. The "trust" ones (also described under Tricks)
with trustAllVncCerts tell the Java VNC applet to skip a dialog asking
about the VNC Certificate. They are a bit faster and more reliable
@@ -11535,7 +11682,7 @@ blah,blah...
are not encrypted via SSL, and so in principle could be tampered with
by a really bad guy. The subsequent VNC connection, however, is
encrypted through a single SSL connection (it makes a CONNECT straight
- to x11vnc). [13]See below for how to have these initial downloads
+ to x11vnc). [14]See below for how to have these initial downloads
encrypted as well (if the apache web server has SSL/mod_ssl, i.e.
https, enabled and configured).
@@ -11544,36 +11691,36 @@ blah,blah...
certificate 'always'). This is because an applet it cannot open local
files, etc. Sadly, the applet cannot even remember certificates in the
same browser session because it is completely reinitialized for each
- connection (see [14]below).
+ connection (see [15]below).
_________________________________________________________________
Too Much?
If these apache rules are a little too much for you, there is a little
- bit [15]simpler scheme where you have to list each of the individual
+ bit [16]simpler scheme where you have to list each of the individual
machines in the httpd.conf and ssl.conf files. It may be a little more
typing to maintain, but perhaps being more straight forward (less
RewriteRule's) is desirable.
_________________________________________________________________
- Problems:
+ Problems?
To see example x11vnc output for a successful https://host:5900/
- connection with the Java Applet see [16]This Page.
+ connection with the Java Applet see [17]This Page.
_________________________________________________________________
Some Ideas for adding extra authentication, etc. for the paranoid:
- * VNC passwords: [17]-rfbauth, [18]-passwdfile, or [19]-usepw. Even
+ * VNC passwords: [18]-rfbauth, [19]-passwdfile, or [20]-usepw. Even
adding a simple company-wide VNC password helps block unwanted
access.
- * Unix passwords: [20]-unixpw
- * SSL Client certificates: [21]-sslverify
+ * Unix passwords: [21]-unixpw
+ * SSL Client certificates: [22]-sslverify
* Apache AuthUserFile directive: .htaccess, etc.
* Filter connections based on IP address or hostname.
- * Use Port-knocking on your firewall as described in: [22]Enhanced
+ * Use Port-knocking on your firewall as described in: [23]Enhanced
TightVNC Viewer (ssvnc).
* Add proxy password authentication (requires Viewer changes?)
* Run a separate instance of Apache that provides this VNC service
@@ -11588,7 +11735,7 @@ blah,blah...
Using non-Java viewers with this scheme:
- The [23]ss_vncviewer stunnel wrapper script for VNC viewers has the
+ The [24]ss_vncviewer stunnel wrapper script for VNC viewers has the
-proxy option that can take advantage of this method.
ss_vncviewer -proxy www.gateway.east:563 host1:15
@@ -11596,7 +11743,7 @@ blah,blah...
separated by a comma.
ss_vncviewer -proxy proxy1.foobar.com:8080,www.gateway.east:563 host1:15
- For the [24]Enhanced TightVNC Viewer (ssvnc) GUI (it uses ss_vncviewer
+ For the [25]Enhanced TightVNC Viewer (ssvnc) GUI (it uses ss_vncviewer
on Unix) put 'host1:15' into the 'VNC Server' entry box, and here are
possible Proxy/Gateway entries
Proxy/Gateway: www.gateway.east:563
@@ -11610,10 +11757,10 @@ blah,blah...
To have the Java applet downloaded to the user's Web Browser via an
encrypted (and evidently safer) SSL connection the Apache webserver
- should be configured for SSL via [25]mod_ssl.
+ should be configured for SSL via [26]mod_ssl.
- It is actually possible to use the x11vnc [26]Key Management utility
- "[27]-sslGenCert" to generate your Apache/SSL .crt and .key files. (In
+ It is actually possible to use the x11vnc [27]Key Management utility
+ "[28]-sslGenCert" to generate your Apache/SSL .crt and .key files. (In
brief, run something like "x11vnc -sslGenCert server self:apache" then
copy the resulting self:apache.crt file to conf/ssl.crt/server.crt and
extract the private key part from self:apache.pem and paste it into
@@ -11621,7 +11768,7 @@ blah,blah...
before running x11vnc will bump up the expiration date (3 years in
this case).
- Or you can use the standard methods described in the [28]Apache
+ Or you can use the standard methods described in the [29]Apache
mod_ssl documentation to create your keys. Then restart Apache,
usually something like "apachectl stop" followed by "apachectl
startssl"
@@ -11738,7 +11885,7 @@ stAllVncCerts=yes [R,NE,L]
The "vncs/trust" ones are like the "trust" ones described earlier
https://www.gateway.east/vncs/trust/mach2
- and similarly for the httpsPort ones. See [29]Tricks for Better
+ and similarly for the httpsPort ones. See [30]Tricks for Better
Response.
In all of the above cases the VNC traffic from Viewer to x11vnc is
@@ -11760,7 +11907,7 @@ stAllVncCerts=yes [R,NE,L]
The special entries "/vnc443" are only used for the special helper
program (connect_switch) for the https port 443 only mode
- [30]discussed here.
+ [31]discussed here.
_________________________________________________________________
@@ -11799,16 +11946,16 @@ stAllVncCerts=yes [R,NE,L]
-ssl SAVE -http -unixpw -localhost -users unixpw= \
-find
- (we have used the alias [31]-find for "-display
+ (we have used the alias [32]-find for "-display
WAIT:cmd=FINDDISPLAY".) This way the user must supply his Unix
username and password and then his display and Xauthority data on that
machine will be located and returned to x11vnc to allow it to attach.
If he doesn't have a display running on that machine or he fails to
log in correctly, the connection will be dropped.
- The variant "[32]-display WAIT:cmd=FINDCREATEDISPLAY" (aliased by
- "[33]-create") will actually create a (virtual or real) X server
- session for the user if one doesn't already exist. See [34]here for
+ The variant "[33]-display WAIT:cmd=FINDCREATEDISPLAY" (aliased by
+ "[34]-create") will actually create a (virtual or real) X server
+ session for the user if one doesn't already exist. See [35]here for
details.
To enable inetd operation for the non-HTTPS Java viewer download (port
@@ -11820,8 +11967,8 @@ stAllVncCerts=yes [R,NE,L]
-http_ssl -display WAIT:cmd=HTTPONCE
where the long inetd.conf line has been split. Note how the
- [35]-http_ssl tries to automatically find the .../classes/ssl
- subdirectory. This requires the [36]-prog option available in x11vnc
+ [36]-http_ssl tries to automatically find the .../classes/ssl
+ subdirectory. This requires the [37]-prog option available in x11vnc
0.8.4 (a shell script wrapper, e.g. /usr/local/bin/x11vnc_http.sh can
be used to work around this).
@@ -11868,7 +12015,7 @@ stAllVncCerts=yes [R,NE,L]
or using the stunnel wrapper script:
ss_vncviewer 24.35.46.57:1
- One can acheive similar things with dedicated firewall/routers (e.g.
+ One can achieve similar things with dedicated firewall/routers (e.g.
Linksys) using the device's web or other interface to configure the
firewall.
@@ -11880,7 +12027,7 @@ stAllVncCerts=yes [R,NE,L]
- The redirection could also be done at the application level using a
TCP redirect program (e.g. ip_relay or fancier ones). Evidently more
careful internal hostname checking, etc., could be performed by the
- special purpose application to add security. See [37]connect_switch
+ special purpose application to add security. See [38]connect_switch
which is somewhat related.
- One might imagine the ProxyPass could be done for the VNC traffic as
@@ -11986,40 +12133,41 @@ References
1. http://www.karlrunge.com/x11vnc/ssvnc.html
2. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
3. http://www.karlrunge.com/x11vnc/ssl-portal.html#no-apache
- 4. http://www.karlrunge.com/x11vnc/ssl-portal.html#precautions
- 5. http://www.karlrunge.com/x11vnc/ssl-single-443.html
- 6. https://issues.apache.org/bugzilla/show_bug.cgi?id=29744
- 7. http://www.karlrunge.com/x11vnc/ssl-portal.html#port-variations
- 8. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 9. http://www.karlrunge.com/x11vnc/ssl-portal.html#inetd
- 10. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
- 11. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy
- 12. http://www.karlrunge.com/x11vnc/ssl-portal.html#tricks
- 13. http://www.karlrunge.com/x11vnc/ssl-portal.html#https-applet
- 14. http://www.karlrunge.com/x11vnc/ssl-portal.html#https-applet"
- 15. http://www.karlrunge.com/x11vnc/ssl-portal-orig.html
- 16. http://www.karlrunge.com/x11vnc/ssl-output.html
- 17. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth
- 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile
- 19. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw
- 20. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
- 21. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify
- 22. http://www.karlrunge.com/x11vnc/ssvnc.html
- 23. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
- 24. http://www.karlrunge.com/x11vnc/ssvnc.html
- 25. http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
- 26. http://www.karlrunge.com/x11vnc/ssl.html
- 27. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert
- 28. http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert
- 29. http://www.karlrunge.com/x11vnc/ssl-portal.html#tricks
- 30. http://www.karlrunge.com/x11vnc/ssl-single-443.html
- 31. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
- 32. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
- 33. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
- 34. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
- 35. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_ssl
- 36. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-prog
- 37. http://www.karlrunge.com/x11vnc/ssl-single-443.html
+ 4. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login
+ 5. http://www.karlrunge.com/x11vnc/ssl-portal.html#precautions
+ 6. http://www.karlrunge.com/x11vnc/ssl-single-443.html
+ 7. https://issues.apache.org/bugzilla/show_bug.cgi?id=29744
+ 8. http://www.karlrunge.com/x11vnc/ssl-portal.html#port-variations
+ 9. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 10. http://www.karlrunge.com/x11vnc/ssl-portal.html#inetd
+ 11. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
+ 12. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy
+ 13. http://www.karlrunge.com/x11vnc/ssl-portal.html#tricks
+ 14. http://www.karlrunge.com/x11vnc/ssl-portal.html#https-applet
+ 15. http://www.karlrunge.com/x11vnc/ssl-portal.html#https-applet"
+ 16. http://www.karlrunge.com/x11vnc/ssl-portal-orig.html
+ 17. http://www.karlrunge.com/x11vnc/ssl-output.html
+ 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth
+ 19. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile
+ 20. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw
+ 21. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw
+ 22. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify
+ 23. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 24. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
+ 25. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 26. http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
+ 27. http://www.karlrunge.com/x11vnc/ssl.html
+ 28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert
+ 29. http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert
+ 30. http://www.karlrunge.com/x11vnc/ssl-portal.html#tricks
+ 31. http://www.karlrunge.com/x11vnc/ssl-single-443.html
+ 32. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find
+ 33. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT
+ 34. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create
+ 35. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
+ 36. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_ssl
+ 37. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-prog
+ 38. http://www.karlrunge.com/x11vnc/ssl-single-443.html
=======================================================================
http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html:
@@ -13101,8 +13249,8 @@ Unix VNCviewer (0.5MB)
redistribute the above because of cryptographic software they contain
or for other reasons. Please check out your situation and information
at the following and related sites:
- [73]http://www.stunnel.org
- [74]http://stunnel.mirt.net
+ [73]http://stunnel.mirt.net
+ [74]http://www.stunnel.org
[75]http://www.openssl.org
[76]http://www.chiark.greenend.org.uk/~sgtatham/putty/
[77]http://www.tightvnc.com
@@ -13186,8 +13334,8 @@ References
70. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.23/
71. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.24/
72. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.25/
- 73. http://www.stunnel.org/
- 74. http://stunnel.mirt.net/
+ 73. http://stunnel.mirt.net/
+ 74. http://www.stunnel.org/
75. http://www.openssl.org/
76. http://www.chiark.greenend.org.uk/~sgtatham/putty/
77. http://www.tightvnc.com/
@@ -13206,7 +13354,7 @@ x11vnc: a VNC server for real X displays
Here are all of x11vnc command line options:
% x11vnc -opts (see below for -help long descriptions)
-x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-02-21
+x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-03-20
x11vnc options:
-display disp -auth file -N
@@ -13334,7 +13482,7 @@ libvncserver-tight-extension options:
% x11vnc -help
-x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-02-21
+x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-03-20
(type "x11vnc -opts" to just list the options.)
@@ -13795,6 +13943,11 @@ Options:
-stunnel the ssl classes subdirectory is sought.
-http_ssl As -http, but force lookup for ssl classes subdir.
+ Note that for HTTPS, single-port Java applet delivery
+ you can set X11VNC_HTTPS_DOWNLOAD_WAIT_TIME to the
+ max number of seconds to wait for the applet download
+ to finish. The default is 15.
+
-avahi Use the Avahi/mDNS ZeroConf protocol to advertise
this VNC server to the local network. (Related terms:
Rendezvous, Bonjour). Depending on your setup, you
@@ -14232,9 +14385,31 @@ Options:
the user is allowed, but the option values associated
with it do apply as normal.
- There are also some utilities for testing password
+ There are also some utilities for checking passwords
if [list] starts with the "%" character. See the
- quick_pw() function in the source for details.
+ quick_pw() function for more details. Description:
+ "%-" or "%stdin" means read one line from stdin.
+ "%env" means it is in $UNIXPW env var. A leading
+ "%/" or "%." means read the first line from the
+ filename that follows after the % character. % by
+ itself means prompt for the username and password.
+ Otherwise: %user:pass E.g. -unixpw %fred:swordfish
+ For the other cases user:pass is read from the indicated
+ source. If the password is correct 'Y user' is printed
+ and the program exit code is 0. If the password is
+ incorrect it prints 'N user' and the exit code is 1.
+ If there is some other error the exit code is 2.
+ This feature enables x11vnc to be a general unix user
+ password checking tool; it could be used from scripts
+ or other programs. These % password checks also apply
+ to the -unixpw_nis and -unixpw_cmd options.
+
+ For the % password check, if the env. var. UNIXPW_CMD
+ is set to a command then it is run as the user (assuming
+ the password is correct.) The output of the command is
+ not printed, the program or script must manage that by
+ some other means. The exit code of x11vnc will depend
+ on the exit code of the command that is run.
Use -nounixpw to disable unixpw mode if it was enabled
earlier in the cmd line (e.g. -svc mode)
@@ -14339,8 +14514,11 @@ Options:
supplied unixpw_cmd to do user switching if desired
and if it has the permissions to do so.
--find Find the user's display using FINDDISPLAY. This is an
- alias for "-display WAIT:cmd=FINDDISPLAY".
+-find Find the user's display using FINDDISPLAY. This
+ is an alias for "-display WAIT:cmd=FINDDISPLAY".
+
+ Note: if a -display occurs later on the command line
+ it will override the -find setting.
For this and the next few options see -display WAIT:...
below for all of the details.
@@ -14378,6 +14556,9 @@ Options:
FINDCREATEDISPLAY method. This is an alias for
"-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb".
+ Note: if a -display occurs later on the command line
+ it will override the -create setting.
+
SSH NOTE: for both -find and -create you can (should!)
add the "-localhost" option to force SSH tunnel access.
@@ -14395,6 +14576,10 @@ Options:
-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb -unixpw -users
unixpw= -ssl SAVE Also "-service".
+ Note: if a -display, -unixpw, -users, or -ssl occurs
+ later on the command line it will override the -svc
+ setting.
+
-svc_xdummy As -svc except Xdummy instead of Xvfb.
-svc_xvnc As -svc except Xvnc instead of Xvfb.
-svc_xdummy_xvfb As -svc with Xdummy,Xvfb.
@@ -14403,6 +14588,10 @@ Options:
Alias for -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp
-unixpw -users unixpw= -ssl SAVE Also "-xdm_service".
+ Note: if a -display, -unixpw, -users, or -ssl occurs
+ later on the command line it will override the -xdmsvc
+ setting.
+
To create a session a user will have to first log in
to the -unixpw dialog and then log in again to the
XDM/GDM/KDM prompt. Subsequent re-connections will
@@ -14753,6 +14942,11 @@ Options:
X property, that makes FINDDISPLAY only find sessions
with that tag value.
+ Set FD_XDMCP_IF to the network interface that the
+ display manager is running on; default is 'localhost'
+ but you may need to set it to '::1' on some IPv6 only
+ systems or misconfigured display managers.
+
If you want the FINDCREATEDISPLAY session to contact an
XDMCP login manager (xdm/gdm/kdm) on the same machine,
then use "Xvfb.xdmcp" instead of "Xvfb", etc.
@@ -15414,7 +15608,7 @@ Options:
exits.
--stunnel [pem] Use the stunnel(8) (www.stunnel.org) to provide an
+-stunnel [pem] Use the stunnel(8) (stunnel.mirt.net) to provide an
encrypted SSL tunnel between viewers and x11vnc.
This external tunnel method was implemented prior to the
@@ -18244,6 +18438,10 @@ n
for root window, use +id for children.
grab_state get state of pointer and keyboard grab.
pointer_pos print XQueryPointer x,y cursor position.
+ pointer_x print XQueryPointer x cursor position.
+ pointer_y print XQueryPointer y cursor position.
+ pointer_same print XQueryPointer ptr on same screen.
+ pointer_root print XQueryPointer curr ptr rootwin.
mouse_x print x11vnc's idea of cursor position.
mouse_y print x11vnc's idea of cursor position.
noop do nothing.
@@ -18542,18 +18740,18 @@ n
http_url auth xauth users rootshift clipshift scale_str
scaled_x scaled_y scale_numer scale_denom scale_fac_x
scale_fac_y scaling_blend scaling_nomult4 scaling_pad
- scaling_interpolate inetd privremote unsafe safer
- nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
- ssl_pem sslverify stunnel stunnel_pem https httpsredir
- usepw using_shm logfile o flag rmflag rc norc h help
- V version lastmod bg sigpipe threads readrate netrate
- netlatency pipeinput clients client_count pid ext_xtest
- ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
- ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
- num_buttons button_mask mouse_x mouse_y grab_state
- pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x
- wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth
- passwd viewpasswd
+ scaling_interpolate inetd privremote unsafe safer nocmds
+ passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem
+ sslverify stunnel stunnel_pem https httpsredir usepw
+ using_shm logfile o flag rmflag rc norc h help V version
+ lastmod bg sigpipe threads readrate netrate netlatency
+ pipeinput clients client_count pid ext_xtest ext_xtrap
+ ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
+ ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
+ button_mask mouse_x mouse_y grab_state pointer_pos
+ pointer_x pointer_y pointer_same pointer_root bpp depth
+ indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
+ cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
-QD variable Just like -query variable, but returns the default
value for that parameter (no running x11vnc server
diff --git a/x11vnc/cursor.c b/x11vnc/cursor.c
index 12700f4..3d613a6 100644
--- a/x11vnc/cursor.c
+++ b/x11vnc/cursor.c
@@ -908,6 +908,9 @@ static void tree_descend_cursor(int *depth, Window *w, win_str_info_t *winfo) {
*(winfo->res_name) = '\0';
*(winfo->res_class) = '\0';
+ for (i=0; i < maxtries; i++) {
+ wins[i] = None;
+ }
/* some times a window can go away before we get to it */
trapped_xerror = 0;
diff --git a/x11vnc/help.c b/x11vnc/help.c
index 874291c..7a89a32 100644
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -518,6 +518,11 @@ void print_help(int mode) {
" -stunnel the ssl classes subdirectory is sought.\n"
"-http_ssl As -http, but force lookup for ssl classes subdir.\n"
"\n"
+" Note that for HTTPS, single-port Java applet delivery\n"
+" you can set X11VNC_HTTPS_DOWNLOAD_WAIT_TIME to the\n"
+" max number of seconds to wait for the applet download\n"
+" to finish. The default is 15.\n"
+"\n"
"-avahi Use the Avahi/mDNS ZeroConf protocol to advertise\n"
" this VNC server to the local network. (Related terms:\n"
" Rendezvous, Bonjour). Depending on your setup, you\n"
@@ -965,9 +970,31 @@ void print_help(int mode) {
" the user is allowed, but the option values associated\n"
" with it do apply as normal.\n"
"\n"
-" There are also some utilities for testing password\n"
+" There are also some utilities for checking passwords\n"
" if [list] starts with the \"%%\" character. See the\n"
-" quick_pw() function in the source for details.\n"
+" quick_pw() function for more details. Description:\n"
+" \"%%-\" or \"%%stdin\" means read one line from stdin.\n"
+" \"%%env\" means it is in $UNIXPW env var. A leading\n"
+" \"%%/\" or \"%%.\" means read the first line from the\n"
+" filename that follows after the %% character. %% by\n"
+" itself means prompt for the username and password.\n"
+" Otherwise: %%user:pass E.g. -unixpw %%fred:swordfish\n"
+" For the other cases user:pass is read from the indicated\n"
+" source. If the password is correct 'Y user' is printed\n"
+" and the program exit code is 0. If the password is\n"
+" incorrect it prints 'N user' and the exit code is 1.\n"
+" If there is some other error the exit code is 2.\n"
+" This feature enables x11vnc to be a general unix user\n"
+" password checking tool; it could be used from scripts\n"
+" or other programs. These %% password checks also apply\n"
+" to the -unixpw_nis and -unixpw_cmd options.\n"
+"\n"
+" For the %% password check, if the env. var. UNIXPW_CMD\n"
+" is set to a command then it is run as the user (assuming\n"
+" the password is correct.) The output of the command is\n"
+" not printed, the program or script must manage that by\n"
+" some other means. The exit code of x11vnc will depend\n"
+" on the exit code of the command that is run.\n"
"\n"
" Use -nounixpw to disable unixpw mode if it was enabled\n"
" earlier in the cmd line (e.g. -svc mode)\n"
@@ -1072,8 +1099,11 @@ void print_help(int mode) {
" supplied unixpw_cmd to do user switching if desired\n"
" and if it has the permissions to do so.\n"
"\n"
-"-find Find the user's display using FINDDISPLAY. This is an\n"
-" alias for \"-display WAIT:cmd=FINDDISPLAY\".\n"
+"-find Find the user's display using FINDDISPLAY. This\n"
+" is an alias for \"-display WAIT:cmd=FINDDISPLAY\".\n"
+"\n"
+" Note: if a -display occurs later on the command line\n"
+" it will override the -find setting.\n"
"\n"
" For this and the next few options see -display WAIT:...\n"
" below for all of the details.\n"
@@ -1111,6 +1141,9 @@ void print_help(int mode) {
" FINDCREATEDISPLAY method. This is an alias for\n"
" \"-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb\".\n"
"\n"
+" Note: if a -display occurs later on the command line\n"
+" it will override the -create setting.\n"
+"\n"
" SSH NOTE: for both -find and -create you can (should!)\n"
" add the \"-localhost\" option to force SSH tunnel access.\n"
"\n"
@@ -1128,6 +1161,10 @@ void print_help(int mode) {
" -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb -unixpw -users\n"
" unixpw= -ssl SAVE Also \"-service\".\n"
"\n"
+" Note: if a -display, -unixpw, -users, or -ssl occurs\n"
+" later on the command line it will override the -svc\n"
+" setting.\n"
+"\n"
"-svc_xdummy As -svc except Xdummy instead of Xvfb.\n"
"-svc_xvnc As -svc except Xvnc instead of Xvfb.\n"
"-svc_xdummy_xvfb As -svc with Xdummy,Xvfb.\n"
@@ -1136,6 +1173,10 @@ void print_help(int mode) {
" Alias for -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp\n"
" -unixpw -users unixpw= -ssl SAVE Also \"-xdm_service\".\n"
"\n"
+" Note: if a -display, -unixpw, -users, or -ssl occurs\n"
+" later on the command line it will override the -xdmsvc\n"
+" setting.\n"
+"\n"
" To create a session a user will have to first log in\n"
" to the -unixpw dialog and then log in again to the\n"
" XDM/GDM/KDM prompt. Subsequent re-connections will\n"
@@ -1485,6 +1526,11 @@ void print_help(int mode) {
" X property, that makes FINDDISPLAY only find sessions\n"
" with that tag value.\n"
"\n"
+" Set FD_XDMCP_IF to the network interface that the\n"
+" display manager is running on; default is 'localhost'\n"
+" but you may need to set it to '::1' on some IPv6 only\n"
+" systems or misconfigured display managers.\n"
+"\n"
" If you want the FINDCREATEDISPLAY session to contact an\n"
" XDMCP login manager (xdm/gdm/kdm) on the same machine,\n"
" then use \"Xvfb.xdmcp\" instead of \"Xvfb\", etc.\n"
@@ -2147,7 +2193,7 @@ void print_help(int mode) {
" exits.\n"
"\n"
"\n"
-"-stunnel [pem] Use the stunnel(8) (www.stunnel.org) to provide an\n"
+"-stunnel [pem] Use the stunnel(8) (stunnel.mirt.net) to provide an\n"
" encrypted SSL tunnel between viewers and x11vnc.\n"
"\n"
" This external tunnel method was implemented prior to the\n"
@@ -4980,6 +5026,10 @@ void print_help(int mode) {
" for root window, use +id for children.\n"
" grab_state get state of pointer and keyboard grab.\n"
" pointer_pos print XQueryPointer x,y cursor position.\n"
+" pointer_x print XQueryPointer x cursor position.\n"
+" pointer_y print XQueryPointer y cursor position.\n"
+" pointer_same print XQueryPointer ptr on same screen.\n"
+" pointer_root print XQueryPointer curr ptr rootwin.\n"
" mouse_x print x11vnc's idea of cursor position.\n"
" mouse_y print x11vnc's idea of cursor position.\n"
" noop do nothing.\n"
@@ -5278,18 +5328,18 @@ void print_help(int mode) {
" http_url auth xauth users rootshift clipshift scale_str\n"
" scaled_x scaled_y scale_numer scale_denom scale_fac_x\n"
" scale_fac_y scaling_blend scaling_nomult4 scaling_pad\n"
-" scaling_interpolate inetd privremote unsafe safer\n"
-" nocmds passwdfile unixpw unixpw_nis unixpw_list ssl\n"
-" ssl_pem sslverify stunnel stunnel_pem https httpsredir\n"
-" usepw using_shm logfile o flag rmflag rc norc h help\n"
-" V version lastmod bg sigpipe threads readrate netrate\n"
-" netlatency pipeinput clients client_count pid ext_xtest\n"
-" ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama\n"
-" ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin\n"
-" num_buttons button_mask mouse_x mouse_y grab_state\n"
-" pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x\n"
-" wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth\n"
-" passwd viewpasswd\n"
+" scaling_interpolate inetd privremote unsafe safer nocmds\n"
+" passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem\n"
+" sslverify stunnel stunnel_pem https httpsredir usepw\n"
+" using_shm logfile o flag rmflag rc norc h help V version\n"
+" lastmod bg sigpipe threads readrate netrate netlatency\n"
+" pipeinput clients client_count pid ext_xtest ext_xtrap\n"
+" ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n"
+" ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n"
+" button_mask mouse_x mouse_y grab_state pointer_pos\n"
+" pointer_x pointer_y pointer_same pointer_root bpp depth\n"
+" indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y\n"
+" cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd\n"
"\n"
"-QD variable Just like -query variable, but returns the default\n"
" value for that parameter (no running x11vnc server\n"
diff --git a/x11vnc/keyboard.c b/x11vnc/keyboard.c
index cdf85e9..edce680 100644
--- a/x11vnc/keyboard.c
+++ b/x11vnc/keyboard.c
@@ -1114,7 +1114,8 @@ void switch_to_xkb_if_better(void) {
n = k;
XFree_wr(keymap);
- if (missing_noxkb == 0 && syms_gt_4 >= 8) {
+ if (missing_noxkb == 0 && syms_per_keycode > 4 && syms_gt_4 >= 0) {
+ /* we used to have syms_gt_4 >= 8, now always on. */
if (! raw_fb_str) {
rfbLog("\n");
rfbLog("XKEYBOARD: number of keysyms per keycode %d is greater\n", syms_per_keycode);
@@ -1123,6 +1124,7 @@ void switch_to_xkb_if_better(void) {
rfbLog(" If this makes the key mapping worse you can\n");
rfbLog(" disable it with the \"-noxkb\" option.\n");
rfbLog(" Also, remember \"-remap DEAD\" for accenting characters.\n");
+ rfbLog("\n");
}
use_xkb_modtweak = 1;
@@ -1135,6 +1137,7 @@ void switch_to_xkb_if_better(void) {
rfbLog(" Not automatically switching to -xkb mode.\n");
rfbLog(" If some keys still cannot be typed, try using -xkb.\n");
rfbLog(" Also, remember \"-remap DEAD\" for accenting characters.\n");
+ rfbLog("\n");
}
return;
}
@@ -1217,6 +1220,7 @@ void switch_to_xkb_if_better(void) {
rfbLog(" Also, remember \"-remap DEAD\" for accenting"
" characters.\n");
}
+ rfbLog("\n");
}
/* sets up all the keymapping info via Xkb API */
diff --git a/x11vnc/misc/Makefile.am b/x11vnc/misc/Makefile.am
index f814315..98a7511 100644
--- a/x11vnc/misc/Makefile.am
+++ b/x11vnc/misc/Makefile.am
@@ -1,3 +1,3 @@
SUBDIRS = turbovnc
DIST_SUBDIRS = turbovnc
-EXTRA_DIST=README blockdpy.c dtVncPopup rx11vnc rx11vnc.pl shm_clear ranfb.pl slide.pl vcinject.pl x11vnc_loop Xdummy ultravnc_repeater.pl connect_switch
+EXTRA_DIST=README blockdpy.c dtVncPopup rx11vnc rx11vnc.pl shm_clear ranfb.pl slide.pl vcinject.pl x11vnc_loop Xdummy ultravnc_repeater.pl connect_switch panner.pl desktop.cgi inet6to4
diff --git a/x11vnc/misc/README b/x11vnc/misc/README
index abb60f6..f38616e 100644
--- a/x11vnc/misc/README
+++ b/x11vnc/misc/README
@@ -33,3 +33,14 @@ Misc. scripts:
use Xsetup mechanism.
Xdummy An LD_PRELOAD kludge to run the Xorg "dummy" device driver
like Xvfb.
+
+ ultravnc_repeater.pl: Unix script to act as UltraVNC repeater proxy.
+
+ connect_switch: Share HTTPS, VNC, SSH, etc. through a single port (e.g. 443)
+
+ panner.pl Allows a small rectangle to pan around a desktop more or less.
+
+ desktop.cgi CGI script for creating multi-user virtual desktops on a
+ server. Also can do port-redirection to internal machines.
+
+ inet6to4 ipv6 to ipv4 relay (i.e. until libvncserver supports ipv6)
diff --git a/x11vnc/misc/connect_switch b/x11vnc/misc/connect_switch
index ad6d138..212157f 100755
--- a/x11vnc/misc/connect_switch
+++ b/x11vnc/misc/connect_switch
@@ -1,6 +1,6 @@
#!/usr/bin/perl
#
-# Copyright (c) 2006-2009 by Karl J. Runge <runge@karlrunge.com>
+# Copyright (c) 2006-2010 by Karl J. Runge <runge@karlrunge.com>
#
# connect_switch is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -35,10 +35,14 @@
# because the CONNECT request appears to be forwarded encrypted to
# the remote host and so the SSL dies immediately.
#
+# It can also be used to redirect ANY protocol, e.g. SSH, not just VNC.
+# See CONNECT_SWITCH_APPLY_VNC_OFFSET=0 to disable VNC 5900 shift.
+#
# Note: There is no need to use this script for a non-ssl apache webserver
# port because mod_proxy works fine for doing the switching all inside
# apache (see ProxyRequests and AllowCONNECT parameters).
#
+#
# Apache configuration:
#
# The mod_ssl configuration is often in a file named ssl.conf. In the
@@ -68,6 +72,126 @@
# It is probably a good idea to set $listen_host below to the known
# IP address you want the service to listen on (to avoid localhost where
# apache is listening).
+#
+
+####################################################################
+# NOTE: For more info on configuration settings, read below for
+# all of the CONNECT_SWITCH_* env. var. parameters.
+####################################################################
+
+
+####################################################################
+# Allow env vars to also be specified on cmdline:
+#
+foreach my $arg (@ARGV) {
+ if ($arg =~ /^(CONNECT_SWITCH.*?)=(.*)$/) {
+ $ENV{$1} = $2;
+ }
+}
+
+# Set up logging:
+#
+if (exists $ENV{CONNECT_SWITCH_LOGFILE}) {
+ close STDOUT;
+ if (!open(STDOUT, ">>$ENV{CONNECT_SWITCH_LOGFILE}")) {
+ die "connect_switch: $ENV{CONNECT_SWITCH_LOGFILE} $!\n";
+ }
+ close STDERR;
+ open(STDERR, ">&STDOUT");
+}
+select(STDERR); $| = 1;
+select(STDOUT); $| = 1;
+
+# interrupt handler:
+#
+my $looppid = '';
+my $pidfile = '';
+my $listen_sock = ''; # declared here for get_out()
+#
+sub get_out {
+ print STDERR "$_[0]:\t$$ looppid=$looppid\n";
+ close $listen_sock if $listen_sock;
+ if ($looppid) {
+ kill 'TERM', $looppid;
+ fsleep(0.2);
+ }
+ unlink $pidfile if $pidfile;
+ exit 0;
+}
+$SIG{INT} = \&get_out;
+$SIG{TERM} = \&get_out;
+
+# pidfile:
+#
+sub open_pidfile {
+ if (exists $ENV{CONNECT_SWITCH_PIDFILE}) {
+ my $pf = $ENV{CONNECT_SWITCH_PIDFILE};
+ if (open(PID, ">$pf")) {
+ print PID "$$\n";
+ close PID;
+ $pidfile = $pf;
+ } else {
+ print STDERR "could not open pidfile: $pf - $! - continuing...\n";
+ }
+ delete $ENV{CONNECT_SWITCH_PIDFILE};
+ }
+}
+
+####################################################################
+# Set CONNECT_SWITCH_LOOP=1 to have this script create an outer loop
+# restarting itself if it ever exits. Set CONNECT_SWITCH_LOOP=BG to
+# do this in the background as a daemon.
+
+if (exists $ENV{CONNECT_SWITCH_LOOP}) {
+ my $csl = $ENV{CONNECT_SWITCH_LOOP};
+ if ($csl ne 'BG' && $csl ne '1') {
+ die "connect_switch: invalid CONNECT_SWITCH_LOOP.\n";
+ }
+ if ($csl eq 'BG') {
+ # go into bg as "daemon":
+ setpgrp(0, 0);
+ my $pid = fork();
+ if (! defined $pid) {
+ die "connect_switch: $!\n";
+ } elsif ($pid) {
+ wait;
+ exit 0;
+ }
+ if (fork) {
+ exit 0;
+ }
+ setpgrp(0, 0);
+ close STDIN;
+ if (! $ENV{CONNECT_SWITCH_LOGFILE}) {
+ close STDOUT;
+ close STDERR;
+ }
+ }
+ delete $ENV{CONNECT_SWITCH_LOOP};
+
+ if (exists $ENV{CONNECT_SWITCH_PIDFILE}) {
+ open_pidfile();
+ }
+
+ print STDERR "connect_switch: starting service at ", scalar(localtime), " master-pid=$$\n";
+ while (1) {
+ $looppid = fork;
+ if (! defined $looppid) {
+ sleep 10;
+ } elsif ($looppid) {
+ wait;
+ } else {
+ exec $0;
+ exit 1;
+ }
+ print STDERR "connect_switch: re-starting service at ", scalar(localtime), " master-pid=$$\n";
+ sleep 1;
+ }
+ exit 0;
+}
+if (exists $ENV{CONNECT_SWITCH_PIDFILE}) {
+ open_pidfile();
+}
############################################################################
@@ -83,15 +207,29 @@
# CONNECT_SWITCH_VERBOSE
# CONNECT_SWITCH_APPLY_VNC_OFFSET
# CONNECT_SWITCH_VNC_OFFSET
+# CONNECT_SWITCH_LISTEN_IPV6
+# CONNECT_SWITCH_BUFSIZE
+# CONNECT_SWITCH_LOGFILE
+# CONNECT_SWITCH_PIDFILE
+#
+# You can also set these on the cmdline:
+# connect_switch CONNECT_SWITCH_LISTEN=X CONNECT_SWITCH_ALLOW_FILE=Y ...
+#
+# By default we will use hostname and assume it resolves:
+#
my $hostname = `hostname`;
chomp $hostname;
my $listen_host = $hostname;
my $listen_port = 443;
+# Let user override listening situation, e.g. multihomed:
+#
if (exists $ENV{CONNECT_SWITCH_LISTEN}) {
+ #
# E.g. CONNECT_SWITCH_LISTEN=192.168.0.32:443
+ #
($listen_host, $listen_port) = split(/:/, $ENV{CONNECT_SWITCH_LISTEN});
}
@@ -99,10 +237,21 @@ my $httpd_host = 'localhost';
my $httpd_port = 443;
if (exists $ENV{CONNECT_SWITCH_HTTPD}) {
+ #
# E.g. CONNECT_SWITCH_HTTPD=127.0.0.1:443
+ #
($httpd_host, $httpd_port) = split(/:/, $ENV{CONNECT_SWITCH_HTTPD});
}
+my $bufsize = 8192;
+if (exists $ENV{CONNECT_SWITCH_BUFSIZE}) {
+ #
+ # E.g. CONNECT_SWITCH_BUFSIZE=32768
+ #
+ $bufsize = $ENV{CONNECT_SWITCH_BUFSIZE};
+}
+
+
############################################################################
# You can/should override the host/port settings here:
#
@@ -113,6 +262,9 @@ if (exists $ENV{CONNECT_SWITCH_HTTPD}) {
# You must set the allowed host:port CONNECT redirection list.
# Only these host:port pairs will be redirected to.
+# Port ranges are allowed too: host:5900-5930.
+# If there is one entry named ALL all connections are allow.
+# You must supply something, default is deny.
#
my @allowed = qw(
machine1:5915
@@ -141,6 +293,8 @@ if (exists $ENV{CONNECT_SWITCH_ALLOWED}) {
# fredsbox 15
# rupert 1
+# For examply, mine is:
+#
my $allow_file = '/dist/apache/2.0/conf/vnc.hosts';
$allow_file = '';
@@ -158,25 +312,34 @@ my $apply_vnc_offset = 1;
my $vnc_offset = 5900;
if (exists $ENV{CONNECT_SWITCH_APPLY_VNC_OFFSET}) {
+ #
# E.g. CONNECT_SWITCH_APPLY_VNC_OFFSET=0
+ #
$apply_vnc_offset = $ENV{CONNECT_SWITCH_APPLY_VNC_OFFSET};
}
if (exists $ENV{CONNECT_SWITCH_VNC_OFFSET}) {
+ #
# E.g. CONNECT_SWITCH_VNC_OFFSET=6000
+ #
$vnc_offset = $ENV{CONNECT_SWITCH_VNC_OFFSET};
}
-# Set to 1 for more debugging output:
+# Set to 1 or higher for more info output:
#
my $verbose = 0;
if (exists $ENV{CONNECT_SWITCH_VERBOSE}) {
+ #
# E.g. CONNECT_SWITCH_VERBOSE=1
+ #
$verbose = $ENV{CONNECT_SWITCH_VERBOSE};
}
-############################################################################
+
+
+#===========================================================================
# No need for any changes below here.
+#===========================================================================
use IO::Socket::INET;
use strict;
@@ -186,12 +349,29 @@ my $killpid = 1;
setpgrp(0, 0);
-my $listen_sock = IO::Socket::INET->new(
- Listen => 10,
- LocalAddr => $listen_host,
- LocalPort => $listen_port,
- Proto => "tcp"
-);
+if (exists $ENV{CONNECT_SWITCH_LISTEN_IPV6}) {
+ # note we leave out LocalAddr.
+ my $cmd = '
+ use IO::Socket::INET6;
+ $listen_sock = IO::Socket::INET6->new(
+ Listen => 10,
+ LocalPort => $listen_port,
+ ReuseAddr => 1,
+ Domain => AF_INET6,
+ Proto => "tcp"
+ );
+ ';
+ eval $cmd;
+ die "$@\n" if $@;
+} else {
+ $listen_sock = IO::Socket::INET->new(
+ Listen => 10,
+ LocalAddr => $listen_host,
+ LocalPort => $listen_port,
+ ReuseAddr => 1,
+ Proto => "tcp"
+ );
+}
if (! $listen_sock) {
die "connect_switch: $!\n";
@@ -210,7 +390,7 @@ while (1) {
fsleep(0.5);
next;
}
- print STDERR "conn: $conn -- ", $client->peerhost(), "\n" if $verbose;
+ print STDERR "conn: $conn -- ", $client->peerhost(), " at ", scalar(localtime), "\n" if $verbose;
my $pid = fork();
if (! defined $pid) {
@@ -237,6 +417,10 @@ sub handle_conn {
my @allow = @allowed;
+ # read allow file. Note we read it for every connection
+ # to allow the admin to modify it w/o restarting us.
+ # better way would be to read in parent and check mtime.
+ #
if ($allow_file && -f $allow_file) {
if (open(ALLOW, "<$allow_file")) {
while (<ALLOW>) {
@@ -259,6 +443,8 @@ sub handle_conn {
}
}
+ # Read the first 7 bytes of connection, see if it is 'CONNECT'
+ #
my $str = '';
my $N = 0;
my $isconn = 1;
@@ -267,7 +453,7 @@ sub handle_conn {
sysread($client, $b, 1);
$str .= $b;
$N++;
- print STDERR "read: '$str'\n" if $verbose;
+ print STDERR "read: '$str'\n" if $verbose > 1;
my $cstr = substr('CONNECT', 0, $i+1);
if ($str ne $cstr) {
$isconn = 0;
@@ -276,28 +462,60 @@ sub handle_conn {
}
my $sock = '';
+
if ($isconn) {
+ # it is CONNECT, read rest of HTTP header:
+ #
while ($str !~ /\r\n\r\n/) {
my $b;
sysread($client, $b, 1);
$str .= $b;
}
- print STDERR "read: $str\n" if $verbose;
+ print STDERR "read: $str\n" if $verbose > 1;
+ # get http version and host:port
+ #
my $ok = 0;
my $hostport = '';
my $http_vers = '1.0';
if ($str =~ /^CONNECT\s+(\S+)\s+HTTP\/(\S+)/) {
$hostport = $1;
$http_vers = $2;
- foreach my $hp (@allow) {
- if ($hp eq $hostport) {
- $ok = 1;
- last;
+
+ my ($h, $p) = split(/:/, $hostport);
+ if ($p =~ /^\d+$/) {
+ # check allowed host list:
+ foreach my $hp (@allow) {
+ if ($hp eq 'ALL') {
+ $ok = 1;
+ }
+ if ($hp eq $hostport) {
+ $ok = 1;
+ }
+ if ($hp =~ /^(.*):(\d+)-(\d+)$/) {
+ my $ahost = $1;
+ my $pmin = $2;
+ my $pmax = $3;
+ if ($h eq $ahost) {
+ if ($p >= $pmin && $p <= $pmax) {
+ $ok = 1;
+ }
+ }
+ }
+ last if $ok;
}
}
}
+
+ my $msg_1 = "HTTP/$http_vers 200 Connection Established\r\n"
+ . "Proxy-agent: connect_switch v0.2\r\n\r\n";
+ my $msg_2 = "HTTP/$http_vers 502 Bad Gateway\r\n"
+ . "Connection: close\r\n\r\n";
+
if (! $ok) {
+ # disallowed. drop with message.
+ #
+ syswrite($client, $msg_2, length($msg_2));
close $client;
exit 0;
}
@@ -312,18 +530,20 @@ sub handle_conn {
Proto => "tcp"
);
my $msg;
+
+ # send the connect proxy reply:
+ #
if ($sock) {
- $msg = "HTTP/$http_vers 200 Connection Established\r\n"
- . "Proxy-agent: connect_switch v0.2\r\n\r\n";
+ $msg = $msg_1;
} else {
- $msg = "HTTP/$http_vers 502 Bad Gateway\r\n"
- . "Connection: close\r\n\r\n";
+ $msg = $msg_2;
}
syswrite($client, $msg, length($msg));
$str = '';
} else {
- print STDERR "connecting to: $httpd_host:$httpd_port\n"
- if $verbose;
+ # otherwise, redirect to apache for normal https:
+ #
+ print STDERR "connecting to: $httpd_host:$httpd_port\n" if $verbose;
$sock = IO::Socket::INET->new(
PeerAddr => $httpd_host,
PeerPort => $httpd_port,
@@ -336,6 +556,8 @@ sub handle_conn {
die "connect_switch: $!\n";
}
+ # get ready for xfer phase:
+ #
$current_fh1 = $client;
$current_fh2 = $sock;
@@ -349,6 +571,8 @@ sub handle_conn {
kill 'TERM', $child;
}
} else {
+ # write those first bytes if not CONNECT:
+ #
if ($str ne '' && $N > 0) {
syswrite($sock, $str, $N);
}
@@ -358,9 +582,9 @@ sub handle_conn {
kill 'TERM', $parent;
}
}
- if ($verbose) {
+ if ($verbose > 1) {
my $dt = time() - $start;
- print STDERR "dt\[$$]: $dt\n";
+ print STDERR "duration\[$$]: $dt seconds. ", scalar(localtime), "\n";
}
exit 0;
}
@@ -380,7 +604,7 @@ sub xfer {
while (! $nf) {
$nf = select($ROUT=$RIN, undef, undef, undef);
}
- my $len = sysread($in, $buf, 8192);
+ my $len = sysread($in, $buf, $bufsize);
if (! defined($len)) {
next if $! =~ /^Interrupted/;
print STDERR "connect_switch\[$lab/$conn/$$]: $!\n";
@@ -392,7 +616,7 @@ sub xfer {
}
if (0) {
- # verbose debugging of data:
+ # very verbose debugging of data:
syswrite(STDERR , "\n$lab: ", 6);
syswrite(STDERR , $buf, $len);
}
diff --git a/x11vnc/misc/desktop.cgi b/x11vnc/misc/desktop.cgi
new file mode 100755
index 0000000..c2f9cc9
--- /dev/null
+++ b/x11vnc/misc/desktop.cgi
@@ -0,0 +1,1134 @@
+#!/usr/bin/perl
+#
+# desktop.cgi
+#
+# An example cgi script to provide multi-user web access to x11vnc
+# desktops. This script should/must be served by an HTTPS webserver,
+# otherwise the unix and vnc passwords are sent over the network
+# unencrypted (see below to disable)
+#
+# Note that the x11vnc -create virtual desktop service used below requires
+# that you install the 'Xvfb' program.
+#
+# You should put this script in, say, a cgi-bin directory.
+#
+# You will *also* need to copy the x11vnc classes/ssl/UltraViewerSSL.jar
+# file to the document root: /UltraViewerSSL.jar (or change the html
+# at bottom.)
+#
+# Each x11vnc server created for a login will listen on its own port (see
+# below for port selection schemes.) Your firewall must let in these ports.
+# It is difficult and not as reliable to do all of this through a single port;
+# however, see the fixed port scheme find_free_port = 'fixed:5900' below.
+#
+# Note there are two SSL certificates involved that the user may be
+# asked to inspect: apache's SSL cert and x11vnc's SSL cert. This may
+# confuse the user.
+#
+# This script provides one example on how to provide the service. You can
+# customize to meet your needs, e.g. switch to php, newer modules,
+# different authentication, SQL database, etc. If you plan to use it
+# in production, please examine all security aspects of it carefully;
+# read the comments in the script for more info.
+#
+# More information and background:
+#
+# http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
+# http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers
+# http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy
+# http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal
+# http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords
+# http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
+
+
+#-------------------------------------------------------------------------
+# Copyright (c) 2010 by Karl J. Runge <runge@karlrunge.com>
+#
+# desktop.cgi is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# desktop.cgi is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with desktop.cgi; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
+# or see <http://www.gnu.org/licenses/>.
+#-------------------------------------------------------------------------
+
+use strict;
+use IO::Socket::INET;
+
+
+# TCP Ports:
+#
+# Set find_free_port to 1 (or the other modes described below) to
+# autoselect a free port to use. The default is to use a fixed port
+# based on the userid.
+#
+my $find_free_port = 0;
+#
+# Or specify a port range:
+#
+#$find_free_port = '7000-8000';
+#
+# Or indicate to use a kludge to try to do everything through a SINGLE
+# port. To try to avoid contention on the port, simultaneous instances
+# of this script attempt to 'take turns' using it.
+#
+#$find_free_port = 'fixed:5900';
+
+
+# Port redirection mode:
+#
+# This is to allow port redirection mode: username@host:port If username
+# is valid, there will be a port redirection to internal machine
+# host:port. Presumably there is already an SSL enabled and password
+# protected VNC server running there. We don't start that server.
+# See the next setting for an allowed hosts file. The default for port
+# redirection is off.
+#
+my $enable_port_redirection = 0;
+
+# A file with allowed port redirections. The empty string '' (the
+# default) means all host:port redirections would be allowed.
+#
+# Format of the file: A list of 'user@host:port' or 'host:port'
+# entries, one per line. Port ranges, e.g. host:n-m are also accepted.
+#
+# Leading and trailing whitespace is trimmed off each line. Blank lines
+# and comment lines starting with '#' are skipped. A line consisting of
+# 'ALL' matches everything. If no match can be found or the file cannot
+# be opened the connection is dropped.
+#
+my $port_redirection_allowed_hosts = '';
+
+
+# Set to 0 to have the java applet html set the parameter
+# trustUrlVncCert=no, i.e. the applet will not automatically accept an
+# SSL cert already accepted by an HTTPS URL. See print_applet_html()
+# below for more info.
+#
+my $trustUrlVncCert = 1;
+
+
+# Comment this out if you don't want PATH modified:
+#
+$ENV{PATH} = "/usr/bin:bin:$ENV{PATH}";
+
+
+# For the next two settings, note that most users will be confused that
+# geometry and session are ignored when they are returning to their
+# existing desktop session (x11vnc FINDDISPLAY action.)
+
+# Used below if user did not specify preferred geometry and color depth:
+#
+my $default_geometry = '1024x768x24';
+
+
+# Set this to the list of x11vnc -create sessions types to show a session
+# dropdown for the user to select from.
+#
+my $session_types = '';
+#
+# example:
+#$session_types = 'gnome kde xfce lxde wmaker enlightenment mwm twm failsafe';
+
+
+# Set this to 1 to enable user setting a unique tag for each one
+# of his desktops and so can have multiple ones simultaneously and
+# select which one he wants. For now we just hack this onto geometry
+# 1024x768x24:my_2nd_desktop but ultimately there should be a form entry
+# for it. Search for enable_unique_tags for more info:
+#
+my $enable_unique_tags = 0;
+my $unique_tag = '';
+
+# You can set some extra x11vnc cmdline options here:
+#
+my $x11vnc_extra_opts = '';
+
+
+# Path to x11vnc program:
+#
+my $x11vnc = '/usr/bin/x11vnc';
+
+if (`uname -n` =~ /haystack/) {
+ # for my testing:
+ if (-f "/home/runge/dtcgi.test") {
+ eval `cat /home/runge/dtcgi.test`;
+ }
+}
+
+
+# http header:
+#
+print STDOUT "Content-Type: text/html\r\n\r\n";
+
+
+# Require HTTPS so that unix and vnc passwords are not sent in clear text
+# (perhaps it is too late...) Disable HTTPS at your own risk.
+#
+if ($ENV{HTTPS} !~ /^on$/i) {
+ bye("HTTPS must be used (to encrypt passwords)");
+}
+
+
+# Read request:
+#
+my $request;
+if ($ENV{'REQUEST_METHOD'} eq "POST") {
+ read(STDIN, $request, $ENV{'CONTENT_LENGTH'});
+} elsif ($ENV{'REQUEST_METHOD'} eq "GET" ) {
+ $request = $ENV{'QUERY_STRING'};
+} else {
+ $request = $ARGV[0];
+}
+
+my %request = url_decode(split(/[&=]/, $request));
+
+
+# Experiment for FD_TAG x11vnc feature for multiple desktops:
+#
+# we hide it in geometry:tag for now:
+#
+if ($enable_unique_tags && $request{geometry} =~ /^(.*):(\w+)$/) {
+ $request{geometry} = $1;
+ $unique_tag = $2;
+}
+
+# Check/set geometry and session:
+#
+if (!exists $request{geometry} || $request{geometry} !~ /^[x\d]+$/) {
+ # default geometry and depth:
+ $request{geometry} = $default_geometry;
+}
+if (!exists $request{session} || $request{session} =~ /^\s*$/) {
+ $request{session} = '';
+}
+
+
+# String for the login form:
+#
+my $login_str = <<"END";
+<title>x11vnc web access</title>
+<h3>x11vnc web access</h3>
+<form action="$ENV{REQUEST_URI}" method="post">
+ <table border="0">
+ <tr><td colspan=2><h2>Login</h2></td></tr>
+ <tr><td>Username:</td><td>
+ <input type="text" name="username" maxlength="40" value="$request{username}">
+ </td></tr>
+ <tr><td>Password:</td><td>
+ <input type="password" name="password" maxlength="50">
+ </td></tr>
+ <tr><td>Geometry:</td><td>
+ <input type="text" name="geometry" maxlength="40" value="$request{geometry}">
+ </td></tr>
+ <!-- session -->
+ <tr><td colspan="2" align="right">
+ <input type="submit" name="submit" value="Login">
+ </td></tr>
+ </table>
+</form>
+END
+
+
+# Set up user selected desktop session list, if enabled:
+#
+my %sessions;
+
+if ($session_types ne '') {
+ my $str = "<tr><td>Session:</td><td>\n<select name=session>";
+ $str .= "<option value=none>select</option>";
+
+ foreach my $sess (split(' ', $session_types)) {
+ next if $sess =~ /^\s*$/;
+ next if $sess !~ /^\w+$/; # alphanumeric
+ $sessions{$sess} = 1;
+ $str .= "<option value=$sess>$sess</option>";
+ }
+ $str .= "</select>\n</td></tr>";
+
+ # This forces $request{session} to be a valid one:
+ #
+ if (! exists $sessions{$request{session}}) {
+ $request{session} = 'none';
+ }
+
+ # Insert into login_str:
+ #
+ my $r = $request{session};
+ $str =~ s/option value=\Q$r\E/option selected value=$r/;
+ $login_str =~ s/<!-- session -->/$str/;
+}
+
+
+# If no username or password, show login form:
+#
+if (!$request{username} && !$request{password}) {
+ bye($login_str);
+} elsif (!$request{username}) {
+ bye("No Username.<p>$login_str");
+} elsif (!$request{password}) {
+ bye("No Password.<p>$login_str");
+}
+
+
+# Some shorthand names:
+#
+my $username = $request{username};
+my $password = $request{password};
+my $geometry = $request{geometry};
+my $session = $request{session};
+
+
+# If port redirection is enabled, split username@host:port
+#
+my $redirect_host = '';
+my $current_fh1 = '';
+my $current_fh2 = '';
+
+if ($enable_port_redirection) {
+ ($username, $redirect_host) = split(/@/, $username, 2);
+ if ($redirect_host ne '') {
+ # will exit if the redirection is not allowed:
+ check_redirect_host();
+ }
+}
+
+
+# Require username to be alphanumeric + '-' + '_':
+# (one may want to add '.' as well)
+#
+if ($username !~ /^\w[-\w]*$/) {
+ bye("Invalid Username.<p>$login_str");
+}
+
+
+# Get the userid number, we may use it as his VNC display port; this
+# also checks if the username exists:
+#
+my $uid = `/usr/bin/id -u '$username'`;
+chomp $uid;
+if ($? != 0 || $uid !~ /^\d+$/) {
+ bye("Invalid Username.<p>$login_str");
+}
+
+
+# Use x11vnc trick to check if the unix password is valid:
+#
+if (!open(X11VNC, "| $x11vnc -unixpw \%stdin > /dev/null")) {
+ bye("Internal Error #1");
+}
+print X11VNC "$username:$password\n";
+
+if (!close X11VNC) {
+ # x11vnc returns non-zero for invalid username+password:
+ bye("Invalid Password.<p>$login_str");
+}
+
+
+# Initialize random number generator for use below:
+#
+initialize_random();
+
+
+# Set vnc port:
+#
+my $vnc_port = 0;
+my $fixed_port = 0;
+
+if (! $find_free_port) {
+ # Fixed port based on userid (we assume it is free):
+ #
+ $vnc_port = 7000 + $uid;
+
+} elsif ($find_free_port =~ /^fixed:(\d+)$/) {
+ #
+ # Enable the -loopbg method that tries to share a single port:
+ #
+ $vnc_port = $1;
+ $fixed_port = 1;
+} else {
+ # Autoselect a port, either default range (7000-8000) or a user
+ # supplied range. (note that $find_free_port will now contain
+ # a socket listening on the found port so that it is held.)
+ #
+ $vnc_port = auto_select_port();
+}
+
+# Check for crazy port value:
+#
+if ($vnc_port > 64000 || $vnc_port < 1) {
+ bye("Internal Error #2 $vnc_port");
+}
+
+
+# If port redirection is enabled and the user selected it via
+# username@host:port, we do that right now and then exit.
+#
+if ($enable_port_redirection && $redirect_host ne '') {
+ port_redir();
+ exit 0;
+}
+
+
+# Make a random, onetime vnc password:
+#
+my $pass = '';
+my $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+my @abc = split(//, $chars);
+
+for (my $i = 0; $i < 8; $i++) {
+ $pass .= $abc[ rand(scalar(@abc)) ];
+}
+
+# Use x11vnc trick to switch to user and store vnc pass in the passwdfile.
+# Result is $pass is placed in user's $HOME/x11vnc.pw
+#
+# (This is actually difficult to do without untrusted local users being
+# able to see the pass as well, see copy_password_to_user() for details
+# on how we try to avoid this.)
+#
+copy_password_to_user($pass);
+
+
+# Make a tmp file for x11vnc launcher script:
+#
+my $tmpfile = `/bin/mktemp /tmp/desktop.cgi.XXXXXX`;
+chomp $tmpfile;
+
+# Check if the tmpfile is valid:
+#
+if (! -e $tmpfile || ! -o $tmpfile || -l $tmpfile) {
+ unlink $tmpfile;
+ bye("Internal Error #3");
+}
+if (!chmod 0644, $tmpfile) {
+ unlink $tmpfile;
+ bye("Internal Error #4");
+}
+if (!open(TMP, ">$tmpfile")) {
+ unlink $tmpfile;
+ bye("Internal Error #5");
+}
+
+
+# The x11vnc command. You adjust it to suit your needs.
+#
+# some ideas: -env FD_PROG=/usr/bin/gnome-session
+# -env FD_SESS=kde
+# -env FD_TAG=my_2nd_desktop
+# -ultrafilexfer
+#
+# Note that -timeout will cause it to exit if client does not connect
+# and -sslonly disables VeNCrypt SSL connections.
+
+# Some settings:
+#
+my $timeout = 75;
+my $extra = '';
+if ($fixed_port) {
+ # settings for fixed port case:
+ $timeout = 45;
+ $extra .= " -loopbg100,1";
+}
+if ($session_types ne '') {
+ # settings for session selection case:
+ if (exists $sessions{$session}) {
+ $extra .= " -env FD_SESS='$session'";
+ }
+}
+if ($enable_unique_tags && $unique_tag ne '' && $unique_tag =~ /^\w+$/) {
+ $extra .= " -env FD_TAG='$unique_tag'";
+}
+
+# This md5sum check of the vnc passwd is for extra safety (see
+# copy_password_to_user for details.)
+#
+my $md5sum = '';
+system("type md5sum > /dev/null");
+if ($? == 0) {
+ my $md5 = `/bin/mktemp /tmp/desktop.cgi.XXXXXX`;
+ chomp $md5;
+ # compute md5sum of password:
+ if (-o $md5 && open(MD5, "| md5sum > $md5")) {
+ print MD5 "$pass\n";
+ close MD5;
+ if (open(MD5, "<$md5")) {
+ # read it:
+ my $line = <MD5>;
+ close MD5;
+ my ($s, $t) = split(' ', $line);
+ if (length($s) >= 32 && $s =~ /^\w+$/) {
+ # shell code for user to check he has correct passwd:
+ $md5sum = "if md5sum \$HOME/x11vnc.pw | grep '$s' > /dev/null; then true; else exit 1; fi";
+ }
+ }
+ }
+ unlink $md5;
+}
+
+# write x11vnc command to the tmp file:
+#
+print TMP <<"END";
+#!/bin/sh
+export PATH=/usr/bin:/bin:\$PATH
+$md5sum
+$x11vnc -sigpipe ignore:HUP -nopw -rfbport $vnc_port \\
+ -passwdfile \$HOME/x11vnc.pw -oa \$HOME/x11vnc.log \\
+ -create -ssl SAVE -sslonly -env FD_GEOM=$geometry \\
+ -timeout $timeout $extra $x11vnc_extra_opts \\
+ >/dev/null 2>/dev/null </dev/null &
+sleep 2
+exit 0
+END
+
+close TMP;
+
+# Now launch x11vnc to switch to user and run the wrapper script:
+# (this requires x11vnc 0.9.10 or later.)
+#
+$ENV{UNIXPW_CMD} = "/bin/sh $tmpfile";
+
+# For the fixed port scheme we try to cooperate via lock file:
+#
+my $rmlock = '';
+#
+if ($fixed_port) {
+ # try to grab the fixed port for the next 90 secs removing stale
+ # locks older than 60 secs:
+ #
+ $rmlock = lock_fixed_port(90, 60);
+}
+
+# Start the x11vnc cmd:
+#
+if (!open(X11VNC, "| $x11vnc -unixpw \%stdin > /dev/null")) {
+ unlink $tmpfile;
+ unlink $rmlock if $rmlock;
+ bye("Internal Error #6");
+}
+
+select(X11VNC); $| = 1; select(STDOUT);
+
+# Close any port we held. There is still a gap of time between now
+# and when when x11vnc in $tmpfile reopens the port after the password
+# authentication. So another instance of this script could accidentally
+# think it is free...
+#
+sleep 1;
+close $find_free_port if $find_free_port;
+
+print X11VNC "$username:$password\n";
+close X11VNC; # note we ignore return value.
+unlink $tmpfile;
+
+if ($rmlock) {
+ # let our x11vnc proceed a bit before removing lock.
+ sleep 2;
+ unlink $rmlock;
+}
+
+# Return html for the java applet to connect to x11vnc.
+#
+print_applet_html();
+
+exit 0;
+
+#################################################################
+# Subroutines:
+
+# print the message to client and exit with success.
+#
+sub bye {
+ my $msg = shift;
+ print STDOUT "<html>$msg</html>\n";
+ exit 0;
+}
+
+# decode %xx to character:
+#
+sub url_decode {
+ foreach (@_) {
+ tr/+/ /;
+ s/%(..)/pack("c",hex($1))/ge;
+ }
+ @_;
+}
+
+# seed random
+#
+sub initialize_random {
+ my $rbytes = '';
+ if (open(RAN, "</dev/urandom")) {
+ read(RAN, $rbytes, 8);
+ } elsif (open(RAN, "</dev/random")) {
+ read(RAN, $rbytes, 8);
+ } else {
+ $rbytes = sprintf("%08d", $$);
+ }
+ close RAN;
+
+ # set seed:
+ #
+ my $seed = join('', unpack("C8", $rbytes));
+ $seed = substr($seed, -9);
+ srand($seed);
+
+ for (my $i = 0; $i < ($$ % 4096); $i++) {
+ # Mix it up even a little bit more. There should be
+ # over 1 billion possible vnc passwords now.
+ rand();
+ }
+}
+
+# Autoselect a port for vnc. Note that a socket for the found port
+# is kept open (and stored in $find_free_port) until we call x11vnc at
+# the end.
+#
+sub auto_select_port {
+ my $pmin = 7000; # default range.
+ my $pmax = 8000;
+
+ if ($find_free_port =~ /^(\d+)-(\d+)$/) {
+ # user supplied a range:
+ $pmin = $1;
+ $pmax = $2;
+ if ($pmin > $pmax) {
+ ($pmin, $pmax) = ($pmax, $pmin);
+ }
+ } elsif ($find_free_port > 1024) {
+ # user supplied a starting port:
+ $pmin = $find_free_port;
+ $pmax = $pmin + 1000;
+ }
+
+ # Try to add a bit of randomness to the starting port so
+ # simultaneous instances of this script won't be fooled by the gap
+ # of time before x11vnc reopens the port (see near the bottom.)
+ #
+ my $dp = int(rand(1.0) * 0.25 * ($pmax - $pmin));
+ if ($pmin + $dp < $pmax - 20) {
+ $pmin = $pmin + $dp;
+ }
+
+ my $port = 0;
+
+ # Now try to find a free one:
+ #
+ for (my $p = $pmin; $p <= $pmax; $p++) {
+ my $sock = IO::Socket::INET->new(
+ Listen => 1,
+ LocalPort => $p,
+ ReuseAddr => 1,
+ Proto => "tcp"
+ );
+ if ($sock) {
+ # we will keep this open until we call x11vnc:
+ $find_free_port = $sock;
+ $port = $p;
+ last;
+ }
+ }
+ return $port;
+}
+
+# Since apache typically runs as user 'apache', 'nobody', etc, and not
+# as root it is tricky for us to copy the pass string to a file owned by
+# the user without some other untrusted local user being able to learn
+# the password (e.g. via reading a file or watching ps.) Note that with
+# the x11vnc -unixpw trick we unfortunately can't use a pipe because
+# the user command is run in its own tty.
+#
+# The best way would be a sudo action or a special setuid program for
+# copying. So consider using that and thereby simplify this function.
+#
+# Short of a special program doing this, we use a fifo so ONLY ONE
+# process can read the password. If the untrusted local user reads it,
+# then the logging-in user's x11vnc won't get it. The login and x11vnc
+# will fail, but the untrusted user won't gain access to the logging-in
+# user's desktop.
+#
+# So here we start long, tedious work carefully managing the fifo.
+#
+sub copy_password_to_user {
+
+ my $pass = shift;
+
+ my $use_fifo = '';
+
+ # Find a command to make a fifo:
+ #
+ system("type mkfifo > /dev/null");
+ if ($? == 0) {
+ $use_fifo = 'mkfifo %s';
+ } else {
+ system("type mknod > /dev/null");
+ if ($? == 0) {
+ $use_fifo = 'mknod %s p';
+ }
+ }
+
+ # Create the filename for our fifo:
+ #
+ my $fifo = `/bin/mktemp /tmp/desktop.cgi.XXXXXX`;
+ chomp $fifo;
+
+ if (! -e $fifo || ! -o $fifo || -l $fifo) {
+ unlink $fifo;
+ bye("Internal Error #7");
+ }
+
+ # Make the fifo:
+ #
+ if ($use_fifo) {
+ $use_fifo = sprintf($use_fifo, $fifo);
+
+ # there is a small race here:
+ system("umask 077; rm -f $fifo; $use_fifo; chmod 600 $fifo");
+
+ if (!chmod 0600, $fifo) {
+ # we chmod once more..
+ unlink $fifo;
+ bye("Internal Error #8");
+ }
+
+ if (! -o $fifo || ! -p $fifo || -l $fifo) {
+ # but we get out if not owned by us anymore:
+ unlink $fifo;
+ bye("Internal Error #9");
+ }
+ }
+
+ # Build cmd for user to read our fifo:
+ #
+ my $upw = '$HOME/x11vnc.pw';
+ $ENV{UNIXPW_CMD} = "touch $upw; chmod 600 $upw; cat $fifo > $upw";
+
+ # Start it:
+ #
+ if (!open(X11VNC, "| $x11vnc -unixpw \%stdin > /dev/null")) {
+ unlink $fifo;
+ bye("Internal Error #10");
+ }
+ select(X11VNC); $| = 1; select(STDOUT);
+
+ if (! $use_fifo) {
+ # regular file, we need to write it now.
+ if (!open(FIFO, ">$fifo")) {
+ close X11VNC;
+ unlink $fifo;
+ bye("Internal Error #11");
+ }
+ print FIFO "$pass\n";
+ close FIFO;
+ }
+
+ # open fifo up for reading.
+ # (this means the bad guy can read it too.)
+ #
+ if (!chmod 0644, $fifo) {
+ unlink $fifo;
+ bye("Internal Error #12");
+ }
+
+ # send the user's passwd now:
+ #
+ print X11VNC "$username:$password\n";
+
+ if ($use_fifo) {
+ # wait a bit for the cat $fifo to start, reader will block.
+ sleep 1;
+ if (!open(FIFO, ">$fifo")) {
+ close X11VNC;
+ unlink $fifo;
+ bye("Internal Error #13");
+ }
+ # here it goes:
+ print FIFO "$pass\n";
+ close FIFO;
+ }
+ close X11VNC; # note we ignore return value.
+ fsleep(0.5);
+ #print STDERR `ls -l $fifo ~$username/x11vnc.pw`;
+ unlink $fifo;
+
+ # Done!
+}
+
+# For fixed, single port mode. Try to open and lock the port before
+# proceeding.
+#
+sub lock_fixed_port {
+ my ($t_max, $t_age) = @_;
+
+ # lock file name:
+ #
+ my $lock = '/tmp/desktop.cgi.lock';
+ my $remove = '';
+
+ my $t = 0;
+ my $sock = '';
+
+ while ($t < $t_max) {
+ if (-e $lock) {
+ # clean out stale locks if possible:
+ if (! -l $lock) {
+ unlink $lock;
+ } else {
+ my ($pid, $time) = split(/:/, readlink($lock));
+ if (! -d "/proc/$pid") {
+ unlink $lock;
+ }
+ if (time() > $time + $t_age) {
+ unlink $lock;
+ }
+ }
+ }
+
+ my $reason = '';
+
+ if (-l $lock) {
+ # someone has locked it.
+ $reason = 'locked';
+ } else {
+ # unlocked, try to listen on port:
+ $sock = IO::Socket::INET->new(
+ Listen => 1,
+ LocalPort => $vnc_port,
+ ReuseAddr => 1,
+ Proto => "tcp"
+ );
+ if ($sock) {
+ # we got it, now try to lock:
+ my $str = "$$:" . time();
+ if (symlink($str, $lock)) {
+ $remove = $lock;
+ $find_free_port = $sock;
+ last;
+ }
+ # wow, we didn't lock it...
+ $reason = "symlink failed: $!";
+ close $sock;
+ } else {
+ $reason = "listen failed: $!";
+ }
+ }
+ # sleep a bit and then try again:
+ #
+ print STDERR "$$ failed to get fixed port $vnc_port for $username at $t ($reason)\n";
+ $sock = '';
+ $t += 5;
+ sleep 5;
+ }
+ if (! $sock) {
+ bye("Failed to lock fixed TCP port. Try again a bit later.<p>$login_str");
+ }
+ print STDERR "$$ got fixed port $vnc_port for $username at $t\n";
+
+ # Return the file to remove, if any:
+ #
+ return $remove;
+}
+
+
+# Return html for the java applet to connect to x11vnc.
+#
+# N.B. Please examine the applet params, e.g. trustUrlVncCert=yes to
+# see if you agree with them. See x11vnc classes/ssl/README for all
+# parameters.
+#
+# Note how we do not take extreme care to authenticate the server to
+# the client applet (but note that trustUrlVncCert=yes is better than
+# trustAllVncCerts=yes) One can tighten all of this up at the expense
+# of extra certificate dialogs (assuming the user bothers to check...)
+#
+# This assumes /UltraViewerSSL.jar is at document root; you need to put
+# it there.
+#
+sub print_applet_html {
+ my ($W, $H, $D) = split(/x/, $geometry);
+ $W = 640; # make it smaller since we 'Open New Window' below anyway.
+ $H = 480;
+ my $tUVC = ($trustUrlVncCert ? 'yes' : 'no');
+ my $str = <<"END";
+<html>
+<TITLE>
+x11vnc desktop ($uid/$vnc_port)
+</TITLE>
+<APPLET CODE=VncViewer.class ARCHIVE=/UltraViewerSSL.jar WIDTH=$W HEIGHT=$H>
+<param name=PORT value=$vnc_port>
+<param name=VNCSERVERPORT value=$vnc_port>
+<param name=PASSWORD value=$pass>
+<param name=trustUrlVncCert value=$tUVC>
+<param name="Open New Window" value=yes>
+<param name="Offer Relogin" value=no>
+<param name="ignoreMSLogonCheck" value=yes>
+<param name="delayAuthPanel" value=yes>
+<!-- extra -->
+</APPLET>
+<br>
+<a href="$ENV{REQUEST_URI}">Login page</a><br>
+<a href=http://www.karlrunge.com/x11vnc>x11vnc website</a>
+</html>
+END
+
+ if ($enable_port_redirection && $redirect_host ne '') {
+ $str =~ s/name=PASSWORD value=.*>/name=NOT_USED value=yes>/;
+ #$str =~ s/<!-- extra -->/<!-- extra -->\n<param name="ignoreProxy" value=yes>/;
+ }
+
+ print $str;
+}
+
+##########################################################################
+# The following subroutines are for port redirection only, which is
+# disabled by default ($enable_port_redirection == 0)
+#
+sub port_redir {
+ # To aid in avoiding zombies:
+ #
+ setpgrp(0, 0);
+
+ # For the fixed port scheme we try to cooperate via lock file:
+ #
+ my $rmlock = '';
+ #
+ if ($fixed_port) {
+ # try to grab the fixed port for the next 90 secs removing
+ # stale locks older than 60 secs:
+ #
+ $rmlock = lock_fixed_port(90, 60);
+
+ } elsif ($find_free_port eq '0') {
+ $find_free_port = IO::Socket::INET->new(
+ Listen => 1,
+ LocalPort => $vnc_port,
+ ReuseAddr => 1,
+ Proto => "tcp"
+ );
+ }
+ # In all cases, at this point $find_free_port is the listening
+ # socket.
+
+ # fork a helper process to do the port redir:
+ #
+ # Actually we need to spawn 4(!) of them in case the proxy check
+ # /check.https.proxy.connection (it is by default) and the other
+ # test connections. Spawn one for each expected connection, for
+ # whatever applet parameter usage mode you set up.
+ #
+ for (my $n = 1; $n <= 4; $n++) {
+ my $pid = fork();
+ if (! defined $pid) {
+ bye("Internal Error #14");
+ } elsif ($pid) {
+ wait;
+ } else {
+ if (fork) {
+ exit 0;
+ }
+ setpgrp(0, 0);
+ handle_conn();
+ exit 0;
+ }
+ }
+
+ # We now close the listening socket:
+ #
+ close $find_free_port;
+
+ if ($rmlock) {
+ # let our process proceed a bit before removing lock.
+ sleep 1;
+ unlink $rmlock;
+ }
+
+ # Now send html to the browser so it can connect:
+ #
+ print_applet_html();
+
+ exit 0;
+}
+
+# This checks the validity of a username@host:port for the port
+# redirection mode. Finishes and exits if it is invalid.
+#
+sub check_redirect_host {
+ # First check that the host:port string is valid:
+ #
+ if ($redirect_host !~ /^\w[-\w\.]*:\d+$/) {
+ bye("Invalid Redirect Host:Port.<p>$login_str");
+ }
+ # Second, check if the allowed host file permits it:
+ #
+ if ($port_redirection_allowed_hosts ne '') {
+ if (! open(ALLOWED, "<$port_redirection_allowed_hosts")) {
+ bye("Internal Error #15");
+ }
+ my $ok = 0;
+ while (my $line = <ALLOWED>) {
+ chomp $line;
+ # skip blank lines and '#' comments:
+ next if $line =~ /^\s*$/;
+ next if $line =~ /^\s*#/;
+
+ # trim spaces from ends:
+ $line =~ s/^\s*//;
+ $line =~ s/\s*$//;
+
+ # collect host:ports in case port range given:
+ my @items;
+ if ($line =~ /^(.*):(\d+)-(\d+)$/) {
+ # port range:
+ my $host = $1;
+ my $pmin = $2;
+ my $pmax = $3;
+ for (my $p = $pmin; $p <= $pmax; $p++) {
+ push @items, "$host:$p";
+ }
+ } else {
+ push @items, $line;
+ }
+
+ # now check each item for a match:
+ foreach my $item (@items) {
+ if ($item eq 'ALL') {
+ $ok = 1;
+ last;
+ } elsif ($item =~ /@/) {
+ if ("$username\@$redirect_host" eq $item) {
+ $ok = 1;
+ last;
+ }
+ } elsif ($redirect_host eq $item) {
+ $ok = 1;
+ last;
+ }
+ }
+ # got a match:
+ last if $ok;
+ }
+ close ALLOWED;
+
+ if (! $ok) {
+ bye("Disallowed Redirect Host:Port.<p>$login_str");
+ }
+ }
+}
+
+# Much of this code is borrowed from 'connect_switch':
+#
+sub handle_conn {
+ close STDIN;
+ close STDOUT;
+ close STDERR;
+
+ $SIG{ALRM} = sub {close $find_free_port; exit 0};
+
+ # We only wait 30 secs for the redir case, esp. since
+ # we need to spawn so many helpers...
+ #
+ alarm(30);
+
+ my ($client, $ip) = $find_free_port->accept();
+
+ alarm(0);
+
+ close $find_free_port;
+
+ if (!$client) {
+ exit 1;
+ }
+
+ my ($host, $port) = split(/:/, $redirect_host);
+
+ my $sock = IO::Socket::INET->new(
+ PeerAddr => $host,
+ PeerPort => $port,
+ Proto => "tcp"
+ );
+
+ if (! $sock) {
+ close $client;
+ exit 1;
+ }
+
+ $current_fh1 = $client;
+ $current_fh2 = $sock;
+
+ $SIG{TERM} = sub {close $current_fh1; close $current_fh2; exit 0};
+
+ my $killpid = 1;
+
+ my $parent = $$;
+ if (my $child = fork()) {
+ xfer($sock, $client, 'S->C');
+ if ($killpid) {
+ fsleep(0.5);
+ kill 'TERM', $child;
+ }
+ } else {
+ xfer($client, $sock, 'C->S');
+ if ($killpid) {
+ fsleep(0.75);
+ kill 'TERM', $parent;
+ }
+ }
+ exit 0;
+}
+
+# This does socket data transfer in one direction.
+#
+sub xfer {
+ my($in, $out, $lab) = @_;
+ my ($RIN, $WIN, $EIN, $ROUT);
+ $RIN = $WIN = $EIN = "";
+ $ROUT = "";
+ vec($RIN, fileno($in), 1) = 1;
+ vec($WIN, fileno($in), 1) = 1;
+ $EIN = $RIN | $WIN;
+ my $buf;
+
+ while (1) {
+ my $nf = 0;
+ while (! $nf) {
+ $nf = select($ROUT=$RIN, undef, undef, undef);
+ }
+ my $len = sysread($in, $buf, 8192);
+ if (! defined($len)) {
+ next if $! =~ /^Interrupted/;
+ last;
+ } elsif ($len == 0) {
+ last;
+ }
+
+ my $offset = 0;
+ my $quit = 0;
+ while ($len) {
+ my $written = syswrite($out, $buf, $len, $offset);
+ if (! defined $written) {
+ $quit = 1;
+ last;
+ }
+ $len -= $written;
+ $offset += $written;
+ }
+ last if $quit;
+ }
+ close($in);
+ close($out);
+}
+
+# Sleep a small amount of time (float)
+#
+sub fsleep {
+ my ($time) = @_;
+ select(undef, undef, undef, $time) if $time;
+}
diff --git a/x11vnc/misc/inet6to4 b/x11vnc/misc/inet6to4
new file mode 100755
index 0000000..b5c2fd1
--- /dev/null
+++ b/x11vnc/misc/inet6to4
@@ -0,0 +1,400 @@
+#!/usr/bin/perl
+#
+# inet6to4: Act as an ipv6-to-ipv4 relay for tcp applications that
+# do not support ipv6.
+#
+# Usage: inet6to4 <ipv6-listen-port> <ipv4-host:port>
+# inet6to4 -r <ipv4-listen-port> <ipv6-host:port>
+#
+# Examples: inet6to4 5900 localhost:5900
+# inet6to4 8080 web1:80
+# inet6to4 -r 5900 fe80::217:f2ff:fee6:6f5a%eth0:5900
+#
+# The -r option reverses the direction of translation (e.g. for ipv4
+# clients that need to connect to ipv6 servers.) Reversing is the default
+# if this script is named 'inet4to6' (e.g. by a symlink.)
+#
+# Use Ctrl-C to stop this program.
+#
+# You can also set env. vars INET6TO4_LOOP=1 or INET6TO4_LOOP=BG
+# to have an outer loop restarting this program (BG means do that
+# in the background), and INET6TO4_LOGFILE for a log file.
+# Also set INET6TO4_VERBOSE to verbosity level and INET6TO4_WAITTIME
+# and INET6TO4_PIDFILE (see below.)
+#
+
+#-------------------------------------------------------------------------
+# Copyright (c) 2010 by Karl J. Runge <runge@karlrunge.com>
+#
+# inet6to4 is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# inet6to4 is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with inet6to4; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
+# or see <http://www.gnu.org/licenses/>.
+#-------------------------------------------------------------------------
+
+# Set up logging:
+#
+if (exists $ENV{INET6TO4_LOGFILE}) {
+ close STDOUT;
+ if (!open(STDOUT, ">>$ENV{INET6TO4_LOGFILE}")) {
+ die "inet6to4: $ENV{INET6TO4_LOGFILE} $!\n";
+ }
+ close STDERR;
+ open(STDERR, ">&STDOUT");
+}
+select(STDERR); $| = 1;
+select(STDOUT); $| = 1;
+
+# interrupt handler:
+#
+my $looppid = '';
+my $pidfile = '';
+my $listen_sock = ''; # declared here for get_out()
+#
+sub get_out {
+ print STDERR "$_[0]:\t$$ looppid=$looppid\n";
+ close $listen_sock if $listen_sock;
+ if ($looppid) {
+ kill 'TERM', $looppid;
+ fsleep(0.2);
+ }
+ unlink $pidfile if $pidfile;
+ exit 0;
+}
+$SIG{INT} = \&get_out;
+$SIG{TERM} = \&get_out;
+
+# pidfile:
+#
+sub open_pidfile {
+ if (exists $ENV{INET6TO4_PIDFILE}) {
+ my $pf = $ENV{INET6TO4_PIDFILE};
+ if (open(PID, ">$pf")) {
+ print PID "$$\n";
+ close PID;
+ $pidfile = $pf;
+ } else {
+ print STDERR "could not open pidfile: $pf - $! - continuing...\n";
+ }
+ delete $ENV{INET6TO4_PIDFILE};
+ }
+}
+
+####################################################################
+# Set INET6TO4_LOOP=1 to have this script create an outer loop
+# restarting itself if it ever exits. Set INET6TO4_LOOP=BG to
+# do this in the background as a daemon.
+
+if (exists $ENV{INET6TO4_LOOP}) {
+ my $csl = $ENV{INET6TO4_LOOP};
+ if ($csl ne 'BG' && $csl ne '1') {
+ die "inet6to4: invalid INET6TO4_LOOP.\n";
+ }
+ if ($csl eq 'BG') {
+ # go into bg as "daemon":
+ setpgrp(0, 0);
+ my $pid = fork();
+ if (! defined $pid) {
+ die "inet6to4: $!\n";
+ } elsif ($pid) {
+ wait;
+ exit 0;
+ }
+ if (fork) {
+ exit 0;
+ }
+ setpgrp(0, 0);
+ close STDIN;
+ if (! $ENV{INET6TO4_LOGFILE}) {
+ close STDOUT;
+ close STDERR;
+ }
+ }
+ delete $ENV{INET6TO4_LOOP};
+
+ if (exists $ENV{INET6TO4_PIDFILE}) {
+ open_pidfile();
+ }
+
+ print STDERR "inet6to4: starting service at ", scalar(localtime), " master-pid=$$\n";
+ while (1) {
+ $looppid = fork;
+ if (! defined $looppid) {
+ sleep 10;
+ } elsif ($looppid) {
+ wait;
+ } else {
+ exec $0, @ARGV;
+ exit 1;
+ }
+ print STDERR "inet6to4: re-starting service at ", scalar(localtime), " master-pid=$$\n";
+ sleep 1;
+ }
+ exit 0;
+}
+if (exists $ENV{INET6TO4_PIDFILE}) {
+ open_pidfile();
+}
+
+use IO::Socket::INET6;
+use strict;
+use warnings;
+
+# some settings:
+#
+my $verbose = 1; # set to 0 for no messages, 2 for more.
+my $killpid = 1; # does kill(2) at end of connection.
+my $waittime = 0.25; # time to wait between connections.
+my $reverse = 0; # -r switch (or file named inet4to6)
+
+if (exists $ENV{INET6TO4_VERBOSE}) {
+ $verbose = $ENV{INET6TO4_VERBOSE};
+}
+if (exists $ENV{INET6TO4_WAITTIME}) {
+ $waittime = $ENV{INET6TO4_WAITTIME};
+}
+
+# process command line args:
+
+if (! @ARGV || $ARGV[0] =~ '^-+h') { # -help
+ open(ME, "<$0");
+ while (<ME>) {
+ last unless /^#/;
+ next if /usr.bin.perl/;
+ $_ =~ s/# ?//;
+ print;
+ }
+ exit;
+}
+
+if ($ARGV[0] eq '-r') { # -r
+ shift;
+ $reverse = 1;
+} elsif ($0 =~ /inet4to6$/) {
+ $reverse = 1;
+}
+
+my $listen_port = shift; # ipv6-listen-port
+my $connect_to = shift; # ipv4-host:port
+
+die "no listen port or connect-to-host:port\n" if ! $listen_port || ! $connect_to;
+
+# connect to host:
+#
+my $host = '';
+my $port = '';
+if ($connect_to =~ /^(.*):(\d+)$/) {
+ $host = $1;
+ $port = $2;
+}
+die "invalid connect-to-host:port\n" if ! $host || ! $port;
+
+setpgrp(0, 0);
+
+# create listening socket:
+#
+if (!$reverse) {
+ $listen_sock = IO::Socket::INET6->new(
+ Listen => 10,
+ LocalPort => $listen_port,
+ Domain => AF_INET6,
+ ReuseAddr => 1,
+ Proto => "tcp"
+ );
+} else {
+ $listen_sock = IO::Socket::INET->new(
+ Listen => 10,
+ LocalPort => $listen_port,
+ ReuseAddr => 1,
+ Proto => "tcp"
+ );
+}
+if (! $listen_sock) {
+ die "inet6to4: $!\n";
+}
+
+# for use by the xfer helper processes' interrupt handlers:
+#
+my $current_fh1 = '';
+my $current_fh2 = '';
+
+# connection counter:
+#
+my $conn = 0;
+
+# loop forever waiting for connections:
+#
+while (1) {
+ $conn++;
+ print STDERR "listening for connection: $conn\n" if $verbose;
+ my ($client, $ip) = $listen_sock->accept();
+
+ if ($client && !$reverse && $port == $listen_port) {
+ # This happens on Darwin 'tcp46'
+ if ($client->peerhost() =~ /^::ffff:/) {
+ print STDERR "closing client we think is actually us: ",
+ $client->peerhost(), "\n";
+ close $client;
+ $client = undef;
+ }
+ }
+ if (! $client) {
+ # to throttle runaways
+ fsleep(2 * $waittime);
+ next;
+ }
+ print STDERR "conn: $conn -- ", $client->peerhost(), " at ", scalar(localtime), "\n" if $verbose;
+
+ # spawn helper:
+ #
+ my $pid = fork();
+ if (! defined $pid) {
+ die "inet6to4: $!\n";
+ } elsif ($pid) {
+ wait;
+ # to throttle runaways
+ fsleep($waittime);
+ next;
+ } else {
+ # this is to avoid zombies:
+ close $listen_sock;
+ if (fork) {
+ exit 0;
+ }
+ setpgrp(0, 0);
+ handle_conn($client);
+ }
+}
+
+exit 0;
+
+sub handle_conn {
+ my $client = shift;
+
+ my $start = time();
+
+ print STDERR "connecting to: $host:$port\n" if $verbose;
+
+ my $sock = '';
+ if (!$reverse) {
+ $sock = IO::Socket::INET->new(
+ PeerAddr => $host,
+ PeerPort => $port,
+ Proto => "tcp"
+ );
+ } else {
+ $sock = IO::Socket::INET6->new(
+ PeerAddr => $host,
+ PeerPort => $port,
+ Domain => AF_INET6,
+ Proto => "tcp"
+ );
+ }
+
+ if (! $sock) {
+ close $client;
+ die "inet6to4: $!\n";
+ }
+
+ $current_fh1 = $client;
+ $current_fh2 = $sock;
+
+ # interrupt handler:
+ #
+ $SIG{TERM} = sub {print STDERR "got sigterm\[$$]\n" if $verbose; close $current_fh1; close $current_fh2; exit 0};
+
+ # spawn another helper and transfer the data:
+ #
+ my $parent = $$;
+ if (my $child = fork()) {
+ xfer($sock, $client, 'S->C');
+ if ($killpid) {
+ fsleep(0.5);
+ kill 'TERM', $child;
+ }
+ } else {
+ xfer($client, $sock, 'C->S');
+ if ($killpid) {
+ fsleep(0.75);
+ kill 'TERM', $parent;
+ }
+ }
+
+ # done.
+ #
+ if ($verbose > 1) {
+ my $dt = time() - $start;
+ print STDERR "dt\[$$]: $dt\n";
+ }
+ exit 0;
+}
+
+# transfers data in one direction:
+#
+sub xfer {
+ my($in, $out, $lab) = @_;
+ my ($RIN, $WIN, $EIN, $ROUT);
+ $RIN = $WIN = $EIN = "";
+ $ROUT = "";
+ vec($RIN, fileno($in), 1) = 1;
+ vec($WIN, fileno($in), 1) = 1;
+ $EIN = $RIN | $WIN;
+ my $buf;
+
+ while (1) {
+ my $nf = 0;
+ while (! $nf) {
+ $nf = select($ROUT=$RIN, undef, undef, undef);
+ }
+ my $len = sysread($in, $buf, 8192);
+ if (! defined($len)) {
+ next if $! =~ /^Interrupted/;
+ print STDERR "inet6to4\[$lab/$conn/$$]: $!\n";
+ last;
+ } elsif ($len == 0) {
+ print STDERR "inet6to4\[$lab/$conn/$$]: "
+ . "Input is EOF.\n";
+ last;
+ }
+
+ if ($verbose > 4) {
+ # verbose debugging of data:
+ syswrite(STDERR , "\n$lab: ", 6);
+ syswrite(STDERR , $buf, $len);
+ }
+
+ my $offset = 0;
+ my $quit = 0;
+ while ($len) {
+ my $written = syswrite($out, $buf, $len, $offset);
+ if (! defined $written) {
+ print STDERR "inet6to4\[$lab/$conn/$$]: "
+ . "Output is EOF. $!\n";
+ $quit = 1;
+ last;
+ }
+ $len -= $written;
+ $offset += $written;
+ }
+ last if $quit;
+ }
+ close($in);
+ close($out);
+}
+
+# sleep a fraction of a second:
+#
+sub fsleep {
+ my ($time) = @_;
+ select(undef, undef, undef, $time) if $time;
+}
diff --git a/x11vnc/misc/panner.pl b/x11vnc/misc/panner.pl
new file mode 100755
index 0000000..344beee
--- /dev/null
+++ b/x11vnc/misc/panner.pl
@@ -0,0 +1,117 @@
+#!/usr/bin/perl
+#
+# panner.pl: start up x11vnc in '-clip' mode viewing a small (WxH)
+# rectangular region of the screen. Allow the viewer user
+# to 'pan' around the display region by moving the mouse.
+#
+# Remote interaction with applications, e.g. clicking a
+# button though the VNC viewer, will be very difficult.
+# This may be useful in a 'demo' mode where the user sitting
+# at the physical display is the only one moving the mouse.
+# Depending on your usage the following x11vnc options may
+# be useful: -nonap
+#
+# Usage: panner.pl WxH <x11vnc-args> (e.g. -display ...)
+# or panner.pl WxH:0.05 <x11vnc-args> (e.g. 0.05 is polling time in secs.)
+
+use strict;
+
+my $WxH = shift;
+my $poll_time;
+
+# split off poll time:
+#
+($WxH, $poll_time) = split(/:/, $WxH);
+my ($W, $H) = split(/x/, $WxH);
+
+$poll_time = 0.1 unless $poll_time ne '';
+
+# set to x11vnc command (e.g. full PATH)
+#
+my $x11vnc = "x11vnc";
+
+# check if display was given:
+#
+my $query_args = "";
+for (my $i=0; $i < @ARGV; $i++) {
+ if ($ARGV[$i] eq '-display') {
+ $query_args = "-display $ARGV[$i+1]";
+ }
+}
+
+# find the size of display and the current mouse position:
+my %v;
+vset("DIRECT:wdpy_x,wdpy_y,pointer_x,pointer_y,pointer_same");
+
+# set a -clip argument based on the above:
+#
+my $clip = '';
+clip_set();
+$clip = "${W}x${H}+0+0" unless $v{pointer_same};
+
+# launch x11vnc with -clip in the background:
+#
+my $cmd = "$x11vnc -clip $clip -bg " . join(" ", @ARGV);
+print STDERR "running: $cmd\n";
+system $cmd;
+
+# user can hit Ctrl-C or kill this script to quit (and stop x11vnc)
+#
+sub quit {
+ system("$x11vnc $query_args -R stop");
+ exit 0;
+}
+
+$SIG{INT} = \&quit;
+$SIG{TERM} = \&quit;
+
+# loop forever waiting for mouse position to change, then shift -clip:
+#
+my $clip_old = $clip;
+while (1) {
+ fsleep($poll_time);
+ vset("pointer_x,pointer_y,pointer_same");
+ next unless $v{pointer_same};
+ clip_set();
+ if ($clip ne $clip_old) {
+ system("$x11vnc $query_args -R clip:$clip");
+ $clip_old = $clip
+ }
+}
+
+exit 0;
+
+# short sleep:
+#
+sub fsleep {
+ my ($time) = @_;
+ select(undef, undef, undef, $time) if $time;
+}
+
+# set the -clip string, making sure view doesn't go off edges of display:
+#
+sub clip_set {
+ my $x = int($v{pointer_x} - $W/2);
+ my $y = int($v{pointer_y} - $H/2);
+ $x = 0 if $x < 0;
+ $y = 0 if $y < 0;
+ $x = $v{wdpy_x} - $W if $x + $W > $v{wdpy_x};
+ $y = $v{wdpy_y} - $H if $y + $H > $v{wdpy_y};
+ $clip = "${W}x${H}+$x+$y";
+}
+
+# query x11vnc for values, put results in the %v hash:
+#
+sub vset {
+ my $str = shift;
+ my $out = `$x11vnc $query_args -Q $str 2>/dev/null`;
+ chomp $out;
+ foreach my $pair (split(/,/, $out)) {
+ $pair =~ s/^a..=//;
+ my ($k, $v) = split(/:/, $pair, 2);
+ if ($k ne '' && $v ne '') {
+ print STDERR "k=$k v=$v\n" if $ENV{DEBUG};
+ $v{$k} = $v;
+ }
+ }
+}
diff --git a/x11vnc/misc/ultravnc_repeater.pl b/x11vnc/misc/ultravnc_repeater.pl
index 40af575..a305ebe 100755
--- a/x11vnc/misc/ultravnc_repeater.pl
+++ b/x11vnc/misc/ultravnc_repeater.pl
@@ -1,6 +1,6 @@
#!/usr/bin/env perl
#
-# Copyright (c) 2009 by Karl J. Runge <runge@karlrunge.com>
+# Copyright (c) 2009-2010 by Karl J. Runge <runge@karlrunge.com>
#
# ultravnc_repeater.pl is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -41,17 +41,137 @@ usage: ultravnc_repeater.pl [-r] [client_port [server_port]]
Use -r to refuse new server/client connections with an existing
server/client ID. The default is to close the previous one.
+To write to a log file set the env. var ULTRAVNC_REPEATER_LOGFILE.
+
+To run in a loop restarting the server if it exits set the env. var.
+ULTRAVNC_REPEATER_LOOP=1 or ULTRAVNC_REPEATER_LOOP=BG, the latter
+forks into the background. Set ULTRAVNC_REPEATER_PIDFILE to a file
+to store the master pid in.
+
+
Examples:
+ ultravnc_repeater.pl
ultravnc_repeater.pl -r
ultravnc_repeater.pl 5901
ultravnc_repeater.pl 5901 5501
+ env ULTRAVNC_REPEATER_LOOP=BG ULTRAVNC_REPEATER_LOGFILE=/tmp/u.log ultravnc_repeater.pl ...
+
';
-use warnings;
use strict;
+# Set up logging:
+#
+if (exists $ENV{ULTRAVNC_REPEATER_LOGFILE}) {
+ close STDOUT;
+ if (!open(STDOUT, ">>$ENV{ULTRAVNC_REPEATER_LOGFILE}")) {
+ die "ultravnc_repeater.pl: $ENV{ULTRAVNC_REPEATER_LOGFILE} $!\n";
+ }
+ close STDERR;
+ open(STDERR, ">&STDOUT");
+}
+select(STDERR); $| = 1;
+select(STDOUT); $| = 1;
+
+# interrupt handler:
+#
+my $looppid = '';
+my $pidfile = '';
+#
+sub get_out {
+ print STDERR "$_[0]:\t$$ looppid=$looppid\n";
+ if ($looppid) {
+ kill 'TERM', $looppid;
+ fsleep(0.2);
+ }
+ unlink $pidfile if $pidfile;
+ cleanup();
+ exit 0;
+}
+
+# These are overridden in actual server thread:
+#
+$SIG{INT} = \&get_out;
+$SIG{TERM} = \&get_out;
+
+# pidfile:
+#
+sub open_pidfile {
+ if (exists $ENV{ULTRAVNC_REPEATER_PIDFILE}) {
+ my $pf = $ENV{ULTRAVNC_REPEATER_PIDFILE};
+ if (open(PID, ">$pf")) {
+ print PID "$$\n";
+ close PID;
+ $pidfile = $pf;
+ } else {
+ print STDERR "could not open pidfile: $pf - $! - continuing...\n";
+ }
+ delete $ENV{ULTRAVNC_REPEATER_PIDFILE};
+ }
+}
+
+####################################################################
+# Set ULTRAVNC_REPEATER_LOOP=1 to have this script create an outer loop
+# restarting itself if it ever exits. Set ULTRAVNC_REPEATER_LOOP=BG to
+# do this in the background as a daemon.
+
+if (exists $ENV{ULTRAVNC_REPEATER_LOOP}) {
+ my $csl = $ENV{ULTRAVNC_REPEATER_LOOP};
+ if ($csl ne 'BG' && $csl ne '1') {
+ die "ultravnc_repeater.pl: invalid ULTRAVNC_REPEATER_LOOP.\n";
+ }
+ if ($csl eq 'BG') {
+ # go into bg as "daemon":
+ setpgrp(0, 0);
+ my $pid = fork();
+ if (! defined $pid) {
+ die "ultravnc_repeater.pl: $!\n";
+ } elsif ($pid) {
+ wait;
+ exit 0;
+ }
+ if (fork) {
+ exit 0;
+ }
+ setpgrp(0, 0);
+ close STDIN;
+ if (! $ENV{ULTRAVNC_REPEATER_LOGFILE}) {
+ close STDOUT;
+ close STDERR;
+ }
+ }
+ delete $ENV{ULTRAVNC_REPEATER_LOOP};
+
+ if (exists $ENV{ULTRAVNC_REPEATER_PIDFILE}) {
+ open_pidfile();
+ }
+
+ print STDERR "ultravnc_repeater.pl: starting service at ", scalar(localtime), " master-pid=$$\n";
+ while (1) {
+ $looppid = fork;
+ if (! defined $looppid) {
+ sleep 10;
+ } elsif ($looppid) {
+ wait;
+ } else {
+ exec $0, @ARGV;
+ exit 1;
+ }
+ print STDERR "ultravnc_repeater.pl: re-starting service at ", scalar(localtime), " master-pid=$$\n";
+ sleep 1;
+ }
+ exit 0;
+}
+if (exists $ENV{ULTRAVNC_REPEATER_PIDFILE}) {
+ open_pidfile();
+}
+
+# End of background/daemon stuff.
+####################################################################
+
+use warnings;
use IO::Socket::INET;
use IO::Select;
@@ -85,6 +205,7 @@ my ($RIN, $WIN, $EIN, $ROUT);
my $client_listen = IO::Socket::INET->new(
Listen => 10,
LocalPort => $client_port,
+ ReuseAddr => 1,
Proto => "tcp"
);
if (! $client_listen) {
@@ -95,6 +216,7 @@ if (! $client_listen) {
my $server_listen = IO::Socket::INET->new(
Listen => 10,
LocalPort => $server_port,
+ ReuseAddr => 1,
Proto => "tcp"
);
if (! $server_listen) {
@@ -103,7 +225,7 @@ if (! $server_listen) {
}
my $select = new IO::Select();
-if (! select) {
+if (! $select) {
cleanup();
die "$prog: select $!\n";
}
@@ -120,9 +242,6 @@ my $CURR = '';
print "watching for connections on ports $server_port/server and $client_port/client\n";
-select(STDERR); $| = 1;
-select(STDOUT); $| = 1;
-
my $alarm_sock = '';
my $got_alarm = 0;
sub alarm_handler {
diff --git a/x11vnc/remote.c b/x11vnc/remote.c
index 5985464..953f963 100644
--- a/x11vnc/remote.c
+++ b/x11vnc/remote.c
@@ -1191,7 +1191,23 @@ char *process_remote_cmd(char *cmd, int stringonly) {
goto qry;
}
p += strlen("clip:");
- if (clip_str) free(clip_str);
+ if (clip_str) {
+ int w, h, x, y;
+ free(clip_str);
+ /* try to handle easy case where WxH is unchanged: */
+ if (parse_geom(p, &w, &h, &x, &y, wdpy_x, wdpy_y)) {
+ if (cdpy_x == w && cdpy_y == h) {
+ if (x >= 0 && y >= 0) {
+ if (x + w <= wdpy_x && y + h <= wdpy_y) {
+ coff_x = x;
+ coff_y = y;
+ clip_str = strdup(p);
+ goto done;
+ }
+ }
+ }
+ }
+ }
clip_str = strdup(p);
/* OK, this requires a new fb... */
@@ -5925,15 +5941,25 @@ char *process_remote_cmd(char *cmd, int stringonly) {
}
goto qry;
}
-
- if (!strcmp(p, "pointer_pos")) {
+ if (!strcmp(p, "pointer_pos") || !strcmp(p, "pointer_x") || !strcmp(p, "pointer_y") || !strcmp(p, "pointer_same") || !strcmp(p, "pointer_root")) {
int px = -1, py = -1;
int wx, wy;
unsigned int m;
Window r, c;
+ Bool same_screen = True;
- snprintf(buf, bufn, "aro=%s:%d,%d", p, px, py);
+ if (!strcmp(p, "pointer_pos")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d,%d", p, px, py);
+ } else if (!strcmp(p, "pointer_x")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d", p, px);
+ } else if (!strcmp(p, "pointer_y")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d", p, py);
+ } else if (!strcmp(p, "pointer_same")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d", p, same_screen);
+ } else if (!strcmp(p, "pointer_root")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:0x%x", p, (unsigned int) rootwin);
+ }
if (!dpy) {
goto qry;
}
@@ -5941,12 +5967,22 @@ char *process_remote_cmd(char *cmd, int stringonly) {
goto qry;
#else
X_LOCK;
- XQueryPointer_wr(dpy, rootwin, &r, &c, &px, &py, &wx, &wy, &m);
+ same_screen = XQueryPointer_wr(dpy, rootwin, &r, &c, &px, &py, &wx, &wy, &m);
X_UNLOCK;
#endif
- snprintf(buf, bufn, "aro=%s:%d,%d", p, px, py);
- rfbLog("remote_cmd: pointer_pos: %s\n", buf);
+ if (!strcmp(p, "pointer_pos")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d,%d", p, px, py);
+ } else if (!strcmp(p, "pointer_x")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d", p, px);
+ } else if (!strcmp(p, "pointer_y")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d", p, py);
+ } else if (!strcmp(p, "pointer_same")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:%d", p, same_screen);
+ } else if (!strcmp(p, "pointer_root")) { /* skip-cmd-list */
+ snprintf(buf, bufn, "aro=%s:0x%x", p, (unsigned int) r);
+ }
+ rfbLog("remote_cmd: %s: %s\n", p, buf);
goto qry;
}
if (!strcmp(p, "bpp")) {
diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c
index 3d19834..ab2a43f 100644
--- a/x11vnc/sslhelper.c
+++ b/x11vnc/sslhelper.c
@@ -3460,6 +3460,7 @@ void accept_openssl(int mode, int presock) {
char reply[] = "HTTP/1.0 200 OK\r\n"
"Content-Type: octet-stream\r\n"
"Connection: Keep-Alive\r\n"
+ "VNC-Server: x11vnc\r\n"
"Pragma: no-cache\r\n\r\n";
/*
* special case proxy coming thru https
@@ -3503,6 +3504,7 @@ void accept_openssl(int mode, int presock) {
char reply[] = "HTTP/1.0 200 OK\r\n"
"Connection: close\r\n"
"Content-Type: octet-stream\r\n"
+ "VNC-Server: x11vnc\r\n"
"Pragma: no-cache\r\n\r\n";
rfbLog("Handling Check HTTPS request via https GET. [%d]\n", getpid());
@@ -3782,14 +3784,14 @@ void accept_openssl(int mode, int presock) {
q = strstr(rcookie, "VENCRYPT=");
if (q && sscanf(q, "VENCRYPT=%d,", &vencrypt_sel) == 1) {
if (vencrypt_sel != 0) {
- rfbLog("SSL: VENCRYPT mode=%d accepted.\n", vencrypt_sel);
+ rfbLog("SSL: VENCRYPT mode=%d accepted. helper[%d]\n", vencrypt_sel, pid);
goto accept_client;
}
}
q = strstr(rcookie, "ANONTLS=");
if (q && sscanf(q, "ANONTLS=%d,", &anontls_sel) == 1) {
if (anontls_sel != 0) {
- rfbLog("SSL: ANONTLS mode=%d accepted.\n", anontls_sel);
+ rfbLog("SSL: ANONTLS mode=%d accepted. helper[%d]\n", anontls_sel, pid);
goto accept_client;
}
}
@@ -3803,6 +3805,12 @@ void accept_openssl(int mode, int presock) {
if (strstr(rcookie, uniq) == rcookie) {
int i;
+ double https_download_wait_time = 15.0;
+
+ if (getenv("X11VNC_HTTPS_DOWNLOAD_WAIT_TIME")) {
+ https_download_wait_time = atof(getenv("X11VNC_HTTPS_DOWNLOAD_WAIT_TIME"));
+ }
+
rfbLog("SSL: BUT WAIT! HTTPS for helper process[%d] succeeded. Good.\n", pid);
if (mode != OPENSSL_HTTPS) {
last_https = dnow();
@@ -3814,6 +3822,7 @@ void accept_openssl(int mode, int presock) {
}
if (rcookie && strstr(rcookie, "VncViewer.class")) {
rfbLog("\n");
+ rfbLog("helper[%d]:\n", pid);
rfbLog("***********************************************************\n");
rfbLog("SSL: WARNING CLIENT ASKED FOR NONEXISTENT 'VncViewer.class'\n");
rfbLog("SSL: USER NEEDS TO **RESTART** HIS WEB BROWSER.\n");
@@ -3841,31 +3850,34 @@ void accept_openssl(int mode, int presock) {
}
screen->port = useport;
if (origport != useport) {
- rfbLog("SSL: -httpsredir guess port: %d\n", screen->port);
+ rfbLog("SSL: -httpsredir guess port: %d helper[%d]\n", screen->port, pid);
}
start = dnow();
- while (dnow() < start + 10.0) {
+ while (dnow() < start + https_download_wait_time) {
if (screen->httpSock >= 0) saw_httpsock = 1;
rfbPE(10000);
usleep(10000);
if (screen->httpSock >= 0) saw_httpsock = 1;
waitpid(pid, &status, WNOHANG);
if (kill(pid, 0) != 0) {
- rfbPE(10000);
- rfbPE(10000);
+ rfbLog("SSL: helper[%d] pid finished\n", pid);
break;
}
- if (saw_httpsock && screen->httpSock < 0) {
+ if (0 && saw_httpsock && screen->httpSock < 0) {
+ /* this check can kill the helper too soon. */
rfbLog("SSL: httpSock for helper[%d] went away\n", pid);
- rfbPE(10000);
- rfbPE(10000);
break;
}
}
- screen->port = origport;
rfbLog("SSL: guessing child helper[%d] https finished. dt=%.6f\n",
pid, dnow() - start);
+
+ rfbPE(10000);
+ rfbPE(10000);
+ rfbPE(10000);
+
+ screen->port = origport;
ssl_helper_pid(0, -2);
if (mode == OPENSSL_INETD) {
clean_up_exit(1);
@@ -3888,31 +3900,34 @@ void accept_openssl(int mode, int presock) {
}
}
}
- rfbLog("SSL: screen->port %d\n", screen->port);
+ rfbLog("SSL: screen->port %d for helper[%d]\n", screen->port, pid);
/* kludge for https fetch via inetd */
start = dnow();
- while (dnow() < start + 10.0) {
+ while (dnow() < start + https_download_wait_time) {
if (screen->httpSock >= 0) saw_httpsock = 1;
rfbPE(10000);
usleep(10000);
if (screen->httpSock >= 0) saw_httpsock = 1;
waitpid(pid, &status, WNOHANG);
if (kill(pid, 0) != 0) {
- rfbPE(10000);
- rfbPE(10000);
+ rfbLog("SSL: helper[%d] pid finished\n", pid);
break;
}
- if (saw_httpsock && screen->httpSock < 0) {
+ if (0 && saw_httpsock && screen->httpSock < 0) {
+ /* this check can kill the helper too soon. */
rfbLog("SSL: httpSock for helper[%d] went away\n", pid);
- rfbPE(10000);
- rfbPE(10000);
break;
}
}
rfbLog("SSL: OPENSSL_INETD guessing "
"child helper[%d] https finished. dt=%.6f\n",
pid, dnow() - start);
+
+ rfbPE(10000);
+ rfbPE(10000);
+ rfbPE(10000);
+
ssl_helper_pid(0, -2);
clean_up_exit(1);
}
diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h
index a08ebb8..534dbdd 100644
--- a/x11vnc/ssltools.h
+++ b/x11vnc/ssltools.h
@@ -1603,7 +1603,7 @@ char create_display[] =
" fi\n"
" if [ -f \"$home/.dmrc\" ]; then\n"
" if [ \"X$have_startkde\" != \"X\" ]; then\n"
-" if egrep -i 'Session=(default|kde)' \"$home/.dmrc\" > /dev/null; then\n"
+" if egrep -i 'Session=kde' \"$home/.dmrc\" > /dev/null; then\n"
" echo \"$have_startkde\"\n"
" return\n"
" fi\n"
@@ -1632,6 +1632,18 @@ char create_display[] =
" fi\n"
" \n"
" done\n"
+" if egrep -i 'Session=default' \"$home/.dmrc\" > /dev/null; then\n"
+" if [ \"X$have_gnome_session\" != \"X\" ]; then\n"
+" echo \"$have_gnome_session\"\n"
+" return\n"
+" elif [ \"X$have_startkde\" != \"X\" ]; then\n"
+" echo \"$have_startkde\"\n"
+" return\n"
+" elif [ \"X$have_startxfce\" != \"X\" ]; then\n"
+" echo \"$have_startxfce\"\n"
+" return\n"
+" fi\n"
+" fi\n"
" fi\n"
" if [ -f \"$home/.xsession\" ]; then\n"
" echo \"$home/.xsession\"\n"
@@ -1851,19 +1863,30 @@ char create_display[] =
"\n"
" if [ \"X$use_xdmcp_query\" = \"X1\" ]; then\n"
" # we cannot use -nolisten tcp\n"
-" echo \"$* -once -query localhost $FD_OPTS\" 1>&2\n"
+" if [ \"X$FD_XDMCP_IF\" != \"X\" ]; then\n"
+" lhost=$FD_XDMCP_IF\n"
+" elif [ \"X$have_netstat\" = \"X\" ]; then\n"
+" lhost=localhost\n"
+" elif $have_netstat -an | grep -w 177 | grep -w udp > /dev/null; then\n"
+" lhost=localhost\n"
+" elif $have_netstat -an | grep -w 177 | grep -w udp6 > /dev/null; then\n"
+" lhost=::1\n"
+" else\n"
+" lhost=localhost\n"
+" fi\n"
+" echo \"$* -once -query $lhost $FD_OPTS\" 1>&2\n"
" if [ \"X$have_root\" != \"X\" ]; then\n"
" if [ -r $authfile ]; then\n"
-" $have_nohup $* -once -query localhost -auth $authfile $FD_OPTS 1>&2 &\n"
+" $have_nohup $* -once -query $lhost -auth $authfile $FD_OPTS 1>&2 &\n"
" else\n"
" # why did we have this?\n"
-" $have_nohup $* -once -query localhost $FD_OPTS 1>&2 &\n"
+" $have_nohup $* -once -query $lhost $FD_OPTS 1>&2 &\n"
" fi\n"
" else\n"
" if [ \"X$ns\" = \"X0\" ]; then\n"
-" $have_nohup sh -c \"$* -once -query localhost -auth $authfile $FD_OPTS\" 1>&2 &\n"
+" $have_nohup sh -c \"$* -once -query $lhost -auth $authfile $FD_OPTS\" 1>&2 &\n"
" else\n"
-" $have_nohup sh -c \"(sleep $ns; $* -once -query localhost -auth $authfile $FD_OPTS)\" 1>&2 &\n"
+" $have_nohup sh -c \"(sleep $ns; $* -once -query $lhost -auth $authfile $FD_OPTS)\" 1>&2 &\n"
" #result=1\n"
" fi\n"
" fi\n"
diff --git a/x11vnc/user.c b/x11vnc/user.c
index 12783f0..be2370e 100644
--- a/x11vnc/user.c
+++ b/x11vnc/user.c
@@ -1956,7 +1956,7 @@ static char *build_create_cmd(char *cmd, int *saw_xdmcp, char *usslpeer, char *t
char st[] = "";
char fdgeom[128], fdsess[128], fdopts[128], fdextra[256], fdprog[128];
char fdxsrv[128], fdxdum[128], fdcups[128], fdesd[128];
- char fdnas[128], fdsmb[128], fdtag[128];
+ char fdnas[128], fdsmb[128], fdtag[128], fdxdmcpif[128];
char cdout[128];
if (opts) {
@@ -1980,6 +1980,7 @@ static char *build_create_cmd(char *cmd, int *saw_xdmcp, char *usslpeer, char *t
fdnas[0] = '\0';
fdsmb[0] = '\0';
fdtag[0] = '\0';
+ fdxdmcpif[0] = '\0';
cdout[0] = '\0';
if (unixpw && keep_unixpw_opts && keep_unixpw_opts[0] != '\0') {
@@ -2122,6 +2123,9 @@ static char *build_create_cmd(char *cmd, int *saw_xdmcp, char *usslpeer, char *t
if (fdtag[0] == '\0' && getenv("FD_TAG")) {
snprintf(fdtag, 120, "%s", getenv("FD_TAG"));
}
+ if (fdxdmcpif[0] == '\0' && getenv("FD_XDMCP_IF")) {
+ snprintf(fdxdmcpif, 120, "%s", getenv("FD_XDMCP_IF"));
+ }
if (fdxdum[0] == '\0' && getenv("FD_XDUMMY_RUN_AS_ROOT")) {
snprintf(fdxdum, 120, "%s", getenv("FD_XDUMMY_RUN_AS_ROOT"));
}
@@ -2139,6 +2143,7 @@ static char *build_create_cmd(char *cmd, int *saw_xdmcp, char *usslpeer, char *t
if (strchr(fdnas, '\'')) fdnas[0] = '\0';
if (strchr(fdsmb, '\'')) fdsmb[0] = '\0';
if (strchr(fdtag, '\'')) fdtag[0] = '\0';
+ if (strchr(fdxdmcpif, '\'')) fdxdmcpif[0] = '\0';
if (strchr(fdxdum, '\'')) fdxdum[0] = '\0';
if (strchr(fdsess, '\'')) fdsess[0] = '\0';
if (strchr(cdout, '\'')) cdout[0] = '\0';
@@ -2153,6 +2158,7 @@ static char *build_create_cmd(char *cmd, int *saw_xdmcp, char *usslpeer, char *t
set_env("FD_NAS", fdnas);
set_env("FD_SMB", fdsmb);
set_env("FD_TAG", fdtag);
+ set_env("FD_XDMCP_IF", fdxdmcpif);
set_env("FD_XDUMMY_RUN_AS_ROOT", fdxdum);
set_env("FD_SESS", fdsess);
@@ -2176,6 +2182,7 @@ static char *build_create_cmd(char *cmd, int *saw_xdmcp, char *usslpeer, char *t
+ strlen("FD_NAS='' ")
+ strlen("FD_SMB='' ")
+ strlen("FD_TAG='' ")
+ + strlen("FD_XDMCP_IF='' ")
+ strlen("FD_XDUMMY_RUN_AS_ROOT='' ")
+ strlen("FD_SESS='' /bin/sh ")
+ strlen(uu) + 1
@@ -2189,16 +2196,17 @@ static char *build_create_cmd(char *cmd, int *saw_xdmcp, char *usslpeer, char *t
+ strlen(fdnas) + 1
+ strlen(fdsmb) + 1
+ strlen(fdtag) + 1
+ + strlen(fdxdmcpif) + 1
+ strlen(fdxdum) + 1
+ strlen(fdsess) + 1
+ strlen(cdout) + 1
+ strlen(opts) + 1);
sprintf(create_cmd, "env USER='%s' FD_GEOM='%s' FD_SESS='%s' "
"FD_OPTS='%s' FD_EXTRA='%s' FD_PROG='%s' FD_XSRV='%s' FD_CUPS='%s' "
- "FD_ESD='%s' FD_NAS='%s' FD_SMB='%s' FD_TAG='%s' "
+ "FD_ESD='%s' FD_NAS='%s' FD_SMB='%s' FD_TAG='%s' FD_XDMCP_IF='%s' "
"FD_XDUMMY_RUN_AS_ROOT='%s' %s /bin/sh %s %s",
uu, fdgeom, fdsess, fdopts, fdextra, fdprog, fdxsrv,
- fdcups, fdesd, fdnas, fdsmb, fdtag, fdxdum, cdout, tmp, opts);
+ fdcups, fdesd, fdnas, fdsmb, fdtag, fdxdmcpif, fdxdum, cdout, tmp, opts);
} else {
create_cmd = (char *) malloc(strlen(tmp)
+ strlen("/bin/sh ") + 1 + strlen(opts) + 1);
diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1
index 4d193c3..41e41ad 100644
--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
@@ -1,8 +1,8 @@
.\" This file was automatically generated from x11vnc -help output.
-.TH X11VNC "1" "February 2010" "x11vnc " "User Commands"
+.TH X11VNC "1" "March 2010" "x11vnc " "User Commands"
.SH NAME
x11vnc - allow VNC connections to real X11 displays
- version: 0.9.10, lastmod: 2010-02-21
+ version: 0.9.10, lastmod: 2010-03-20
.SH SYNOPSIS
.B x11vnc
[OPTION]...
@@ -558,6 +558,11 @@ to the program location and in standard locations
\fB-http_ssl\fR
.IP
As \fB-http,\fR but force lookup for ssl classes subdir.
+.IP
+Note that for HTTPS, single-port Java applet delivery
+you can set X11VNC_HTTPS_DOWNLOAD_WAIT_TIME to the
+max number of seconds to wait for the applet download
+to finish. The default is 15.
.PP
\fB-avahi\fR
.IP
@@ -1061,9 +1066,31 @@ Use "deny" to explicitly deny some users if you use
the user is allowed, but the option values associated
with it do apply as normal.
.IP
-There are also some utilities for testing password
+There are also some utilities for checking passwords
if [list] starts with the "%" character. See the
-quick_pw() function in the source for details.
+quick_pw() function for more details. Description:
+"%-" or "%stdin" means read one line from stdin.
+"%env" means it is in $UNIXPW env var. A leading
+"%/" or "%." means read the first line from the
+filename that follows after the % character. % by
+itself means prompt for the username and password.
+Otherwise: %user:pass E.g. \fB-unixpw\fR %fred:swordfish
+For the other cases user:pass is read from the indicated
+source. If the password is correct 'Y user' is printed
+and the program exit code is 0. If the password is
+incorrect it prints 'N user' and the exit code is 1.
+If there is some other error the exit code is 2.
+This feature enables x11vnc to be a general unix user
+password checking tool; it could be used from scripts
+or other programs. These % password checks also apply
+to the \fB-unixpw_nis\fR and \fB-unixpw_cmd\fR options.
+.IP
+For the % password check, if the env. var. UNIXPW_CMD
+is set to a command then it is run as the user (assuming
+the password is correct.) The output of the command is
+not printed, the program or script must manage that by
+some other means. The exit code of x11vnc will depend
+on the exit code of the command that is run.
.IP
Use \fB-nounixpw\fR to disable unixpw mode if it was enabled
earlier in the cmd line (e.g. \fB-svc\fR mode)
@@ -1184,8 +1211,11 @@ and if it has the permissions to do so.
.PP
\fB-find\fR
.IP
-Find the user's display using FINDDISPLAY. This is an
-alias for "\fB-display\fR \fIWAIT:cmd=FINDDISPLAY\fR".
+Find the user's display using FINDDISPLAY. This
+is an alias for "\fB-display\fR \fIWAIT:cmd=FINDDISPLAY\fR".
+.IP
+Note: if a \fB-display\fR occurs later on the command line
+it will override the \fB-find\fR setting.
.IP
For this and the next few options see \fB-display\fR WAIT:...
below for all of the details.
@@ -1232,6 +1262,9 @@ if that doesn't succeed create an X session via the
FINDCREATEDISPLAY method. This is an alias for
"\fB-display\fR \fIWAIT:cmd=FINDCREATEDISPLAY-Xvfb\fR".
.IP
+Note: if a \fB-display\fR occurs later on the command line
+it will override the \fB-create\fR setting.
+.IP
SSH NOTE: for both \fB-find\fR and \fB-create\fR you can (should!)
add the "\fB-localhost\fR" option to force SSH tunnel access.
.PP
@@ -1263,6 +1296,10 @@ Example: \fB-svc\fR ... \fB-create_xsrv\fR Xdummy,X
Terminal services mode based on SSL access. Alias for
\fB-display\fR WAIT:cmd=FINDCREATEDISPLAY-Xvfb \fB-unixpw\fR \fB-users\fR
unixpw= \fB-ssl\fR SAVE Also "\fB-service\fR".
+.IP
+Note: if a \fB-display,\fR \fB-unixpw,\fR \fB-users,\fR or \fB-ssl\fR occurs
+later on the command line it will override the \fB-svc\fR
+setting.
.PP
\fB-svc_xdummy\fR
.IP
@@ -1282,6 +1319,10 @@ Display manager Terminal services mode based on SSL.
Alias for \fB-display\fR WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp
\fB-unixpw\fR \fB-users\fR unixpw= \fB-ssl\fR SAVE Also "\fB-xdm_service\fR".
.IP
+Note: if a \fB-display,\fR \fB-unixpw,\fR \fB-users,\fR or \fB-ssl\fR occurs
+later on the command line it will override the \fB-xdmsvc\fR
+setting.
+.IP
To create a session a user will have to first log in
to the \fB-unixpw\fR dialog and then log in again to the
XDM/GDM/KDM prompt. Subsequent re-connections will
@@ -1654,6 +1695,11 @@ to be a unique name for the session, it is set as an
X property, that makes FINDDISPLAY only find sessions
with that tag value.
.IP
+Set FD_XDMCP_IF to the network interface that the
+display manager is running on; default is 'localhost'
+but you may need to set it to '::1' on some IPv6 only
+systems or misconfigured display managers.
+.IP
If you want the FINDCREATEDISPLAY session to contact an
XDMCP login manager (xdm/gdm/kdm) on the same machine,
then use "Xvfb.xdmcp" instead of "Xvfb", etc.
@@ -2370,7 +2416,7 @@ exits.
.IP
Use the
.IR stunnel (8)
-(www.stunnel.org) to provide an
+(stunnel.mirt.net) to provide an
encrypted SSL tunnel between viewers and x11vnc.
.IP
This external tunnel method was implemented prior to the
@@ -5838,6 +5884,14 @@ grab_state get state of pointer and keyboard grab.
.IP
pointer_pos print XQueryPointer x,y cursor position.
.IP
+pointer_x print XQueryPointer x cursor position.
+.IP
+pointer_y print XQueryPointer y cursor position.
+.IP
+pointer_same print XQueryPointer ptr on same screen.
+.IP
+pointer_root print XQueryPointer curr ptr rootwin.
+.IP
mouse_x print x11vnc's idea of cursor position.
.IP
mouse_y print x11vnc's idea of cursor position.
@@ -6234,18 +6288,18 @@ loop loopbg desktopname guess_desktop guess_dbus
http_url auth xauth users rootshift clipshift scale_str
scaled_x scaled_y scale_numer scale_denom scale_fac_x
scale_fac_y scaling_blend scaling_nomult4 scaling_pad
-scaling_interpolate inetd privremote unsafe safer
-nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
-ssl_pem sslverify stunnel stunnel_pem https httpsredir
-usepw using_shm logfile o flag rmflag rc norc h help
-V version lastmod bg sigpipe threads readrate netrate
-netlatency pipeinput clients client_count pid ext_xtest
-ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
-ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
-num_buttons button_mask mouse_x mouse_y grab_state
-pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x
-wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth
-passwd viewpasswd
+scaling_interpolate inetd privremote unsafe safer nocmds
+passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem
+sslverify stunnel stunnel_pem https httpsredir usepw
+using_shm logfile o flag rmflag rc norc h help V version
+lastmod bg sigpipe threads readrate netrate netlatency
+pipeinput clients client_count pid ext_xtest ext_xtrap
+ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
+ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
+button_mask mouse_x mouse_y grab_state pointer_pos
+pointer_x pointer_y pointer_same pointer_root bpp depth
+indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
+cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
.PP
\fB-QD\fR \fIvariable\fR
.IP
diff --git a/x11vnc/x11vnc.c b/x11vnc/x11vnc.c
index d3a4b7c..d659651 100644
--- a/x11vnc/x11vnc.c
+++ b/x11vnc/x11vnc.c
@@ -1321,10 +1321,10 @@ static void quick_pw(char *str) {
if (db) fprintf(stderr, "quick_pw: %s\n", str);
if (! str || str[0] == '\0') {
- exit(1);
+ exit(2);
}
if (str[0] != '%') {
- exit(1);
+ exit(2);
}
/*
* "%-" or "%stdin" means read one line from stdin.
@@ -1339,19 +1339,19 @@ static void quick_pw(char *str) {
*/
if (!strcmp(str, "%-") || !strcmp(str, "%stdin")) {
if(fgets(tmp, 1024, stdin) == NULL) {
- exit(1);
+ exit(2);
}
q = strdup(tmp);
} else if (!strcmp(str, "%env")) {
if (getenv("UNIXPW") == NULL) {
- exit(1);
+ exit(2);
}
q = strdup(getenv("UNIXPW"));
} else if (!strcmp(str, "%%") || !strcmp(str, "%")) {
char *t, inp[1024];
fprintf(stdout, "username: ");
if(fgets(tmp, 128, stdin) == NULL) {
- exit(1);
+ exit(2);
}
strcpy(inp, tmp);
t = strchr(inp, '\n');
@@ -1367,7 +1367,7 @@ static void quick_pw(char *str) {
if(fgets(tmp, 128, stdin) == NULL) {
fprintf(stdout, "\n");
system("stty echo");
- exit(1);
+ exit(2);
}
system("stty echo");
fprintf(stdout, "\n");
@@ -1376,10 +1376,10 @@ static void quick_pw(char *str) {
} else if (str[1] == '/' || str[1] == '.') {
FILE *in = fopen(str+1, "r");
if (in == NULL) {
- exit(1);
+ exit(2);
}
if(fgets(tmp, 1024, in) == NULL) {
- exit(1);
+ exit(2);
}
q = strdup(tmp);
} else {
@@ -1392,7 +1392,7 @@ static void quick_pw(char *str) {
}
if ((q = strchr(p, ':')) == NULL) {
- exit(1);
+ exit(2);
}
*q = '\0';
if (db) fprintf(stderr, "'%s' '%s'\n", p, q+1);
@@ -1413,7 +1413,8 @@ static void quick_pw(char *str) {
exit(1);
}
} else {
- if (su_verify(p, q+1, NULL, NULL, NULL, 1)) {
+ char *ucmd = getenv("UNIXPW_CMD");
+ if (su_verify(p, q+1, ucmd, NULL, NULL, 1)) {
fprintf(stdout, "Y %s\n", p);
exit(0);
} else {
@@ -1422,7 +1423,7 @@ static void quick_pw(char *str) {
}
}
/* NOTREACHED */
- exit(1);
+ exit(2);
}
static void print_settings(int try_http, int bg, char *gui_str) {
@@ -2629,7 +2630,7 @@ int main(int argc, char* argv[]) {
if (s[0] == '%') {
unixpw_list = NULL;
quick_pw(s);
- exit(1);
+ exit(2);
}
}
if (strstr(arg, "_unsafe")) {
diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c
index 42211e2..740b4a3 100644
--- a/x11vnc/x11vnc_defs.c
+++ b/x11vnc/x11vnc_defs.c
@@ -47,7 +47,7 @@ int xtrap_base_event_type = 0;
int xdamage_base_event_type = 0;
/* date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.9.10 lastmod: 2010-02-21";
+char lastmod[] = "0.9.10 lastmod: 2010-03-20";
/* X display info */