diff options
author | runge <runge> | 2008-09-14 19:28:25 +0000 |
---|---|---|
committer | runge <runge> | 2008-09-14 19:28:25 +0000 |
commit | 95d7788eb062a6c6ba07bee516e4e8f1cc8a4db4 (patch) | |
tree | 37da2bfec58413d02c9fbe59f86e848bf0fec348 /x11vnc/misc/enhanced_tightvnc_viewer | |
parent | d5cba7a574a667f5321194cb05d0b4adcb995866 (diff) | |
download | libtdevnc-95d7788eb062a6c6ba07bee516e4e8f1cc8a4db4.tar.gz libtdevnc-95d7788eb062a6c6ba07bee516e4e8f1cc8a4db4.zip |
x11vnc: -sleepin m-n for random sleep. More mktemp and mkstemp
protections. SSL_INIT_TIMEOUT=n env. var. Fix macosx console
X call bug. Synchronize other projects sources.
Diffstat (limited to 'x11vnc/misc/enhanced_tightvnc_viewer')
7 files changed, 1193 insertions, 897 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/README b/x11vnc/misc/enhanced_tightvnc_viewer/README index a6b138d..dec6269 100644 --- a/x11vnc/misc/enhanced_tightvnc_viewer/README +++ b/x11vnc/misc/enhanced_tightvnc_viewer/README @@ -129,6 +129,9 @@ The enhanced TightVNC viewer features are: - Support for UltraVNC Single Click operation. (both unencrypted: SC I, and SSL encrypted: SC III) + - Support for UltraVNC DSM Encryption Plugin mode. (ARC4 and + AESV2, but not MSRC4 yet) + - Instead of hostname:display one can also supply "exec=command args..." to connect the viewer to the stdio of an external command (e.g. stunnel or socat) rather than using a TCP/IP socket. diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer index d12f5ce..9b456b2 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer @@ -39,7 +39,8 @@ # and then a 2nd CONNECT to the destination VNC server.) # # Use socks://host:port, socks4://host:port, or socks5://host,port -# to force usage of a SOCKS proxy. Also repeater://host:port. +# to force usage of a SOCKS proxy. Also repeater://host:port and +# sslrepeater://host:port. # # -showcert Only fetch the certificate using the 'openssl s_client' # command (openssl(1) must in installed). @@ -284,6 +285,19 @@ fi orig="$1" shift +# set up special case of ultravnc single click III mode: +if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then + pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'` + pstr1=`echo "$pstr" | sed -e 's/+.*$//'` + pstr2=`echo "$pstr" | sed -e 's/^[^+]*+//'` + SSVNC_REPEATER="SCIII=$pstr2"; export SSVNC_REPEATER + orig=$pstr1 + echo + echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''" + proxy="" +fi + + # check -ssh and -mycert/-verify conflict: if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then @@ -322,6 +336,14 @@ elif echo "$orig" | grep '^vnc+ssh://' > /dev/null; then use_ssh=1 fi +if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then + verify="" + mycert="" + use_ssh="" + use_sshssl="" + direct_connect=1 +fi + # (possibly) tell the vncviewer to only listen on lo: if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then VNCVIEWER_LISTEN_LOCALHOST=1 @@ -472,6 +494,14 @@ final() { kill -KILL "$stunnel_pid" 2>/dev/null stunnel_pid="" fi + if [ "X$dsm_pid" != "X" ]; then + echo "Terminating background ultravnc_dsm_helper process" + echo kill -TERM "$dsm_pid" + kill -TERM "$dsm_pid" 2>/dev/null + sleep 1 + kill -KILL "$dsm_pid" 2>/dev/null + stunnel_pid="" + fi if [ "X$tail_pid" != "X" ]; then kill -TERM $tail_pid fi @@ -517,6 +547,19 @@ fi # a portable, but not absolutely safe, tmp file creator mytmp() { tf=$1 + if type mktemp > /dev/null 2>&1; then + # if we have mktemp(1), use it: + tf2="$tf.XXXXXX" + tf2=`mktemp "$tf2"` + if [ "X$tf2" != "X" -a -f "$tf2" ]; then + if [ "X$DEBUG_MKTEMP" != "X" ]; then + echo "mytmp-mktemp: $tf2" 1>&2 + fi + echo "$tf2" + return + fi + fi + # fallback to multiple cmds: rm -rf "$tf" || exit 1 if [ -d "$tf" ]; then echo "tmp file $tf still exists as a directory." @@ -531,6 +574,10 @@ mytmp() { touch "$tf" || exit 1 chmod 600 "$tf" || exit 1 rchk + if [ "X$DEBUG_MKTEMP" != "X" ]; then + echo "mytmp-touch: $tf" 1>&2 + fi + echo "$tf" } # trick for the undocumented rsh://host:port method. @@ -1099,8 +1146,8 @@ Kecho sproxy1_host=$sproxy1_host Kecho sproxy1_port=$sproxy1_port Kecho sproxy1_user=$sproxy1_user - ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl" - mytmp "$ptmp" + ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl" + ptmp=`mytmp "$ptmp"` PPROXY_REMOVE=1; export PPROXY_REMOVE proxy=$pproxy port_save=$port @@ -1241,8 +1288,8 @@ Kecho proxy=$proxy rc=$? elif [ "X$getport" != "X" ]; then - tport=/tmp/tport${RANDOM}.$$ - mytmp $tport + tport=/tmp/ss_vncviewer_tport${RANDOM}.$$ + tport=`mytmp "$tport"` if [ "X$rsh" != "X1" ]; then if echo "$ssh_cmd" | grep -w sudo > /dev/null; then @@ -1441,7 +1488,7 @@ fi ptmp="" if [ "X$proxy" != "X" ]; then ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl" - mytmp "$ptmp" + ptmp=`mytmp "$ptmp"` PPROXY_REMOVE=1; export PPROXY_REMOVE pcode "$ptmp" if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then @@ -1484,7 +1531,14 @@ if [ "X$showcert" = "X1" ]; then fi if [ "X$direct_connect" != "X" ]; then - if [ "X$getport" = "X" ]; then + if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then + SSVNC_NO_ENC_WARN=1 + echo "" + echo "Using UltraVNC DSM Plugin key for encryption:" + echo "" + echo " $SSVNC_ULTRA_DSM PORT HOST:PORT" + echo "" + elif [ "X$getport" = "X" ]; then echo "" echo "Running viewer for direct connection:" echo "" @@ -1508,9 +1562,22 @@ if [ "X$direct_connect" != "X" ]; then fi echo "" if [ "X$ptmp" != "X" ]; then - PPROXY_LISTEN=$use - export PPROXY_LISTEN + if [ "X$reverse" = "X" ]; then + PPROXY_LISTEN=$use + export PPROXY_LISTEN + else + PPROXY_REVERSE="localhost:$use" + export PPROXY_REVERSE + pps=3 + if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then + pps=`expr $pps + $SSVNC_EXTRA_SLEEP` + fi + PPROXY_SLEEP=$pps; export PPROXY_SLEEP; + PPROXY_KILLPID=+1; export PPROXY_KILLPID; + fi + $ptmp & + if [ "X$reverse" = "X" ]; then #sleep 2 #echo T sleep 1 @@ -1518,29 +1585,52 @@ if [ "X$direct_connect" != "X" ]; then fi host="localhost" disp="$N" + port=`expr $disp + 5900` fi if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then echo "T sleep $SSVNC_EXTRA_SLEEP" sleep $SSVNC_EXTRA_SLEEP fi if [ "X$reverse" = "X" ]; then - echo "$VNCVIEWERCMD" "$@" $host:$disp + hostdisp="$host:$disp" + if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then + hostdisp="exec=$SSVNC_ULTRA_DSM 0 $host:$port" + fi + echo "$VNCVIEWERCMD" "$@" "$hostdisp" trap "final" 0 2 15 echo "" - $VNCVIEWERCMD "$@" $host:$disp + $VNCVIEWERCMD "$@" "$hostdisp" if [ $? != 0 ]; then echo "vncviewer command failed: $?" if [ "X$secondtry" = "X1" ]; then sleep 2 - $VNCVIEWERCMD "$@" $host:$disp + $VNCVIEWERCMD "$@" "$hostdisp" fi fi else echo "" echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode." echo "" - echo "$VNCVIEWERCMD" "$@" -listen $disp trap "final" 0 2 15 + if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then + echo "NOTE: The ultravnc_dsm_helper only runs once. So after the first LISTEN" + echo " ends, you will have to Press Ctrl-C and restart for a new connection." + echo "" + dport=`expr 5500 + $disp` + cmd="$SSVNC_ULTRA_DSM $dport localhost:$use" + echo "Running:" + echo + echo "$cmd &" + echo + $cmd & + dsm_pid=$! + sleep 2 + disp=$use + if [ $disp -ge 5500 ]; then + disp=`expr $disp - 5500` + fi + fi + echo "$VNCVIEWERCMD" "$@" -listen $disp echo "" $VNCVIEWERCMD "$@" -listen $disp fi @@ -1548,12 +1638,13 @@ if [ "X$direct_connect" != "X" ]; then fi tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$ -mytmp "$tmp_cfg" +tmp_cfg=`mytmp "$tmp_cfg"` # make_tcert is no longer invoked via the ssvnc gui (Listen mode). # make_tcert is for testing only now via -mycert BUILTIN make_tcert() { - tcert="/tmp/tcert${RANDOM}.$$" + tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$" + tcert=`mytmp "$tcert"` cat > $tcert <<END -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN @@ -1617,7 +1708,7 @@ fi if [ "X$reverse" = "X" ]; then - if echo "$proxy" | grep repeater:// > /dev/null; then + if echo "$proxy" | grep "^repeater://" > /dev/null; then if [ "X$cert" = "XBUILTIN" ]; then ttcert=`make_tcert` cert="cert = $ttcert" diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl index 3e296c6..4ba5a86 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl @@ -356,14 +356,15 @@ proc help {} { started directed to the local port of the SSL tunnel which, in turn, encrypts and redirects the connection to the remote VNC server. - The remote VNC server MUST support an initial SSL handshake before - using the VNC protocol (i.e. VNC is tunnelled through the SSL channel - after it is established). "x11vnc -ssl ..." does this, and any VNC - server can be made to do this by using, e.g., STUNNEL on the remote side. + The remote VNC server **MUST** support an initial SSL handshake + before using the VNC protocol (i.e. VNC is tunnelled through the SSL + channel after it is established). "x11vnc -ssl ..." does this, + and any VNC server can be made to do this by using, e.g., STUNNEL + or socat on the remote side. Automatic SSH tunnels are described below. - See tip 5) below for how to disable encryption. + See Tip 5) below for how to disable encryption. Port numbers: @@ -395,16 +396,18 @@ proc help {} { and so the first time you connect to a new server you may need to follow a few dialogs to inspect and save the server certificate. See the "Certs... -> Help" for information on how to manage certificates. + "Verify All Certs" is on by default. However, "Fetch Cert" and "Verify All Certs" are currently disabled in the rare "SSH + SSL" usage mode (e.g. SSH is used to enter a firewall gateway, and then SSL is tunneled through that to reach - the workstation). You are always free to use a "ServerCert" (under - "Certs...") to authenticate SSL Servers against. + the workstation). This is to avoid having to SSH in twice. You are + always free to use a "ServerCert" ("Certs..." button) to authenticate + SSL Servers against. - Windows STUNNEL: + Windows STUNNEL problems: Note that on Windows when the Viewer connection is finished you will be prompted if you want SSVNC to try to kill the STUNNEL process @@ -423,8 +426,8 @@ proc help {} { VNC Password: - On Unix or MacOSX IF there is a VNC password for the server you - can enter it in the "VNC Password:" entry box. + On Unix or MacOSX *IF* there is a VNC password for the server you + can enter it in the "VNC Password:" entry box. This is *REQUIRED* on MacOSX when Chicken of the VNC is used. @@ -462,7 +465,7 @@ proc help {} { local users (not just the user running SSVNC.) If the untrusted local user tries to connect to these ports, he may - succeed in varying degrees to gain access to the remote machine. + succeed by varying degrees to gain access to the remote machine. We now list some safeguards one can put in place to try to make this more difficult to acheive. @@ -519,11 +522,12 @@ proc help {} { SSH: - Click on "Use SSH" if you want to use an *SSH* tunnel instead of SSL - (then the VNC Server does not need to speak SSL or use STUNNEL). + Click on "Use SSH" if you want to use an *SSH* tunnel instead of + SSL (then the VNC Server does not need to speak SSL or use STUNNEL + or socat). You will need to be able to login to your account on the remote host - via SSH (e.g. via password or ssh-agent). + via SSH (e.g. via password, ssh keys, or ssh-agent). Specify the SSH hostname and VNC display in the VNC Host:Display entry. Use something like: @@ -531,7 +535,7 @@ proc help {} { username@far-away.east:0 if your remote username is different from the one on the local viewer - machine. On Windows you MUST supply the "username@" part. + machine. On Windows you *MUST* supply the "username@" part. "SSH + SSL" is similar but its use is more rare because it requires 2 encrypted tunnels to reach the VNC server. See the Help under Options @@ -548,7 +552,7 @@ proc help {} { In SSH or SSH + SSL mode you can also specify a remote command to run on the remote ssh host in the "Remote SSH Command" entry. The default is just to sleep a bit (e.g. sleep 30) to make sure - the port tunnels are established. Alternatively you could have the + the tunnel ports are established. Alternatively you could have the remote command start the VNC server, e.g. x11vnc -display :0 -rfbport 5900 -localhost -nopw @@ -587,10 +591,56 @@ proc help {} { see the Tips 5 and 9 below for more about the URL-like syntax. + SSL Certificates: + + If you want to use a SSL Certificate (PEM) file to authenticate + yourself to the VNC server ("MyCert") and/or to verify the identity + of the VNC Server ("ServerCert" or "CertsDir") select the certificate + file by clicking the "Certs ..." button before connecting. + + Certificate verification is needed to prevent Man-In-The-Middle + attacks; if it is not done then only passive network sniffing attacks + are prevented. See the x11vnc documentation: + + http://www.karlrunge.com/x11vnc/ssl.html + + for how to create and use PEM SSL certificate files. An easy way is: + + x11vnc -ssl SAVE ... + + where it will print out its automatically generated certificate to + the screen and that can be safely copied to the viewer side. + + You can also use the "Create Certificate" feature of this program + under "Certs ...". Just click on it and follow the instructions in + the dialog. Then copy the cert file to the VNC Server and specify + the other one in the "Certs ..." dialog. + + Alternatively you can use the "Import Certificate" action to paste + in a certificate or read one in from a file. Or you can use the + "Fetch Cert" button on the main panel. If "Verify All Certs" is + checked, you will be forced to check Certs of any new servers the + first time you connect. + + Note that "Verify All Certs" is on by default so that users who do + not understand the SSL Man-In-The-Middle problem will not be left + completely vulnerable to it (everyone still must make the effort to + verify new certificates by an external method to be completely safe). + + To have "Verify All Certs" toggled off at startup, use "ssvnc -nv" + or set SSVNC_NO_VERIFY_ALL=1 before starting. If you do not even want + to see the button, use "ssvnc -nvb" or SSVNC_NO_VERIFY_ALL_BUTTON=1. + + + + Here we start a number of long sections on all sorts of proxies, Web, + SOCKS, ssh, UltraVNC, Single Click, etc., etc. + + Proxies/Gateways: If an intermediate proxy is needed to make the SSL connection - (e.g. web gateway out of a firewall) enter it in the "Proxy/Gateway" + (e.g. a web gateway out of a firewall) enter it in the "Proxy/Gateway" entry box: VNC Host-Display: host:number @@ -640,7 +690,7 @@ proc help {} { For example if a company had a central login server: "ssh.company.com" (accessible from the internet) and the internal workstation name was - "joes-pc", one could put in for the + "joes-pc", one could put this in: VNC Host:Display: joes-pc:0 Proxy/Gateway: ssh.company.com @@ -707,158 +757,197 @@ proc help {} { UltraVNC Proxies/Gateways: UltraVNC has a "repeater" tool (http://www.uvnc.com/addons/repeater.html - and http://koti.mbnet.fi/jtko/) that acts as an VNC proxy. SSVNC can + and http://koti.mbnet.fi/jtko/) that acts as a VNC proxy. SSVNC can work with both mode I and mode II schemes of this repeater. - Note: only SSL (or unencrypted) SSVNC connections make sense with - the UltraVNC repeater. SSH connections (previous section) do not - seem to (let us know if you find a way to use it). + Note that even though the UltraVNC repeater tool is NOT SSL enabled, + it can nevertheless act as a proxy for SSVNC SSL connections. + This is because, just as with a Web proxy, the proxy negotiations + occur before the SSL traffic starts. (There is a separate UltraVNC + tool, repeater_SSL.exe, that is SSL enabled and is discussed below.) + + Note: it seems only SSL SSVNC connections make sense with the + UltraVNC repeater. SSH connections (previous section) do not seem to + and so are not enabled to (let us know if you find a way to use it). - For mode I repeater the viewer initiates the connection and passes - a string that is the internal VNC server's IP address (or hostname) + Unencrypted (aka Direct) SSVNC VNC connections (Vnc:// prefix in + 'VNC Host:Display'; see Tip 5) also work with the UltraVNC repeater. + + For the mode I repeater the viewer initiates the connection and + passes a string that is the VNC server's IP address (or hostname) and port or display: VNC Host:Display: :0 - Proxy/Gateway: repeater://myproxy.west:5900+joes-pc:1 + Proxy/Gateway: repeater://myuvncrep.west:5900+joes-pc:1 + + Where "myuvncrep.west" is running the UltraVNC repeater and + "joes-pc:1" is the VNC server the repeater will connect us to. - Note here that the VNC Host:Display can be anything; we use :0. + Note here that the VNC Host:Display can be anything because it is + not used; we choose :0. The Proxy/Gateway format is repeater://proxy:port+vncserver:display. The string after the "+" sign is passed to the repeater server for - it to interpret. For this example, instead of joes-pc:1 it could - be joes-pc:5901 or 192.168.1.4:1, 192.168.1.4:5901, etc. + it to interpret (and so does not have to be the UltraVNC repeater; + you could create your own if you wanted to). For this example, + instead of joes-pc:1 it could be joes-pc:5901 or 192.168.1.4:1, + 192.168.1.4:5901, etc. If you do not supply a proxy port, then the default 5900 is assumed, - e.g. repeater://myproxy.west+joes-pc:1 + e.g. repeater://myuvncrep.west+joes-pc:1 - For mode II repeater both the VNC viewer and VNC server initiate + For the mode II repeater both the VNC viewer and VNC server initiate connections to the repeater proxy. In this case they pass a string - that identifies their mutual connection via "ID:NNNN": + that identifies their mutual connection via "ID:XYZ": VNC Host:Display: :0 - Proxy/Gateway: repeater://myproxy.west:5900+ID:1234 + Proxy/Gateway: repeater://myuvncrep.west:5900+ID:1234 again, the default proxy port is 5900 if not supplied. In this case, mode II, you MUST set Options -> Reverse VNC Connection. That is to say a "Listening Connection". The reason for this is that the VNC server acts as a SSL *client* and so requires the Viewer end - to have an SSL cert, etc. + to have the SSL cert, (which it does in Listen mode). - Note that in Listening mode you must supply a MyCert or use the + Note that in Listening SSL mode you must supply a MyCert or use the "listen.pem" one you are prompted to create. - Set REPEATER_FORCE=1 in the Host:Display (hit Enter, and then clear - it) to force SSVNC to try to a forward connection in this situation. - We have also found that usually the Listening viewer must be started - BEFORE the VNC Server connects to the proxy. This is a likely bug - in the repeater tool. + BEFORE the VNC Server connects to the proxy. This bug may be in + SSVNC, x11vnc, or the repeater tool. + + Set REPEATER_FORCE=1 in the Host:Display (then hit Enter, and then + clear it, and reenter host:disp) to force SSVNC to try a forward + connection in this situation. + Note that for unencrypted (i.e. direct) SSVNC connections (see vnc:// + in Tip 5) there is no need to use a reverse "Listening connection" + and so you might as well use a forward connection. - For mode II, you probably should also disable "Verify All Certs" - unless you have taken the steps beforehand to save the VNC server's - certificate, or have previously accepted it using another method. + For mode II when tunnelling via SSL, you probably should also disable + "Verify All Certs" unless you have taken the steps beforehand to + import the VNC server's certificate, or have previously accepted it + using another method. With the mode II proxying scheme, there is + no way to "Fetch Cert" and check if it has been previously accepted. Also, after the connection you MUST terminate the listening VNC Viewer (Ctrl-C) and connect again (the proxy only runs once.) In Windows, go to the System Tray and terminate the Listening VNC Viewer. + Subsequent connection attempts after the first one will fail. BTW, the x11vnc VNC server command for the mode II case would be something like: - x11vnc -ssl SAVE -connect repeater=ID:1234+myproxy.west:5500 ... + x11vnc -ssl SAVE -connect repeater=ID:1234+myuvncrep.west:5500 ... - It also supports -connect repeater://myproxy.west:5500+ID:1234 - notation. + x11vnc also supports -connect repeater://myuvncrep.west:5500+ID:1234 + URL-like notation. For mode I operation x11vnc simply runs as a normal SSL/VNC server x11vnc -ssl SAVE + In the previous sections it was mentioned one can chain up to 3 + proxies together by separating them with commas: proxy1,proxy2,proxy3. + Except where explicitly noted below this should work for "repeater://..." + as the final proxy. E.g. you could use a web proxy to get out of a + firewall, and then connect to a remote repeater. + + The UltraVNC SSL enabled repeater_SSL.exe is discussed below. + UltraVNC Single Click: UltraVNC has Single Click (SC) Windows VNC servers that allow naive users to get them running very easily (a EXE download and a few mouse clicks). See http://sc.uvnc.com/ for details on how to create - these binaries. + these binaries. Also there is a how-to here: + http://www.simply-postcode-lookup.com/SingleClickUltraVNC/SingleClickVNC.htm + + The SC EXE is a VNC *server* that starts up a Reverse VNC connection + to a Listening Viewer (e.g. the viewer address/port/ID is hardwired + into the SC EXE). So SC is not really a proxy, but it can be used + with UltraVNC repeater proxies and we include it here. - One important point for SC III binary creation: do NOT include - "-id N" in the helpdesk.txt config file. This is because the Ultra - VNC repeater is not used. Use something like: + One important point for SC III binary creation: do NOT include + "-id N" in the helpdesk.txt config file. This is because the with + SSVNC the Ultra VNC repeater IS NOT USED (see below for how to + use it). Use something like for helpdesk.txt: + + [TITLE] + My UltraVNC SC III [HOST] Internet Support XYZ -sslproxy -connect xx.xx.xx.xx:5500 -noregistry + (replace xx.xx.xx.xx with IP address or hostname of the SSVNC machine.) The Unix SSVNC vncviewer supports the both the unencrypted "SC I" mode and the SSL encrypted "SC III" mode. For both cases SSVNC must be run in Listening mode (Options -> Reverse VNC Connection) - For SC I, enable Reverse VNC Connection and put Vnc://0 in the - VNC Host:Display (use a different number if you are not using - the default listening port 5500). Then click on the "Listen" - button and finally have the user run your Single Click I EXE. + For SC I, enable Reverse VNC Connection and put Vnc://0 (see Tip 5 + below) in the VNC Host:Display to disable encryption (use a different + number if you are not using the default listening port 5500). + Then click on the "Listen" button and finally have the user run your + Single Click I EXE. + + BTW, we used this for a SC I helpdesk.txt: - For SC III, enable Reverse VNC Connection and then UNSET "Verify + [TITLE] + My UltraVNC SC I + + [HOST] + Internet Support XYZ + -connect xx.xx.xx.xx:5500 -noregistry + + For SC III (SSL), enable Reverse VNC Connection and then UNSET "Verify All Certs" (this is required). Let the VNC Host:Display be ":0" (use a different number if you are not using the default listening port 5500). Then click on the "Listen" button and finally have the user run your Single Click III EXE. - For SC III, you will also need to enable the setting in the - Options menu "UltraVNC Single Click III Bug", otherwise the - STUNNEL connection may drop after 2-15 minutes. + For SC III, you will also need to enable the setting in the Options + menu "UltraVNC Single Click III Bug", otherwise the STUNNEL connection + may drop after 2-15 minutes. - Note that in Listening mode you MUST supply a MyCert or use the + Note that in Listening SSL mode you MUST supply a MyCert or use the "listen.pem" one you are prompted to create. - Single Click II using the UltraVNC repeater should also work, but - has not been tested. - - SSL Certificates: + UltraVNC repeater_SSL.exe proxy: - If you want to use a SSL Certificate (PEM) file to authenticate - yourself to the VNC server ("MyCert") or to verify the identity of - the VNC Server ("ServerCert" or "CertsDir") select the certificate - file by clicking the "Certs ..." button before connecting. - - Certificate verification is needed to prevent Man-In-The-Middle - attacks; if it is not done then only passive network sniffing attacks - are prevented. See the x11vnc documentation: + For repeater_SSL.exe SSL usage, with Single Click III or otherwise + (available at http://www.uvnc.com/pchelpware/SCIII/index.html) + it helps to realize that the ENTIRE connection is SSL encrypted, + even the proxy host:port/ID:NNNN negotiation, and so a different + approach needs to be taken from that described above in 'UltraVNC + Proxies/Gateways'. In this case do something like this: - http://www.karlrunge.com/x11vnc/ssl.html + VNC Host:Display: :0 + Proxy/Gateway: sslrepeater://myuvncrep.west:443+ID:1234 - for how to create and use PEM SSL certificate files. An easy way is: + The sslrepeater:// part indicates the entire ID:XYZ negotiation must + occur inside the SSL tunnel. Listening mode is not required in this + case: a forward VNC connection works fine (and is recommended). + As before, the ":0" is simply a placeholder and is not used. + Note that the UltraVNC repeater_SSL.exe listens on port 443 (HTTPS), + (it is not clear that it can be modified to use another port.) - x11vnc -ssl SAVE ... + Non-ID connections sslrepeater://myuvncrep.west:443+host:disp also + work, but the 2nd leg repeater <-> host:disp must be unencrypted. + The first leg SSVNC <-> repeater is, however, SSL encrypted. - where it will print out its automatically generated certificate to - the screen and that can be safely copied to the viewer side. + sslrepeater:// only works on Unix or MacOSX using the provided + SSVNC vncviewer. The modified viewer is needed; stock VNC viewers + will not work. Also, proxy chaining (bouncing off of more than one + proxy) currently does not work. - You can also use the "Create Certificate" feature of this program - under "Certs ...". Just click on it and follow the instructions in - the dialog. Then copy the cert file to the VNC Server and specify - the other one in the "Certs ..." dialog. - Alternatively you can use the "Import Certificate" action to paste - in a certificate or read one in from a file. Or you can use the - "Fetch Cert" button on the main panel. If "Verify All Certs" is - checked, you will be forced to check Certs of any new servers the - first time you connect. - - Note that "Verify All Certs" is on by default so that users who do - not understand the SSL Man-In-The-Middle problem will not be left - completely vulnerable to it (everyone still must make the effort to - verify new certificates by an external method to be completely safe). - - To have "Verify All Certs" toggled off at startup, use "ssvnc -nv" - or set SSVNC_NO_VERIFY_ALL=1 before starting. If you do not even want - to see the button, use "ssvnc -nvb" or SSVNC_NO_VERIFY_ALL_BUTTON=1. + (End of long discussion about proxies...) More Options: @@ -877,6 +966,7 @@ proc help {} { http://www.tightvnc.com + Tips and Tricks: 1) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N @@ -911,9 +1001,10 @@ proc help {} { This also works for reverse connections (see below). Sorry we do not make this easy to figure out how to do (e.g. a - button on the main panel), but the goal of SSVNC is secure - connections! Set the env var SSVNC_NO_ENC_WARN=1 (or use Vnc://) - to skip the warning prompts. + button on the main panel), but the goal of SSVNC is secure + connections! Set the env var SSVNC_NO_ENC_WARN=1 to skip the + warning prompts. Using capitalized: Vnc:// will also skip the + prompts. 6) Reverse VNC connections are possible as well. Go to Options and select "Reverse VNC connection". In the 'VNC Host:Display' entry @@ -929,8 +1020,9 @@ proc help {} { port is the desired local listening port. Then click Connect. If you didn't set the local port look for it in the terminal output. - On Windows set it to "NOTEPAD" or similar; you can't control the - port though. It is usually 5930, 5931, ... Watch the messages. + On Windows set 'viewer' to "NOTEPAD" or similar; you can't + control the port though. It is usually 5930, 5931, ... Watch + the messages or look at the stunnel log. 8) On Unix if you are going to an older SSH server (e.g. Solaris 10), you will probably need to set the env. var. SS_VNCVIEWER_NO_T=1 @@ -1013,11 +1105,16 @@ proc help {} { can set DYLD_LIBRARY_PATH=... too. It should propagate down the viewer. + After you set the parameter, clear out the 'VNC Host:Display' + entry and replace it with the actual host and display number. + 13) If you want this application to be SSH only, then supply the command line option "-ssh" or set the env. var SSVNC_SSH_ONLY=1. + Then no GUI elements specific to SSL will appear (the - documentation will refer to the SSL mode, however). To convert - a running app to ssh-only select "Mode: SSH-Only" in Options. + documentation wills still refer to the SSL mode, however). + To convert a running app to ssh-only select "Mode: SSH-Only" + in Options. The wrapper scripts "sshvnc" and "sshvnc.bat" will start it up automatically this way. @@ -1028,7 +1125,8 @@ proc help {} { 14) For an even simpler "Terminal Services" mode use "tsvnc" or "tsvnc.bat" (or "-ts" option). This mode automatically launches x11vnc on the remote side to find or create your Desktop session - (usually the Xvfb X server). + (usually the Xvfb X server). So x11vnc must be available on the + remote server machines under "Terminal Services" mode. From a full ssvnc you can press Ctrl-h to go into ssh-only mode and Ctrl-t to toggle between "tsvnc" and "ssvnc" modes. The @@ -1208,7 +1306,7 @@ proc help_certs {} { every server ("Verify All Certs"). Note that if you ever need to clean this directory, each cert is saved in two files, for example: - bf-d0-d6-9c-68-5a-fe-24-c6-60-ba-b4-14-e6-66-14=hostname-0.crt + hostname-0=bf-d0-d6-9c-68-5a-fe-24-c6-60-ba-b4-14-e6-66-14.crt and 9eb7c8be.0 @@ -2224,6 +2322,7 @@ proc set_defaults {} { global ts_mode ts_desktop_size ts_desktop_depth choose_desktop_geom global additional_port_redirs additional_port_redirs_list global stunnel_local_protection stunnel_local_protection_type ssh_local_protection multiple_listen + global ultra_dsm ultra_dsm_type ultra_dsm_file global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_x11vnc sound_daemon_local_start global smb_su_mode smb_mount_list @@ -2297,6 +2396,10 @@ proc set_defaults {} { set defs(ssh_local_protection) 0 set defs(multiple_listen) 0 + set defs(ultra_dsm) 0 + set defs(ultra_dsm_file) "" + set defs(ultra_dsm_type) "guess" + set defs(cups_local_server) "" set defs(cups_remote_port) "" set defs(cups_local_smb_server) "" @@ -3566,6 +3669,46 @@ proc set_smb_mounts {} { } } +proc mytmp {tmp} { + global is_windows mktemp env + + if {$is_windows} { + return $tmp + } + + if {! [info exists mktemp]} { + set mktemp "" + foreach dir {/bin /usr/bin /usr/local/bin} { + if [file exists "$dir/mktemp"] { + set mktemp "$dir/mktemp" + break + } + } + } + if {$mktemp != ""} { + set tmp2 "" + catch {set tmp2 [exec $mktemp "$tmp.XXXXXX"]} + if [file exists $tmp2] { + if [info exists env(DEBUG_MKTEMP)] { + puts stderr "mytmp: $tmp2" + } + return $tmp2 + } + } + catch {exec rm -f $tmp} + catch {file delete $tmp} + if [file exists $tmp] { + puts stderr "tmp file still exists: $tmp" + exit 1 + } + catch {exec touch $tmp} + catch {exec chmod 600 $tmp} + if [info exists env(DEBUG_MKTEMP)] { + puts stderr "mytmp: $tmp" + } + return $tmp +} + proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} { global darwin_terminal @@ -3619,6 +3762,7 @@ proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} { } incr darwin_terminal_cnt append tmp ".$darwin_terminal_cnt" + set tmp [mytmp $tmp] set fh "" catch {set fh [open $tmp w 0755]} @@ -3999,6 +4143,7 @@ proc fetch_cert {save} { } global is_windows set tmp "/tmp/cert.hsh.[tpid]" + set tmp [mytmp $tmp] if {$is_windows} { # VF set tmp cert.hsh @@ -4235,6 +4380,7 @@ if {1} { proc check_accepted_certs {} { global cert_text always_verify_ssl global skip_verify_accepted_certs use_listen + global ultra_dsm if {! $always_verify_ssl} { set skip_verify_accepted_certs 1 @@ -4243,6 +4389,9 @@ proc check_accepted_certs {} { if {$use_listen} { return 1; } + if {$ultra_dsm} { + return 1; + } set cert_text [fetch_cert 0] @@ -4290,7 +4439,7 @@ proc check_accepted_certs {} { set adir "$adir/accepted" catch {file mkdir $adir} - set crt "$adir/$fingerprint=$from.crt" + set crt "$adir/$from=$fingerprint.crt" if [file exists $crt] { mesg "OK: Certificate found in ACCEPTED_CERTS" @@ -4298,18 +4447,30 @@ proc check_accepted_certs {} { return 1 } + set crt_old "$adir/$fingerprint=$from.crt" + + if [file exists $crt_old] { + mesg "OK: Certificate found in ACCEPTED_CERTS" + after 750 + return 1 + } + set cnt 0 - foreach f [glob -nocomplain -directory $adir "$fingerprint=*"] { + foreach f [glob -nocomplain -directory $adir "*$fingerprint*.crt"] { mesg "CERT: $f" after 150 incr cnt } + set oth 0 set others [list] - foreach f [glob -nocomplain -directory $adir "*=$from.crt"] { + foreach f [glob -nocomplain -directory $adir "*$from*.crt"] { if {$f == $crt} { continue } + if {$f == $crt_old} { + continue + } set fb [file tail $f] mesg "OTHER CERT: $fb" if {$cnt > 0} { @@ -4325,6 +4486,9 @@ proc check_accepted_certs {} { if {$f == $crt} { continue } + if {$f == $crt_old} { + continue + } set saw 0 foreach o $others { if {$f == $o} { @@ -4341,7 +4505,7 @@ proc check_accepted_certs {} { } set same 0 while {[gets $fh line] > -1} { - if [regexp {^Host-Display: (.*)$} mv hd] { + if [regexp {^Host-Display: (.*)$} $line mv hd] { if {$hd == $hp || $hd == $from} { set same 1 } @@ -4510,7 +4674,7 @@ proc save_hash {crt adir hp fingerline from fingerprint} { puts $fh "Host-Display: $hp" puts $fh "$fingerline" puts $fh "hash filename: $h.0" - puts $fh "full filename: $fingerprint=$from.crt" + puts $fh "full filename: $from=$fingerprint.crt" close $fh } catch {file copy -force $crt $hashfile} @@ -4612,7 +4776,9 @@ proc init_unixpw {hp} { set name "unknown" } - set tmp "/tmp/unix.[tpid]" + set tmp "/tmp/unixpipe.[tpid]" + set tmp [mytmp $tmp] + # need to make it a pipe catch {file delete $tmp} if {[file exists $tmp]} { mesg "file still exists: $tmp" @@ -4708,6 +4874,7 @@ proc reset_stunnel_extra_opts {} { if {$ssvnc_multiple_listen0 != "none"} { set env(SSVNC_MULTIPLE_LISTEN) $ssvnc_multiple_listen0 } + set env(SSVNC_ULTRA_DSM) "" } proc launch_unix {hp} { @@ -4765,6 +4932,14 @@ proc launch_unix {hp} { global ssvnc_multiple_listen0 set ssvnc_multiple_listen0 "" + if {[regexp -nocase {sslrepeater://} $hp]} { + if {! $use_uvnc_ssl_bug} { + set use_uvnc_ssl_bug 1 + mesg "Enabling 'UltraVNC Single Click III Bug'" + after 400 + } + } + if {$use_uvnc_ssl_bug && ! $use_ssh} { if [info exists env(STUNNEL_EXTRA_OPTS)] { set stunnel_extra_opts0 $env(STUNNEL_EXTRA_OPTS) @@ -4798,6 +4973,25 @@ proc launch_unix {hp} { } } } + if {$ultra_dsm} { + if {![file exists $ultra_dsm_file]} { + mesg "DSM key file does exist: $ultra_dsm_file" + bell + after 1000 + return + } + set dsm "ultravnc_dsm_helper " + if {$use_listen} { + append dsm "rev:" + } + if {$ultra_dsm_type == "guess"} { + append dsm "." + } else { + append dsm $ultra_dsm_type + } + append dsm " $ultra_dsm_file" + set env(SSVNC_ULTRA_DSM) $dsm + } if {$ssh_local_protection} { if {![info exists env(LIM_ACCEPT)]} { set env(LIM_ACCEPT) 1 @@ -4817,7 +5011,7 @@ proc launch_unix {hp} { } if {$use_ssh || $use_sshssl} { - if {$skip_ssh} { + if {$skip_ssh || $ultra_dsm} { set cmd "ss_vncviewer" } elseif {$use_ssh} { set cmd "ss_vncviewer -ssh" @@ -5006,12 +5200,12 @@ proc launch_unix {hp} { set hpnew [get_ssh_hp $hp] set proxy [get_ssh_proxy $hp] - if {! [repeater_proxy_check $proxy]} { + if {!$do_direct && ! [repeater_proxy_check $proxy]} { reset_stunnel_extra_opts return } - if {! $do_direct && ![regexp -nocase {ssh://} $hpnew]} { + if {! $do_direct && ! $ultra_dsm && ![regexp -nocase {ssh://} $hpnew]} { if {$mycert != ""} { set cmd "$cmd -mycert '$mycert'" } @@ -5087,14 +5281,17 @@ proc launch_unix {hp} { set path [string trim $change_vncviewer_path] if [regexp {^["'].} $path] { # " set tmp "/tmp/vncspacewrapper.[tpid]" + set tmp [mytmp $tmp] set do_vncspacewrapper 1 - catch {file delete $tmp} - if {[file exists $tmp]} { - catch {destroy .c} - mesg "file still exists: $tmp" - bell - reset_stunnel_extra_opts - return + if {0} { + catch {file delete $tmp} + if {[file exists $tmp]} { + catch {destroy .c} + mesg "file still exists: $tmp" + bell + reset_stunnel_extra_opts + return + } } catch {set fh [open $tmp "w"]} catch {exec chmod 700 $tmp} @@ -5154,6 +5351,7 @@ proc launch_unix {hp} { if {$vncauth_passwd != ""} { global use_listen set passwdfile "$env(SSVNC_HOME)/.vncauth_tmp.[tpid]" + set passwdfile [mytmp $passwdfile] catch {exec vncstorepw $vncauth_passwd $passwdfile} catch {exec chmod 600 $passwdfile} if {$use_listen} { @@ -6387,6 +6585,22 @@ proc set_mycert {{parent "."}} { update } +proc set_ultra_dsm_file {{parent "."}} { + global ultra_dsm_file + set idir [get_idir_certs $ultra_dsm_file] + set t "" + unix_dialog_resize $parent + if {$idir != ""} { + set t [tk_getOpenFile -parent $parent -initialdir $idir] + } else { + set t [tk_getOpenFile -parent $parent] + } + if {$t != ""} { + set ultra_dsm_file $t + } + update +} + proc show_cert {crt} { if {$crt == ""} { bell @@ -6630,15 +6844,8 @@ emailAddress_max = 64 # VF set tmp "cert.cfg" } else { - set tmp "/tmp/cert.cfg." - append tmp [clock clicks -milliseconds] - catch {file delete $tmp} - if {[file exists $tmp]} { - catch {destroy .c} - mesg "file still exists: $tmp" - bell - return - } + set tmp "/tmp/cert.cfg.[tpid]" + set tmp [mytmp $tmp] catch {set fh [open $tmp "w"]} catch {exec chmod 600 $tmp} if {! [file exists $tmp]} { @@ -6738,7 +6945,7 @@ emailAddress_max = 64 set rc [catch {set ph [open "| $cmd" "w"]} emess] if {$rc != 0 || $ph == ""} { raise . - tk_messageBox -type ok -icon error -message $emess -title "Count not encrypt private key" + tk_messageBox -type ok -icon error -message $emess -title "Could not encrypt private key" catch {file delete $pem} catch {file delete $crt} return @@ -7139,6 +7346,7 @@ proc do_save {par} { } else { set deltmp itmp.[tpid] } + set deltmp [mytmp $deltmp] set import_save_file $deltmp } set rc [catch {set fh [open $import_save_file "w"]} emess] @@ -7193,7 +7401,7 @@ proc do_save {par} { regsub -all {:} $from "-" from regsub -all {[\\/=]} $from "_" from - set crt "$adir/$fingerprint=$from.crt" + set crt "$adir/$from=$fingerprint.crt" catch {file copy -force $import_save_file $crt} save_hash $crt $adir $hp $fingerline $from $fingerprint @@ -7532,7 +7740,7 @@ proc getcerts {} { button .c.create -text "Create Certificate ..." -command {create_cert} button .c.import -text "Import Certificate ..." -command {import_cert} - button .c.delete -text "Delete Certificate ..." -command {delete_cert} + button .c.delete -text "Delete Certificate ..." -command {delete_cert .c} frame .c.b button .c.b.done -text "Done" -command {catch {destroy .c}} @@ -10543,6 +10751,10 @@ proc help_advanced_opts {} { Users (see the main Help panel) from using your STUNNEL tunnel to connect to the remote VNC Server. + UltraVNC DSM Encryption Plugin: on Unix, by using the supplied + tool, ultravnc_dsm_helper, encrypted connections to UltraVNC + servers using their plugins is enabled. + Multiple LISTEN Connections: allow multiple VNC servers to reverse connect at the same time and so display each of their desktops on your screen at the same time. @@ -10555,12 +10767,12 @@ proc help_advanced_opts {} { The port can also be closed when the encrypted VNC connection finishes. - Cursor Alphablending: Use the x11vnc alpha hack for translucent - cursors (requires Unix, 32bpp and same endianness) - Use XGrabServer: On Unix only, use the XGrabServer workaround for old window managers. + Cursor Alphablending: Use the x11vnc alpha hack for translucent + cursors (requires Unix, 32bpp and same endianness) + Y Crop: this is for x11vnc's -ncache client side caching scheme with our Unix TightVNC viewer. Sets the Y value to "crop" the viewer size at (below the cut is the pixel cache region you do @@ -10766,9 +10978,9 @@ proc stunnel_sec_dialog {} { global help_font uname if {$uname == "Darwin"} { - scroll_text .stlsec.f 82 36 + scroll_text .stlsec.f 82 37 } else { - scroll_text .stlsec.f 82 36 + scroll_text .stlsec.f 82 37 } apply_bg .stlsec.f @@ -10779,9 +10991,9 @@ proc stunnel_sec_dialog {} { you run SSVNC on and might try to use your encrypted tunnel to gain access to the remote VNC machine. - For STUNNEL SSL tunnels (not SSH tunnels) we provide two options as extra + On Unix, for STUNNEL SSL tunnels we provide two options as extra safeguards against untrusted local users. Both only apply to Unix/MacOSX. - Note that Both options are ignored in reverse connection (Listen) mode. + Note that Both options are *ignored* in reverse connection (Listen) mode. 1) The first one 'Use stunnel EXEC mode' (it is mutually exclusive with option 2). For this case the modified SSVNC Unix viewer must be @@ -10826,6 +11038,86 @@ proc stunnel_sec_dialog {} { wm resizable .stlsec 1 0 } +proc ultra_dsm_dialog {} { + global ultra_dsm ultra_dsm_file ultra_dsm_type + + toplev .ultradsm + wm title .ultradsm "UltraVNC DSM Encryption Plugin" + + global help_font + eval text .ultradsm.t -width 80 -height 24 $help_font + apply_bg .ultradsm.t + + set msg { + On Unix with the provided SSVNC vncviewer, you can connect to an UltraVNC + server that is using one of its encryption plugins: MSRC4 (not yet + supported), ARC4, or AESV2. + + You will need to specify the corresponding UltraVNC encryption key + (created by you using an UltraVNC server or viewer). It is usually + called 'rc4.key' (for MSRC4), 'arc4.key' (for ARC4), and 'aesv2.key' + (for AESV2). Specify the path to it or browse for it. Also, specify + which type of plugin it is (or use 'guess' to have it guess via the + before mentioned filenames). + + SSL and SSH tunnels do not apply in this mode (any settings are ignored.) + + Proxying works in this mode, as well as Reverse Connections (Listen) + + This encryption mode is currently experimental because unfortunately + the UltraVNC DSM plugin also modifies the RFB protocol, and so the SSVNC + vncviewer had to be modified to support it. The tight and zlib encodings + currently do not work in this mode and are disabled. + + Note that this program also requires the utility tool named + 'ultravnc_dsm_helper' that should be included in your SSVNC kit. +} + + .ultradsm.t insert end $msg + + frame .ultradsm.path + label .ultradsm.path.l -text "Ultra DSM Keyfile:" + entry .ultradsm.path.e -width 40 -textvariable ultra_dsm_file + button .ultradsm.path.b -text "Browse..." -command {set_ultra_dsm_file .ultradsm} + + pack .ultradsm.path.l -side left + pack .ultradsm.path.e -side left -expand 1 -fill x + pack .ultradsm.path.b -side left + + frame .ultradsm.key + label .ultradsm.key.l -text "Type of Key: " + radiobutton .ultradsm.key.guess -pady 1 -anchor w -variable ultra_dsm_type -value guess \ + -text "Guess" + radiobutton .ultradsm.key.arc4 -pady 1 -anchor w -variable ultra_dsm_type -value arc4 \ + -text "ARC4" + + radiobutton .ultradsm.key.aesv2 -pady 1 -anchor w -variable ultra_dsm_type -value aesv2 \ + -text "AESV2" + + radiobutton .ultradsm.key.msrc4 -pady 1 -anchor w -variable ultra_dsm_type -value msrc4 \ + -text "MSRC4" + .ultradsm.key.msrc4 configure -state disabled + + pack .ultradsm.key.l -side left + pack .ultradsm.key.guess -side left + pack .ultradsm.key.arc4 -side left + pack .ultradsm.key.aesv2 -side left + pack .ultradsm.key.msrc4 -side left + + button .ultradsm.cancel -text "Cancel" -command {destroy .ultradsm; set ultra_dsm 0} + bind .ultradsm <Escape> {destroy .ultradsm; set ultra_dsm 0} + wm protocol .ultradsm WM_DELETE_WINDOW {destroy .ultradsm; set ultra_dsm 0} + button .ultradsm.done -text "Done" -command {destroy .ultradsm; catch {raise .oa}} + bind .ultradsm.path.e <Return> {destroy .ultradsm; catch {raise .oa}} + + pack .ultradsm.t .ultradsm.path .ultradsm.key .ultradsm.cancel .ultradsm.done -side top -fill x + + center_win .ultradsm + wm resizable .ultradsm 1 0 + + focus .ultradsm.path.e +} + proc ssh_sec_dialog {} { global ssh_local_protection @@ -10843,11 +11135,11 @@ proc ssh_sec_dialog {} { you run SSVNC on and might try to use your encrypted tunnel to gain access to the remote VNC machine. - For SSH tunnels we have an LD_PRELOAD hack (lim_accept.so) that - will limit ssh from accepting any local redirection connections + On Unix, for SSH tunnels we have an LD_PRELOAD hack (lim_accept.so) + that will limit ssh from accepting any local redirection connections after the first one or after 15 seconds, whichever comes first. - The first SSH port redirection connection is intended to be the - one that tunnels your VNC Viewer to reach the remote server. + The first SSH port redirection connection is intended to be the one + that tunnels your VNC Viewer to reach the remote server. You can adjust these defaults LIM_ACCEPT=1 LIM_ACCEPT_TIME=15 by setting those env. vars. to different values. @@ -10885,7 +11177,7 @@ proc multilisten_dialog {} { wm title .multil "Multiple LISTEN Connections" global help_font - eval text .multil.t -width 84 -height 33 $help_font + eval text .multil.t -width 84 -height 35 $help_font apply_bg .multil.t @@ -10900,8 +11192,6 @@ proc multilisten_dialog {} { On Windows (only the stock TightVNC viewer is provided) it has no effect. On MacOSX if the COTVNC viewer is used it has no effect. - It only applies to LISTEN mode, not for forward connections. - Rationale: To play it safe, the Unix vncviewer provided by SSVNC (ssvncviewer) only allows one LISTEN reverse connection at a time. This is to prohibit malicious people on the network from depositing @@ -10921,6 +11211,10 @@ proc multilisten_dialog {} { Enable 'Multiple LISTEN Connections' if you want to disable the default protection in the Unix SSVNC vncviewer; i.e. allow multiple reverse connections simultaneously (all vnc viewers we know of do this by default) + + For more control, do not select 'Multiple LISTEN Connections', but + rather set the env. var SSVNC_MULTIPLE_LISTEN=MAX:n to limit the number + of simultaneous reverse connections to "n" } .multil.t insert end $msg @@ -11758,6 +12052,7 @@ proc set_ts_adv_options {} { global ts_only ts_unixpw ts_vncshared global ts_ncache ts_multisession global choose_othervnc darwin_cotvnc choose_sleep + global is_windows if {! $ts_only} { return @@ -11813,6 +12108,12 @@ proc set_ts_adv_options {} { -command {if {$choose_sleep} {ts_sleep_dialog}} incr i + checkbutton .ot2.b$i -anchor w -variable ssh_local_protection -text \ + "SSH Local Protections" \ + -command {if {$ssh_local_protection} {ssh_sec_dialog}} + if {$is_windows} {.ot2.b$i configure -state disabled} + incr i + global env if {![info exists env(SSVNC_TS_ALWAYS)]} { button .ot2.b$i -anchor w -text " SSVNC Mode" \ @@ -11846,6 +12147,7 @@ proc set_advanced_options {} { global use_port_knocking port_knocking_list global is_windows darwin_cotvnc global use_ssh use_sshssl + global use_x11_macosx global adv_ssh catch {destroy .o} @@ -11889,7 +12191,7 @@ proc set_advanced_options {} { -command {if {$ssh_local_protection} {ssh_sec_dialog}} global ssh_local_protection_button set ssh_local_protection_button .oa.b$i - if {$use_ssl} {.oa.b$i configure -state disabled} + if {$use_ssl} {.oa.b$i configure -state disabled} if {$is_windows} {.oa.b$i configure -state disabled} incr i @@ -11898,7 +12200,15 @@ proc set_advanced_options {} { -command {if {$stunnel_local_protection} {stunnel_sec_dialog}} global stunnel_local_protection_button set stunnel_local_protection_button .oa.b$i - if {$use_ssh} {.oa.b$i configure -state disabled} + if {$use_ssh} {.oa.b$i configure -state disabled} + if {$is_windows} {.oa.b$i configure -state disabled} + incr i + + checkbutton .oa.b$i -anchor w -variable ultra_dsm -text \ + "UltraVNC DSM Encryption Plugin" \ + -command {if {$ultra_dsm} {ultra_dsm_dialog}} + global ultra_dsm_button + set ultra_dsm_button .oa.b$i if {$is_windows} {.oa.b$i configure -state disabled} incr i @@ -12051,6 +12361,7 @@ proc ssh_agent_restart {} { return } set tmp $env(SSVNC_HOME)/.vnc-sa[tpid] + set tmp [mytmp $tmp] set fh "" catch {set fh [open $tmp "w"]} if {$fh == ""} { @@ -12119,7 +12430,7 @@ proc adv_ssh_tog {on} { } proc adv_listen_ssl_tog {on} { - global stunnel_local_protection_button + global stunnel_local_protection_button is_windows if [info exists stunnel_local_protection_button] { if {$on} { catch {$stunnel_local_protection_button configure -state normal} @@ -12127,10 +12438,13 @@ proc adv_listen_ssl_tog {on} { catch {$stunnel_local_protection_button configure -state disabled} } } + if {$is_windows} { + catch {$stunnel_local_protection_button configure -state disabled} + } } proc adv_listen_ssh_tog {on} { - global ssh_local_protection_button + global ssh_local_protection_button is_windows if [info exists ssh_local_protection_button] { if {$on} { catch {$ssh_local_protection_button configure -state normal} @@ -12138,6 +12452,9 @@ proc adv_listen_ssh_tog {on} { catch {$ssh_local_protection_button configure -state disabled} } } + if {$is_windows} { + catch {$ssh_local_protection_button configure -state disabled} + } } proc ssl_ssh_adjust {which} { @@ -12233,7 +12550,7 @@ proc ssl_ssh_adjust {which} { } proc listen_adjust {} { - global use_listen revs_button multiple_listen_button + global use_listen revs_button multiple_listen_button is_windows if {![info exists multiple_listen_button]} { set multiple_listen_button "none" } @@ -12246,6 +12563,9 @@ proc listen_adjust {} { catch {.o.b.connect configure -text "Connect"} catch {$multiple_listen_button configure -state disabled} } + if {$is_windows} { + catch {$multiple_listen_button configure -state disabled} + } } proc unixpw_adjust {} { @@ -12554,6 +12874,41 @@ proc check_writable {} { } } +proc print_help {} { + + set b "\n============================================================================\n" + help + set str [.h.f.t get 1.0 end] + puts "${b}Help:\n$str" + destroy .h + + help_opts + set str [.oh.f.t get 1.0 end] + puts "${b}SSL/SSH Viewer Options Help:\n$str" + destroy .oh + + help_advanced_opts + set str [.ah.f.t get 1.0 end] + puts "${b}Advanced Options Help:\n$str" + destroy .oh + + help_certs + set str [.ch.f.t get 1.0 end] + puts "${b}SSL Certificates Help:\n$str" + destroy .ch + + help_fetch_cert + set str [.fh.f.t get 1.0 end] + puts "${b}Fetch Certificates Help:\n$str" + destroy .fh + + + ts_help + set str [.h.f.t get 1.0 end] + puts "${b}Terminal Services Help:\n$str" + destroy .h +} + global env set is_windows 0 set help_font "-font fixed" @@ -13037,6 +13392,9 @@ for {set i 0} {$i < $argc} {incr i} { ; } elseif {$item == "-tso"} { ; + } elseif {$item == "-printhelp"} { + print_help + exit; } elseif {$item != ""} { if {[file exists $item] && [file isfile $item]} { set didload 1 diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1 b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1 index 661c32a..186d805 100644 --- a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1 +++ b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1 @@ -55,7 +55,7 @@ Normally you do not specify any command line options. You simply run \fBssvnc\fR and use the GUI that starts up. However, as shortcuts you can supply a VNC host:display (or host:port) -on the command line. to connect to immediately (the GUI is started +on the command line to connect to immediately (the GUI is started and the connection is initiated). For example, "\fBssvnc far-away.east:0\fR" Instead of a host:display, you can specify the name of a saved profile to automatically load that profile and then connect to its server. diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1 b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1 index e451ec8..5c55402 100644 --- a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1 +++ b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1 @@ -194,6 +194,9 @@ Note: F9 is shortcut to Toggle FullScreen mode. .TP Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1 to allow more than one incoming VNC server at a time. +This is the same as -multilisten described below. Set +SSVNC_MULTIPLE_LISTEN=MAX:n to allow no more than "n" +simultaneous reverse connections. .TP Note: If the host:port is specified as "exec=command args..." then instead of making a TCP/IP socket connection to the @@ -206,6 +209,14 @@ This mode does not work for -listen reverse connections. Note: If the host:port contains a '/' it is interpreted as a unix-domain socket (AF_LOCAL insead of AF_INET) .TP +\fB\-multilisten\fR +As in -listen (reverse connection listening) except +allow more than one incoming VNC server to be connected +at a time. The default for -listen of only one at a +time tries to play it safe by not allowing anyone on +the network to put (many) desktops on your screen over +a long window of time. Use -multilisten for no limit. +.TP \fB\-use64\fR In \fB\-bgr233\fR mode, use 64 colors instead of 256. .TP @@ -290,8 +301,8 @@ Disable use of MIT shared memory extension (not recommended) Do the UltraVNC chat in the terminal vncviewer is in instead of in an independent window. .TP -\fB\-unixpw\fR -str Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a +\fB\-unixpw\fR \fIstr\fR +Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a string that allows many ways to enter the Unix Username and Unix Password. These characters: username, newline, password, newline are sent to the VNC server after any VNC @@ -313,17 +324,45 @@ after reading. Otherwise, if str has a "@" character, it is taken as username@password. Otherwise, the program exits with an error. Got all that? .TP -\fB-repeater\fR str This is for use with UltraVNC repeater proxy described +\fB-repeater\fR \fIstr\fR +This is for use with UltraVNC repeater proxy described here: http://www.uvnc.com/addons/repeater.html. The "str" is the ID string to be sent to the repeater. E.g. ID:1234 It can also be the hostname and port or display of the VNC server, e.g. 12.34.56.78:0 or snoopy.com:1. Note that when using -repeater, the host:dpy on the cmdline is the repeater server, NOT the VNC server. The repeater will connect you. + Example: vncviewer ... -repeater ID:3333 repeat.host:5900 + Example: vncviewer ... -repeater vhost:0 repeat.host:5900 -.TP -\fB\-printres\fR Print out the Ssvnc X resources (appdefaults) and + +Use, e.g., '-repeater SCIII=ID:3210' if the repeater is a +Single Click III (SSL) repeater (repeater_SSL.exe) and you +are passing the SSL part of the connection through stunnel, socat, etc. +This way the magic UltraVNC string 'testB' needed to work with the +repeater is sent to it. +.TP +\fB-rfbversion\fR \fIstr\fR +Set the advertised RFB version. E.g.: -rfbversion 3.6 For some +servers, e.g. UltraVNC this needs to be done. +.TP +\fB-ultradsm\fR +UltraVNC has symmetric private encryption DSM plugins. See +http://www.uvnc.com/features/encryption.html. It is assumed +you are using a unix program (e.g. our ultravnc_dsm_helper) to +encrypt and decrypt the UltraVNC DSM stream. IN ADDITION TO +THAT supply -ultradsm to tell THIS viewer to modify the RFB +data sent so as to work with the UltraVNC Server. For some +reason, each RFB msg type must be sent twice under DSM. +.TP +\fB-env\fR \fIVAR=VALUE\fR +To save writing a shell script to set environment +variables, specify as many as you need on the command line. For example, +-env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi +.TP +\fB\-printres\fR +Print out the Ssvnc X resources (appdefaults) and then exit. You can save them to a file and customize them (e.g. the keybindings and Popup menu) Then point to the file via XENVIRONMENT or XAPPLRESDIR. @@ -568,8 +607,8 @@ local TCP port number; .B %R remote TCP port number. .SH SEE ALSO -\fBvncserver\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1), -\fBvncconnect\fR(1), \fBssh\fR(1) +\fBvncserver\fR(1), \fBx11vnc\fR(1), \fBssvnc\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1), +\fBvncconnect\fR(1), \fBssh\fR(1), http://www.karlrunge.com/x11vnc, http://www.karlrunge.com/x11vnc/ssvnc.html .SH AUTHORS Original VNC was developed in AT&T Laboratories Cambridge. TightVNC additions was implemented by Constantin Kaplinsky. Many other people @@ -584,3 +623,5 @@ Terran Melconian <terran@consistent.org>, Tim Waugh <twaugh@redhat.com>, .br Constantin Kaplinsky <const@ce.cctpu.edu.ru> +.br +Karl Runge <runge@karlrunge.com> diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle index 8abccf3..bcd18a8 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle +++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle @@ -62,7 +62,10 @@ zip -9 -r ssvnc-$vers.zip ssvnc -x '*.zip' '*.tar.gz' tar cvf - --exclude='*.zip' --exclude='*.tar.gz' ssvnc | gzip -9 > ssvnc-$vers.tar.gz tar cvf - --exclude='*.zip' --exclude='*.tar.gz' --exclude='*.dll' --exclude='*.exe' --exclude ssvnc/Windows/util ssvnc | gzip -9 > ssvnc_no_windows-$vers.tar.gz +echo ls -l ssvnc*-$vers.* +echo + ########################################### dest=./t.windows_only @@ -84,3 +87,18 @@ rm -f $zip ls -l $zip rm -rf $dest + +sync +echo +for g in ssvnc*-$vers*.gz +do + md5sum $g + gzip -t $g || (tput bel; sleep 2) +done +for g in ssvnc*-$vers*.zip +do + md5sum $g +done + +sleep 3 +echo diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch index cf7ce30..ce0c545 100644 --- a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch +++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch @@ -664,7 +664,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/Vncviewer vnc_unixsrc/vncview + diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/vncviewer/argsresources.c --- vnc_unixsrc.orig/vncviewer/argsresources.c 2007-02-04 17:10:31.000000000 -0500 -+++ vnc_unixsrc/vncviewer/argsresources.c 2008-09-06 21:48:37.000000000 -0400 ++++ vnc_unixsrc/vncviewer/argsresources.c 2008-09-14 14:27:29.000000000 -0400 @@ -31,9 +31,9 @@ char *fallback_resources[] = { @@ -1148,7 +1148,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v static XtResource appDataResourceList[] = { {"shareDesktop", "ShareDesktop", XtRBool, sizeof(Bool), -@@ -155,14 +540,32 @@ +@@ -155,14 +540,38 @@ {"userLogin", "UserLogin", XtRString, sizeof(String), XtOffsetOf(AppData, userLogin), XtRImmediate, (XtPointer) 0}, @@ -1158,6 +1158,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v + {"repeaterUltra", "RepeaterUltra", XtRString, sizeof(String), + XtOffsetOf(AppData, repeaterUltra), XtRImmediate, (XtPointer) 0}, + ++ {"ultraDSM", "UltraDSM", XtRBool, sizeof(Bool), ++ XtOffsetOf(AppData, ultraDSM), XtRImmediate, (XtPointer) False}, ++ ++ {"rfbVersion", "RfbVersion", XtRString, sizeof(String), ++ XtOffsetOf(AppData, rfbVersion), XtRImmediate, (XtPointer) 0}, ++ {"passwordDialog", "PasswordDialog", XtRBool, sizeof(Bool), XtOffsetOf(AppData, passwordDialog), XtRImmediate, (XtPointer) False}, @@ -1183,7 +1189,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v {"nColours", "NColours", XtRInt, sizeof(int), XtOffsetOf(AppData, nColours), XtRImmediate, (XtPointer) 256}, -@@ -179,9 +582,12 @@ +@@ -179,9 +588,12 @@ {"requestedDepth", "RequestedDepth", XtRInt, sizeof(int), XtOffsetOf(AppData, requestedDepth), XtRImmediate, (XtPointer) 0}, @@ -1197,7 +1203,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v {"wmDecorationWidth", "WmDecorationWidth", XtRInt, sizeof(int), XtOffsetOf(AppData, wmDecorationWidth), XtRImmediate, (XtPointer) 4}, -@@ -191,6 +597,9 @@ +@@ -191,6 +603,9 @@ {"popupButtonCount", "PopupButtonCount", XtRInt, sizeof(int), XtOffsetOf(AppData, popupButtonCount), XtRImmediate, (XtPointer) 0}, @@ -1207,7 +1213,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v {"debug", "Debug", XtRBool, sizeof(Bool), XtOffsetOf(AppData, debug), XtRImmediate, (XtPointer) False}, -@@ -206,8 +615,13 @@ +@@ -206,8 +621,13 @@ {"bumpScrollPixels", "BumpScrollPixels", XtRInt, sizeof(int), XtOffsetOf(AppData, bumpScrollPixels), XtRImmediate, (XtPointer) 20}, @@ -1221,7 +1227,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v {"qualityLevel", "QualityLevel", XtRInt, sizeof(int), XtOffsetOf(AppData, qualityLevel), XtRImmediate, (XtPointer) 6}, -@@ -218,14 +632,55 @@ +@@ -218,14 +638,55 @@ {"useRemoteCursor", "UseRemoteCursor", XtRBool, sizeof(Bool), XtOffsetOf(AppData, useRemoteCursor), XtRImmediate, (XtPointer) True}, @@ -1279,12 +1285,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v }; -@@ -242,8 +697,23 @@ +@@ -242,8 +703,26 @@ {"-noraiseonbeep", "*raiseOnBeep", XrmoptionNoArg, "False"}, {"-passwd", "*passwordFile", XrmoptionSepArg, 0}, {"-user", "*userLogin", XrmoptionSepArg, 0}, + {"-unixpw", "*unixPW", XrmoptionSepArg, 0}, + {"-repeater", "*repeaterUltra", XrmoptionSepArg, 0}, ++ {"-ultradsm", "*ultraDSM", XrmoptionNoArg, "True"}, ++ {"-rfbversion", "*rfbVersion", XrmoptionSepArg, 0}, {"-encodings", "*encodings", XrmoptionSepArg, 0}, - {"-bgr233", "*useBGR233", XrmoptionNoArg, "True"}, + {"-bgr233", "*useBGR233", XrmoptionNoArg, "256"}, @@ -1297,6 +1305,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v + {"-grey", "*useGreyScale", XrmoptionNoArg, "True"}, + {"-gray", "*useGreyScale", XrmoptionNoArg, "True"}, + {"-sbwidth", "*sbwidth", XrmoptionSepArg, 0}, ++ {"-env", "*envDummy", XrmoptionSepArg, 0}, + {"-ycrop", "*yCrop", XrmoptionSepArg, 0}, + {"-sbwidth", "*sbwidth", XrmoptionSepArg, 0}, + {"-rawlocal", "*useRawLocal", XrmoptionNoArg, "True"}, @@ -1304,7 +1313,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v {"-owncmap", "*forceOwnCmap", XrmoptionNoArg, "True"}, {"-truecolor", "*forceTrueColour", XrmoptionNoArg, "True"}, {"-truecolour", "*forceTrueColour", XrmoptionNoArg, "True"}, -@@ -253,7 +723,19 @@ +@@ -253,7 +732,19 @@ {"-nojpeg", "*enableJPEG", XrmoptionNoArg, "False"}, {"-nocursorshape", "*useRemoteCursor", XrmoptionNoArg, "False"}, {"-x11cursor", "*useX11Cursor", XrmoptionNoArg, "True"}, @@ -1325,7 +1334,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v }; -@@ -268,15 +750,77 @@ +@@ -268,15 +759,77 @@ {"SendRFBEvent", SendRFBEvent}, {"ShowPopup", ShowPopup}, {"HidePopup", HidePopup}, @@ -1403,7 +1412,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v }; -@@ -302,11 +846,13 @@ +@@ -302,11 +855,13 @@ void usage(void) { @@ -1419,7 +1428,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v " %s [<OPTIONS>] -listen [<DISPLAY#>]\n" " %s -help\n" "\n" -@@ -332,10 +878,185 @@ +@@ -332,10 +887,209 @@ " -autopass\n" "\n" "Option names may be abbreviated, e.g. -bgr instead of -bgr233.\n" @@ -1438,7 +1447,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v + "\n" + " Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1\n" + " to allow more than one incoming VNC server at a time.\n" -+ " This is the same as -multilisten described below.\n" ++ " This is the same as -multilisten described below. Set\n" ++ " SSVNC_MULTIPLE_LISTEN=MAX:n to allow no more than \"n\"\n" ++ " simultaneous reverse connections.\n" + "\n" + " Note: If the host:port is specified as \"exec=command args...\"\n" + " then instead of making a TCP/IP socket connection to the\n" @@ -1451,12 +1462,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v + " Note: If the host:port contains a '/' it is interpreted as a\n" + " unix-domain socket (AF_LOCAL insead of AF_INET)\n" + "\n" -+ " -multilisten As in -listen (reverse connection listening)\n" -+ " except allow more than one incoming VNC server to\n" -+ " be connected at a time. The default of only one\n" -+ " at a time tries to play it safe by not allowing\n" -+ " anyone on the network to put (many) desktops on\n" -+ " your screen during a long window of time.\n" ++ " -multilisten As in -listen (reverse connection listening) except\n" ++ " allow more than one incoming VNC server to be connected\n" ++ " at a time. The default for -listen of only one at a\n" ++ " time tries to play it safe by not allowing anyone on\n" ++ " the network to put (many) desktops on your screen over\n" ++ " a long window of time. Use -multilisten for no limit.\n" + "\n" + " -use64 In -bgr233 mode, use 64 colors instead of 256.\n" + " -bgr222 Same as -use64.\n" @@ -1555,9 +1566,31 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v + " server, e.g. 12.34.56.78:0 or snoopy.com:1. Note that when\n" + " using -repeater, the host:dpy on the cmdline is the repeater\n" + " server, NOT the VNC server. The repeater will connect you.\n" ++ "\n" + " Example: vncviewer ... -repeater ID:3333 repeat.host:5900\n" + " Example: vncviewer ... -repeater vhost:0 repeat.host:5900\n" + "\n" ++ " Use, e.g., '-repeater SCIII=ID:3210' if the repeater is a\n" ++ " Single Click III (SSL) repeater (repeater_SSL.exe) and you\n" ++ " are passing the SSL part of the connection through stunnel,\n" ++ " socat, etc. This way the magic UltraVNC string 'testB'\n" ++ " needed to work with the repeater is sent to it.\n" ++ "\n" ++ " -rfbversion str Set the advertised RFB version. E.g.: -rfbversion 3.6\n" ++ " For some servers, e.g. UltraVNC this needs to be done.\n" ++ "\n" ++ " -ultradsm UltraVNC has symmetric private key encryption DSM plugins:\n" ++ " http://www.uvnc.com/features/encryption.html. It is assumed\n" ++ " you are using a unix program (e.g. our ultravnc_dsm_helper)\n" ++ " to encrypt and decrypt the UltraVNC DSM stream. IN ADDITION\n" ++ " TO THAT supply -ultradsm to tell THIS viewer to modify the\n" ++ " RFB data sent so as to work with the UltraVNC Server. For\n" ++ " some reason, each RFB msg type must be sent twice under DSM.\n" ++ "\n" ++ " -env VAR=VALUE To save writing a shell script to set environment variables,\n" ++ " specify as many as you need on the command line. For\n" ++ " example, -env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi\n" ++ "\n" + " -printres Print out the Ssvnc X resources (appdefaults) and then exit\n" + " You can save them to a file and customize them (e.g. the\n" + " keybindings and Popup menu) Then point to the file via\n" @@ -1607,7 +1640,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v /* -@@ -350,6 +1071,7 @@ +@@ -350,6 +1104,7 @@ int i; char *vncServerName, *colonPos; int len, portOffset; @@ -1615,7 +1648,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v /* Turn app resource specs into our appData structure for the rest of the program to use */ -@@ -357,6 +1079,23 @@ +@@ -357,6 +1112,29 @@ XtGetApplicationResources(toplevel, &appData, appDataResourceList, XtNumber(appDataResourceList), 0, 0); @@ -1634,12 +1667,18 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v + appData.yCrop = n; + } + } ++ if (getenv("VNCVIEWER_ULTRADSM")) { ++ appData.ultraDSM = True; ++ } ++ if (getenv("SSVNC_ULTRA_DSM") && strcmp(getenv("SSVNC_ULTRA_DSM"), "")) { ++ appData.ultraDSM = True; ++ } + + /* Add our actions to the actions table so they can be used in widget resource specs */ -@@ -376,6 +1115,10 @@ +@@ -376,6 +1154,10 @@ return; } @@ -1650,20 +1689,32 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v if (argc == 1) { vncServerName = DoServerDialog(); appData.passwordDialog = True; -@@ -396,7 +1139,11 @@ +@@ -390,13 +1172,23 @@ + usage(); + } + ++ + if (strlen(vncServerName) > 255) { + fprintf(stderr,"VNC server name too long\n"); + exit(1); } colonPos = strchr(vncServerName, ':'); - if (colonPos == NULL) { + if (strstr(vncServerName, "exec=") == vncServerName) { + /* special exec-external-command case */ -+ strcpy(vncServerHost, vncServerName); -+ vncServerPort = SERVER_PORT_OFFSET; ++ strcpy(vncServerHost, vncServerName); ++ vncServerPort = SERVER_PORT_OFFSET; ++ if (! appData.ultraDSM) { ++ if (strstr(vncServerName, "ultravnc_dsm_helper")) { ++ appData.ultraDSM = True; ++ } ++ } + } else if (colonPos == NULL) { /* No colon -- use default port number */ strcpy(vncServerHost, vncServerName); vncServerPort = SERVER_PORT_OFFSET; -@@ -414,6 +1161,13 @@ +@@ -414,6 +1206,13 @@ if (!len || strspn(colonPos + 1, "0123456789") != len) { usage(); } @@ -4369,7 +4420,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/hextile.c vnc_unixsrc/vncview +#undef FillRectangle diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewer/listen.c --- vnc_unixsrc.orig/vncviewer/listen.c 2001-01-16 03:07:57.000000000 -0500 -+++ vnc_unixsrc/vncviewer/listen.c 2008-09-06 18:17:58.000000000 -0400 ++++ vnc_unixsrc/vncviewer/listen.c 2008-09-07 11:23:30.000000000 -0400 @@ -58,6 +58,8 @@ int n; int i; @@ -4447,7 +4498,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe if (FD_ISSET(flashSocket, &fds)) { sock = AcceptTcpConnection(flashSocket); -@@ -151,11 +181,35 @@ +@@ -151,11 +181,48 @@ } close(sock); } @@ -4463,7 +4514,20 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe + rfbsock = AcceptTcpConnection(listenSocket); + + if (sml != NULL) { -+ if (strcmp(sml, "") && strcmp(sml, "0")) { ++ if (strstr(sml, "MAX:") == sml || strstr(sml, "max:") == sml) { ++ char *q = strchr(sml, ':'); ++ int maxc = atoi(q+1); ++ if (maxc == 0 && strcmp(q+1, "0")) { ++ maxc = -99; ++ } ++ if (maxc < 0) { ++ fprintf(stderr, "invalid SSVNC_MULTIPLE_LISTEN=MAX:n, %s, must be 0 or positive, using 1\n", sml); ++ } else if (maxc == 0) { ++ multi_ok = 1; ++ } else if (children < maxc) { ++ multi_ok = 1; ++ } ++ } else if (strcmp(sml, "") && strcmp(sml, "0")) { + multi_ok = 1; + } + } @@ -4486,7 +4550,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe XCloseDisplay(d); -@@ -175,6 +229,7 @@ +@@ -175,6 +242,7 @@ default: /* parent - go round and listen again */ @@ -4494,7 +4558,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe close(rfbsock); if (!(d = XOpenDisplay(displayname))) { fprintf(stderr,"%s: unable to open display %s\n", -@@ -182,6 +237,10 @@ +@@ -182,6 +250,10 @@ exit(1); } getFlashFont(d); @@ -4518,7 +4582,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/ static int diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer/popup.c --- vnc_unixsrc.orig/vncviewer/popup.c 2000-06-11 08:00:53.000000000 -0400 -+++ vnc_unixsrc/vncviewer/popup.c 2008-09-05 21:59:15.000000000 -0400 ++++ vnc_unixsrc/vncviewer/popup.c 2008-09-14 10:34:39.000000000 -0400 @@ -25,15 +25,44 @@ #include <X11/Xaw/Form.h> @@ -4566,7 +4630,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer XSetWMProtocols(dpy, XtWindow(popup), &wmDeleteWindow, 1); } -@@ -52,42 +81,453 @@ +@@ -52,42 +81,464 @@ }; void @@ -4818,11 +4882,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer +void ShowFile(Widget w, XEvent *event, String *params, Cardinal *num_params) { + int i, port0 = 7200, port, sock = -1; + char *cmd, *jar; -+ char fmt[] = "java -cp '%s' VncViewer HOST localhost PORT %d delayAuthPanel yes ignoreMSLogonCheck yes disableSSL yes ftpOnly yes graftFtp yes &"; ++ char fmt[] = "java -cp '%s' VncViewer HOST localhost PORT %d delayAuthPanel yes ignoreMSLogonCheck yes disableSSL yes ftpOnly yes graftFtp yes dsmActive no &"; + + if (getenv("SSVNC_ULTRA_FTP_JAR")) { + jar = getenv("SSVNC_ULTRA_FTP_JAR"); -+ cmd = (char *) malloc(strlen(fmt) + strlen(jar) + 10); ++ cmd = (char *) malloc(strlen(fmt) + strlen(jar) + 100); + } else { + fprintf(stderr, "Cannot find UltraVNC FTP jar file.\n"); + return; @@ -4848,6 +4912,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer + } else if (pid == 0) { + int i; + sprintf(cmd, fmt, jar, port); ++ if (appData.ultraDSM) { ++ char *q = strstr(cmd, "dsmActive"); ++ if (q) { ++ q = strstr(q, "no "); ++ if (q) { ++ q[0] = 'y'; ++ q[1] = 'e'; ++ q[2] = 's'; ++ } ++ } ++ } + for (i = 3; i < 100; i++) { + close(i); + } @@ -5063,7 +5138,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup_ad vnc_unixsrc/vncviewe +} diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncviewer/rfbproto.c --- vnc_unixsrc.orig/vncviewer/rfbproto.c 2008-09-05 19:51:24.000000000 -0400 -+++ vnc_unixsrc/vncviewer/rfbproto.c 2008-09-05 21:51:53.000000000 -0400 ++++ vnc_unixsrc/vncviewer/rfbproto.c 2008-09-13 18:00:27.000000000 -0400 @@ -23,6 +23,7 @@ * rfbproto.c - functions to deal with client side of RFB protocol. */ @@ -5117,18 +5192,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie static void ReadConnFailedReason(void); static long ReadCompactLen (void); -@@ -68,6 +107,10 @@ +@@ -67,6 +106,11 @@ + static void JpegSetSrcManager(j_decompress_ptr cinfo, CARD8 *compressedData, int compressedLen); - ++extern int currentMsg; ++ +int sent_FBU = 0; +int skip_XtUpdate = 0; +int skip_XtUpdateAll = 0; -+ + int rfbsock; char *desktopName; - rfbPixelFormat myFormat; -@@ -177,6 +220,9 @@ +@@ -177,6 +221,9 @@ sig_rfbEncodingPointerPos, "Pointer position update"); CapsAdd(encodingCaps, rfbEncodingLastRect, rfbTightVncVendor, sig_rfbEncodingLastRect, "LastRect protocol extension"); @@ -5138,7 +5214,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -187,21 +233,104 @@ +@@ -187,21 +234,104 @@ Bool ConnectToRFBServer(const char *hostname, int port) { @@ -5256,7 +5332,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -212,211 +341,299 @@ +@@ -212,211 +342,301 @@ Bool InitialiseRFBConnection(void) { @@ -5385,7 +5461,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie - if (!WriteExact(rfbsock, pv, sz_rfbProtocolVersionMsg)) - return False; -+ if (server_major == 3 && (server_minor == 14 || server_minor == 16)) { ++ if (appData.rfbVersion != NULL && sscanf(appData.rfbVersion, "%d.%d", &viewer_major, &viewer_minor) == 2) { ++ fprintf(stderr,"Setting RFB version to %d.%d from -rfbversion.\n", viewer_major, viewer_minor); ++ } else if (server_major == 3 && (server_minor == 14 || server_minor == 16)) { + /* hack for UltraVNC Single Click. They misuse rfb proto version */ + fprintf(stderr,"Setting RFB version to 3.3 for UltraVNC Single Click.\n"); + viewer_minor = rfbProtocolFallbackMinorVersion; @@ -5697,21 +5775,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + break; + } + } ++ ++ free(secTypes); - if (secType == rfbSecTypeInvalid) - fprintf(stderr, "Server did not offer supported security type\n"); -+ free(secTypes); - -- return (int)secType; + if (secType == rfbSecTypeInvalid) { + fprintf(stderr, "Server did not offer supported security type\n"); + } -+ + +- return (int)secType; + return (int)secType; } -@@ -451,6 +668,9 @@ +@@ -451,6 +671,9 @@ return True; } @@ -5721,7 +5799,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie /* * Negotiate authentication scheme (protocol version 3.7t) -@@ -459,56 +679,61 @@ +@@ -459,56 +682,61 @@ static Bool PerformAuthenticationTight(void) { @@ -5825,7 +5903,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -519,80 +744,97 @@ +@@ -519,80 +747,97 @@ static Bool AuthenticateVNC(void) { @@ -5986,7 +6064,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } /* -@@ -602,68 +844,71 @@ +@@ -602,68 +847,71 @@ static Bool AuthenticateUnixLogin(void) { @@ -6110,7 +6188,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -675,19 +920,20 @@ +@@ -675,19 +923,20 @@ static Bool ReadInteractionCaps(void) { @@ -6143,7 +6221,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -700,17 +946,18 @@ +@@ -700,17 +949,18 @@ static Bool ReadCapabilityList(CapsContainer *caps, int count) { @@ -6171,26 +6249,38 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -729,6 +976,10 @@ +@@ -729,6 +979,11 @@ Bool requestCompressLevel = False; Bool requestQualityLevel = False; Bool requestLastRectEncoding = False; + Bool requestNewFBSizeEncoding = True; + Bool requestTextChatEncoding = True; ++ int dsm = 0; + +// fprintf(stderr, "SetFormatAndEncodings: sent_FBU state: %2d\n", sent_FBU); spf.type = rfbSetPixelFormat; spf.format = myFormat; -@@ -736,6 +987,7 @@ +@@ -736,12 +991,18 @@ spf.format.greenMax = Swap16IfLE(spf.format.greenMax); spf.format.blueMax = Swap16IfLE(spf.format.blueMax); + ++ currentMsg = rfbSetPixelFormat; if (!WriteExact(rfbsock, (char *)&spf, sz_rfbSetPixelFormatMsg)) return False; -@@ -754,6 +1006,12 @@ + se->type = rfbSetEncodings; + se->nEncodings = 0; + ++ if (appData.ultraDSM) { ++ dsm = 1; ++ } ++ + if (appData.encodingsString) { + char *encStr = appData.encodingsString; + int encStrLen; +@@ -754,11 +1015,17 @@ encStrLen = strlen(encStr); } @@ -6203,7 +6293,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie if (strncasecmp(encStr,"raw",encStrLen) == 0) { encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRaw); } else if (strncasecmp(encStr,"copyrect",encStrLen) == 0) { -@@ -775,6 +1033,20 @@ + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCopyRect); +- } else if (strncasecmp(encStr,"tight",encStrLen) == 0) { ++ } else if (strncasecmp(encStr,"tight",encStrLen) == 0 && !dsm) { + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight); + requestLastRectEncoding = True; + if (appData.compressLevel >= 0 && appData.compressLevel <= 9) +@@ -767,16 +1034,33 @@ + requestQualityLevel = True; + } else if (strncasecmp(encStr,"hextile",encStrLen) == 0) { + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingHextile); +- } else if (strncasecmp(encStr,"zlib",encStrLen) == 0) { ++ } else if (strncasecmp(encStr,"zlib",encStrLen) == 0 && !dsm) { + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib); + if (appData.compressLevel >= 0 && appData.compressLevel <= 9) + requestCompressLevel = True; +- } else if (strncasecmp(encStr,"corre",encStrLen) == 0) { ++ } else if (strncasecmp(encStr,"corre",encStrLen) == 0 && !dsm) { encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE); } else if (strncasecmp(encStr,"rre",encStrLen) == 0) { encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRRE); @@ -6223,8 +6329,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie +#endif } else { fprintf(stderr,"Unknown encoding '%.*s'\n",encStrLen,encStr); ++ if (dsm && strstr(encStr, "tight") == encStr) fprintf(stderr, "tight encoding does not yet work with ultraDSM, skipping it.\n"); ++ if (dsm && strstr(encStr, "corre") == encStr) fprintf(stderr, "corre encoding does not yet work with ultraDSM, skipping it.\n"); ++ if (dsm && strstr(encStr, "zlib" ) == encStr) fprintf(stderr, "zlib encoding does not yet work with ultraDSM, skipping it.\n"); } -@@ -797,7 +1069,7 @@ + + encStr = nextEncStr; +@@ -797,7 +1081,7 @@ if (appData.useRemoteCursor) { if (se->nEncodings < MAX_ENCODINGS) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingXCursor); @@ -6233,7 +6344,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRichCursor); if (se->nEncodings < MAX_ENCODINGS) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingPointerPos); -@@ -806,10 +1078,14 @@ +@@ -806,10 +1090,14 @@ if (se->nEncodings < MAX_ENCODINGS && requestLastRectEncoding) { encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect); } @@ -6249,16 +6360,36 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie fprintf(stderr,"Same machine: preferring raw encoding\n"); encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRaw); } else { -@@ -819,6 +1095,8 @@ +@@ -818,13 +1106,15 @@ + } encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCopyRect); - encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight); +- encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight); ++ if (!dsm) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight); + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZRLE); + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZYWRLE); encs[se->nEncodings++] = Swap32IfLE(rfbEncodingHextile); - encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib); - encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE); -@@ -844,11 +1122,14 @@ +- encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib); +- encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE); ++ if (!dsm) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib); ++ if (!dsm) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE); + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRRE); + +- if (appData.compressLevel >= 0 && appData.compressLevel <= 9) { ++ if (!dsm && appData.compressLevel >= 0 && appData.compressLevel <= 9) { + encs[se->nEncodings++] = Swap32IfLE(appData.compressLevel + + rfbEncodingCompressLevel0); + } else if (!tunnelSpecified) { +@@ -835,7 +1125,7 @@ + encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCompressLevel1); + } + +- if (appData.enableJPEG) { ++ if (!dsm && appData.enableJPEG) { + if (appData.qualityLevel < 0 || appData.qualityLevel > 9) + appData.qualityLevel = 5; + encs[se->nEncodings++] = Swap32IfLE(appData.qualityLevel + +@@ -844,18 +1134,35 @@ if (appData.useRemoteCursor) { encs[se->nEncodings++] = Swap32IfLE(rfbEncodingXCursor); @@ -6274,7 +6405,30 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } len = sz_rfbSetEncodingsMsg + se->nEncodings * 4; -@@ -868,31 +1149,109 @@ + +- se->nEncodings = Swap16IfLE(se->nEncodings); ++ if (!appData.ultraDSM) { ++ se->nEncodings = Swap16IfLE(se->nEncodings); + +- if (!WriteExact(rfbsock, buf, len)) return False; ++ if (!WriteExact(rfbsock, buf, len)) return False; ++ } else { ++ /* for UltraVNC encryption DSM we have to send each encoding separately (why?) */ ++ int i, errs = 0, nenc = se->nEncodings; ++ ++ se->nEncodings = Swap16IfLE(se->nEncodings); ++ ++ currentMsg = rfbSetEncodings; ++ if (!WriteExact(rfbsock, buf, sz_rfbSetEncodingsMsg)) errs++; ++ for (i=0; i < nenc; i++) { ++ if (!WriteExact(rfbsock, (char *)&encs[i], sizeof(CARD32))) errs++; ++ } ++ if (errs) return False; ++ } + + return True; + } +@@ -868,31 +1175,110 @@ Bool SendIncrementalFramebufferUpdateRequest() { @@ -6282,8 +6436,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie - si.framebufferHeight, True); + return SendFramebufferUpdateRequest(0, 0, si.framebufferWidth, + si.framebufferHeight, True); - } - ++} ++ +time_t last_filexfer = 0; +int delay_filexfer = 3; +extern void CheckFileXfer(void); @@ -6308,12 +6462,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie +if (db) { + ready = rfbsock_is_ready(); + fprintf(stderr, "rsir: %d\n", ready); -+} + } +#endif +// x = y = 0; +// w = h = 1; + -+ + +static int dyn = -1; +extern int filexfer_sock; +extern int filexfer_listen; @@ -6389,6 +6543,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + sent_FBU = 2; + } + ++ currentMsg = rfbFramebufferUpdateRequest; + if (!WriteExact(rfbsock, (char *)&fur, sz_rfbFramebufferUpdateRequestMsg)) { + return False; + } @@ -6397,7 +6552,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -903,19 +1262,27 @@ +@@ -903,19 +1289,28 @@ Bool SendPointerEvent(int x, int y, int buttonMask) { @@ -6410,11 +6565,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + return True; + } + } -+ -+ pe.type = rfbPointerEvent; -+ pe.buttonMask = buttonMask; -+ if (x < 0) x = 0; -+ if (y < 0) y = 0; - pe.type = rfbPointerEvent; - pe.buttonMask = buttonMask; @@ -6427,42 +6577,49 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie - pe.x = Swap16IfLE(x); - pe.y = Swap16IfLE(y); - return WriteExact(rfbsock, (char *)&pe, sz_rfbPointerEventMsg); ++ pe.type = rfbPointerEvent; ++ pe.buttonMask = buttonMask; ++ if (x < 0) x = 0; ++ if (y < 0) y = 0; ++ + if (!appData.useX11Cursor) { + SoftCursorMove(x, y); + } + + pe.x = Swap16IfLE(x); + pe.y = Swap16IfLE(y); ++ currentMsg = rfbPointerEvent; + return WriteExact(rfbsock, (char *)&pe, sz_rfbPointerEventMsg); } -@@ -926,12 +1293,19 @@ +@@ -926,12 +1321,20 @@ Bool SendKeyEvent(CARD32 key, Bool down) { - rfbKeyEventMsg ke; + rfbKeyEventMsg ke; - -- ke.type = rfbKeyEvent; -- ke.down = down ? 1 : 0; -- ke.key = Swap32IfLE(key); -- return WriteExact(rfbsock, (char *)&ke, sz_rfbKeyEventMsg); ++ + if (appData.fileActive) { + if (!dyn || time(NULL) < last_filexfer + delay_filexfer) { + //fprintf(stderr, "skip SendPointerEvent: %d - %d\n", last_filexfer, time(NULL)); + return True; + } + } -+ + +- ke.type = rfbKeyEvent; +- ke.down = down ? 1 : 0; +- ke.key = Swap32IfLE(key); +- return WriteExact(rfbsock, (char *)&ke, sz_rfbKeyEventMsg); + ke.type = rfbKeyEvent; + ke.down = down ? 1 : 0; + ke.key = Swap32IfLE(key); ++ currentMsg = rfbKeyEvent; + return WriteExact(rfbsock, (char *)&ke, sz_rfbKeyEventMsg); } -@@ -942,281 +1316,818 @@ +@@ -942,281 +1345,860 @@ Bool SendClientCutText(char *str, int len) { @@ -6495,6 +6652,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + + cct.type = rfbClientCutText; + cct.length = Swap32IfLE(len); ++ currentMsg = rfbClientCutText; + return (WriteExact(rfbsock, (char *)&cct, sz_rfbClientCutTextMsg) && + WriteExact(rfbsock, str, len)); } @@ -6515,6 +6673,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + ultra_scale = nfac; + ssc.type = rfbSetScale; + ssc.scale = nfac; ++ currentMsg = rfbSetScale; + return WriteExact(rfbsock, (char *)&ssc, sz_rfbSetScaleMsg); +} @@ -6529,6 +6688,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie - return False; + sim.type = rfbSetServerInput; + sim.status = enabled; ++ currentMsg = rfbSetServerInput; + return WriteExact(rfbsock, (char *)&sim, sz_rfbSetServerInputMsg); +} @@ -6568,6 +6728,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + + } + sw.status = True; ++ currentMsg = rfbSetSW; + return WriteExact(rfbsock, (char *)&sw, sz_rfbSetSWMsg); +} @@ -6586,6 +6747,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + if (!WriteExact(rfbsock, (char *)&chat, sz_rfbTextChatMsg)) { + return False; + } ++ currentMsg = rfbTextChat; + return WriteExact(rfbsock, str, strlen(str)); +} @@ -6910,6 +7072,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + return False; } - break; ++ if (appData.ultraDSM) { ++ if (!ReadFromRFBServer((char *)&msg, 1)) { ++ return False; ++ } ++ } ++ ++//fprintf(stderr, "msg.type: %d\n", msg.type); - case rfbEncodingCopyRect: - { @@ -7121,6 +7290,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + rect.r.w = Swap16IfLE(rect.r.w); + rect.r.h = Swap16IfLE(rect.r.h); + ++ + if (rect.encoding == rfbEncodingXCursor || rect.encoding == rfbEncodingRichCursor) { + if (db) fprintf(stderr, "FBU-Cur1 %.6f\n", dnow()); + if (!HandleCursorShape(rect.r.x, rect.r.y, rect.r.w, rect.r.h, rect.encoding)) { @@ -7156,6 +7326,35 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie + } + if (rdb) fprintf(stderr,"Rect: %dx%d at (%d, %d)\n", rect.r.w, rect.r.h, rect.r.x, rect.r.y); + ++ if (appData.ultraDSM) { ++ /* ++ * What a huge mess the UltraVNC DSM plugin is!!! ++ * We read and ignore their little "this much data" hint... ++ */ ++ switch (rect.encoding) ++ { ++ case rfbEncodingRaw: ++ case rfbEncodingRRE: ++ case rfbEncodingCoRRE: ++ case rfbEncodingHextile: ++ //case rfbEncodingUltra: ++// case rfbEncodingZlib: ++ //case rfbEncodingXOR_Zlib: ++ //case rfbEncodingXORMultiColor_Zlib: ++ //case rfbEncodingXORMonoColor_Zlib: ++ //case rfbEncodingSolidColor: ++ case rfbEncodingTight: ++ case rfbEncodingZlibHex: ++ case rfbEncodingZRLE: ++ case rfbEncodingZYWRLE: ++ { ++ CARD32 discard; ++ ReadFromRFBServer((char *)&discard, sizeof(CARD32)); ++ } ++ break; ++ } ++ } ++ + if ((rect.r.x + rect.r.w > si.framebufferWidth) || + (rect.r.y + rect.r.h > si.framebufferHeight)) { + fprintf(stderr,"Rect too large: %dx%d at (%d, %d) encoding=%d\n", @@ -7504,7 +7703,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie #ifdef MITSHM /* if using shared memory PutImage, make sure that the X server has -@@ -1224,59 +2135,165 @@ +@@ -1224,59 +2206,165 @@ mainly to avoid copyrect using invalid screen contents - not sure if we'd need it otherwise. */ @@ -7535,12 +7734,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie { - Window toplevelWin; + Window toplevelWin; -+ + +- XBell(dpy, 0); + if (appData.useBell) { + XBell(dpy, 0); + } - -- XBell(dpy, 0); ++ + if (appData.raiseOnBeep) { + toplevelWin = XtWindow(toplevel); + XMapRaised(dpy, toplevelWin); @@ -7703,7 +7902,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie } -@@ -1296,26 +2313,47 @@ +@@ -1296,26 +2384,47 @@ #define CONCAT2(a,b) a##b #define CONCAT2E(a,b) CONCAT2(a,b) @@ -7751,7 +7950,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie #undef BPP /* -@@ -1358,9 +2396,9 @@ +@@ -1358,9 +2467,9 @@ " %s significant bit in each byte is leftmost on the screen.\n", (format->bigEndian ? "Most" : "Least")); } else { @@ -7763,7 +7962,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie (format->bigEndian ? "Most" : "Least")); } if (format->trueColour) { -@@ -1462,4 +2500,3 @@ +@@ -1462,4 +2571,3 @@ cinfo->src = &jpegSrcManager; } @@ -7987,7 +8186,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/smake vnc_unixsrc/vncviewer/s +fi diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncviewer/sockets.c --- vnc_unixsrc.orig/vncviewer/sockets.c 2001-01-14 22:54:18.000000000 -0500 -+++ vnc_unixsrc/vncviewer/sockets.c 2008-09-03 14:33:59.000000000 -0400 ++++ vnc_unixsrc/vncviewer/sockets.c 2008-09-14 10:28:56.000000000 -0400 @@ -27,6 +27,7 @@ #include <netinet/in.h> #include <netinet/tcp.h> @@ -7996,7 +8195,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview #include <netdb.h> #include <fcntl.h> #include <assert.h> -@@ -56,22 +57,327 @@ +@@ -56,22 +57,339 @@ */ static Bool rfbsockReady = False; @@ -8124,7 +8323,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview + fprintf(stderr, " %d", (int) fxfer[i]); + } + fprintf(stderr, " ?\n"); -+} + } + if (0 || db) fprintf(stderr, "filexfer read[%d] %d.\n", icnt, rn); + if (rn < 0) { + fprintf(stderr, "filexfer bad read: %d\n", errno); @@ -8144,6 +8343,18 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview + bytes += rn; + last_filexfer = time(NULL); + //fprintf(stderr, "last_filexfer-2b: %d\n", last_filexfer); ++ ++ if (0) { ++ /* WE TRY TO FIX THIS IN THE JAVA NOW */ ++ if (appData.ultraDSM) { ++ unsigned char msg = rfbFileTransfer; ++ unsigned char hdc = (unsigned char) fxfer[0]; ++ if (msg == hdc) { ++ /* cross your fingers... */ ++ WriteExact(rfbsock, (char *)&msg, 1); ++ } ++ } ++ } + if (!WriteExact(rfbsock, fxfer, rn)) { + return; + } @@ -8210,12 +8421,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview + } +//fprintf(stderr, "Out CheckFileXfer\n"); + return; - } - ++} ++ +static time_t time_mark; +extern int delay_filexfer; +#include <sys/stat.h> -+ + static void ProcessXtEvents() { @@ -8332,10 +8543,91 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview } Bool -@@ -191,6 +497,40 @@ - return True; +@@ -151,6 +469,8 @@ } + ++int currentMsg = -1; ++ + /* + * Write an exact number of bytes, and don't return until you've sent them. + */ +@@ -158,37 +478,81 @@ + Bool + WriteExact(int sock, char *buf, int n) + { +- fd_set fds; +- int i = 0; +- int j; +- +- while (i < n) { +- j = write(sock, buf + i, (n - i)); +- if (j <= 0) { +- if (j < 0) { +- if (errno == EWOULDBLOCK || errno == EAGAIN) { +- FD_ZERO(&fds); +- FD_SET(rfbsock,&fds); ++ fd_set fds; ++ int i = 0; ++ int j; ++ ++ if (appData.ultraDSM && currentMsg >= 0) { ++ /* this is for goofy UltraVNC DSM send RFB msg char twice: */ ++ unsigned char msg = (unsigned char) currentMsg; ++ currentMsg = -1; ++ if (!WriteExact(sock, (char *)&msg, sizeof(msg))) { ++ return False; ++ } ++ } ++ currentMsg = -1; + +- if (select(rfbsock+1, NULL, &fds, NULL, NULL) <= 0) { +- fprintf(stderr,programName); +- perror(": select"); +- return False; +- } +- j = 0; +- } else { +- fprintf(stderr,programName); +- perror(": write"); +- return False; ++ while (i < n) { ++ j = write(sock, buf + i, (n - i)); ++ if (j <= 0) { ++ if (j < 0) { ++ if (errno == EWOULDBLOCK || errno == EAGAIN) { ++ FD_ZERO(&fds); ++ FD_SET(rfbsock,&fds); ++ ++ if (select(rfbsock+1, NULL, &fds, NULL, NULL) <= 0) { ++ fprintf(stderr,programName); ++ perror(": select"); ++ return False; ++ } ++ j = 0; ++ } else { ++ fprintf(stderr,programName); ++ perror(": write"); ++ return False; ++ } ++ } else { ++ fprintf(stderr,"%s: write failed\n",programName); ++ return False; ++ } ++ } ++ i += j; + } +- } else { +- fprintf(stderr,"%s: write failed\n",programName); +- return False; +- } +- } +- i += j; +- } +- return True; ++ return True; ++} ++ +int +ConnectToUnixSocket(char *file) { + int sock; @@ -8368,12 +8660,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview + } + + return sock; -+} -+ + } - /* - * ConnectToTcpAddr connects to the given TCP port. -@@ -203,6 +543,8 @@ + +@@ -203,6 +567,8 @@ struct sockaddr_in addr; int one = 1; @@ -8382,7 +8672,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview addr.sin_family = AF_INET; addr.sin_port = htons(port); addr.sin_addr.s_addr = host; -@@ -232,7 +574,22 @@ +@@ -232,7 +598,22 @@ return sock; } @@ -8405,7 +8695,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview /* * FindFreeTcpPort tries to find unused TCP port in the range -@@ -245,6 +602,8 @@ +@@ -245,6 +626,8 @@ int sock, port; struct sockaddr_in addr; @@ -8414,7 +8704,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview addr.sin_family = AF_INET; addr.sin_addr.s_addr = INADDR_ANY; -@@ -272,6 +631,8 @@ +@@ -272,6 +655,8 @@ * ListenAtTcpPort starts listening at the given TCP port. */ @@ -8423,7 +8713,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview int ListenAtTcpPort(int port) { -@@ -279,10 +640,16 @@ +@@ -279,10 +664,16 @@ struct sockaddr_in addr; int one = 1; @@ -8495,599 +8785,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/tunnel.c vnc_unixsrc/vncviewe } sprintf(lastArgv, "localhost::%d", localPort); -diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer._man vnc_unixsrc/vncviewer/vncviewer._man ---- vnc_unixsrc.orig/vncviewer/vncviewer._man 1969-12-31 19:00:00.000000000 -0500 -+++ vnc_unixsrc/vncviewer/vncviewer._man 2008-09-02 13:31:57.000000000 -0400 -@@ -0,0 +1,586 @@ -+'\" t -+.\" ** The above line should force tbl to be a preprocessor ** -+.\" Man page for X vncviewer -+.\" -+.\" Copyright (C) 1998 Marcus.Brinkmann@ruhr-uni-bochum.de -+.\" Copyright (C) 2000,2001 Red Hat, Inc. -+.\" Copyright (C) 2001-2003 Constantin Kaplinsky <const@ce.cctpu.edu.ru> -+.\" Copyright (C) 2006-2008 Karl J. Runge <runge@karlrunge.com> -+.\" -+.\" You may distribute under the terms of the GNU General Public -+.\" License as specified in the file LICENCE.TXT that comes with the -+.\" TightVNC distribution. -+.\" -+.TH ssvncviewer 1 "August 2008" "" "SSVNC" -+.SH NAME -+ssvncviewer \- an X viewer client for VNC -+.SH SYNOPSIS -+.B ssvncviewer -+.RI [\| options \|] -+.RI [\| host \|][\| :display \|] -+.br -+.B ssvncviewer -+.RI [\| options \|] -+.RI [\| host \|][\| ::port \|] -+.br -+.B ssvncviewer -+.RI [\| options \|] -+.RI exec=[\| cmd+args... \|] -+.br -+.B ssvncviewer -+.RI [\| options \|] -+.RI /path/to/unix/socket -+.br -+.B ssvncviewer -+.RI [\| options \|] -+.IR \-listen -+.RI [\| display \|] -+.br -+.B ssvncviewer -+.IR \-help -+.br -+.SH DESCRIPTION -+.B ssvncviewer -+is an Xt\-based client application for the VNC (Virtual Network -+Computing) system. It can connect to any VNC\-compatible server such -+as \fBXvnc\fR, WinVNC, or \fBx11vnc\fR, allowing you to control desktop environment -+of a different machine. -+ -+ssvncviewer is an enhanced version of the tightvnc unix viewer that can -+take advantage of features in the \fBx11vnc\fR and UltraVNC VNC servers. -+See below for the description of these features. -+ -+You can use F8 to display a pop\-up utility menu. Press F8 twice to -+pass single F8 to the remote side. -+.SH OPTIONS -+.TP -+\fB\-help\fR -+Prints a short usage notice to stderr. -+.TP -+\fB\-listen\fR -+Make the viewer listen on port 5500+\fIdisplay\fR for reverse -+connections from a server. WinVNC supports reverse connections using -+the "Add New Client" menu option, or the \-connect command line -+option. \fBXvnc\fR requires the use of the helper program -+\fBvncconnect\fR. -+.TP -+\fB\-via\fR \fIgateway\fR -+Automatically create encrypted TCP tunnel to the \fIgateway\fR machine -+before connection, connect to the \fIhost\fR through that tunnel -+(TightVNC\-specific). By default, this option invokes SSH local port -+forwarding, assuming that SSH client binary can be accessed as -+/usr/bin/ssh. Note that when using the \fB\-via\fR option, the host -+machine name should be specified as known to the gateway machine, e.g. -+"localhost" denotes the \fIgateway\fR, not the machine where vncviewer -+was launched. See the ENVIRONMENT section below for the information on -+configuring the \fB\-via\fR option. -+.TP -+\fB\-shared\fR -+When connecting, specify that a shared connection is requested. In -+TightVNC, this is the default mode, allowing you to share the desktop -+with other clients already using it. -+.TP -+\fB\-noshared\fR -+When connecting, specify that the session may not be shared. This -+would either disconnect other connected clients or refuse your -+connection, depending on the server configuration. -+.TP -+\fB\-viewonly\fR -+Disable transfer of mouse and keyboard events from the client to the -+server. -+.TP -+\fB\-fullscreen\fR -+Start in full\-screen mode. Please be aware that operating in -+full\-screen mode may confuse X window managers. Typically, such -+conflicts cause incorrect handling of input focus or make the viewer -+window disappear mysteriously. See the grabKeyboard setting in the -+RESOURCES section below for a method to solve input focus problem. -+.TP -+\fB\-noraiseonbeep\fR -+By default, the viewer shows and raises its window on remote beep -+(bell) event. This option disables such behaviour -+(TightVNC\-specific). -+.TP -+\fB\-user\fR \fIusername\fR -+User name for Unix login authentication. Default is to use current -+Unix user name. If this option was given, the viewer will prefer Unix -+login authentication over the standard VNC authentication. -+.TP -+\fB\-passwd\fR \fIpasswd\-file\fR -+File from which to get the password (as generated by the -+\fBvncpasswd\fR(1) program). This option affects only the standard VNC -+authentication. -+.TP -+\fB\-encodings\fR \fIencoding\-list\fR -+TightVNC supports several different compression methods to encode -+screen updates; this option specifies a set of them to use in order of -+preference. Encodings are specified separated with spaces, and must -+thus be enclosed in quotes if more than one is specified. Available -+encodings, in default order for a remote connection, are "copyrect -+tight hextile zlib corre rre raw". For a local connection (to the same -+machine), the default order to try is "raw copyrect tight hextile zlib -+corre rre". Raw encoding is always assumed as a last option if no -+other encoding can be used for some reason. For more information on -+encodings, see the section ENCODINGS below. -+.TP -+\fB\-bgr233\fR -+Always use the BGR233 format to encode pixel data. This reduces -+network traffic, but colors may be represented inaccurately. The -+bgr233 format is an 8\-bit "true color" format, with 2 bits blue, 3 -+bits green, and 3 bits red. -+.TP -+\fB\-owncmap\fR -+Try to use a PseudoColor visual and a private colormap. This allows -+the VNC server to control the colormap. -+.TP -+\fB\-truecolour\fR, \fB\-truecolor\fR -+Try to use a TrueColor visual. -+.TP -+\fB\-depth\fR \fIdepth\fR -+On an X server which supports multiple TrueColor visuals of different -+depths, attempt to use the specified one (in bits per pixel); if -+successful, this depth will be requested from the VNC server. -+.TP -+\fB\-compresslevel \fIlevel\fR -+Use specified compression \fIlevel\fR (0..9) for "tight" and "zlib" -+encodings (TightVNC\-specific). Level 1 uses minimum of CPU time and -+achieves weak compression ratios, while level 9 offers best -+compression but is slow in terms of CPU time consumption on the server -+side. Use high levels with very slow network connections, and low -+levels when working over high\-speed LANs. It's not recommended to use -+compression level 0, reasonable choices start from the level 1. -+.TP -+\fB\-quality \fIlevel\fR -+Use the specified JPEG quality \fIlevel\fR (0..9) for the "tight" -+encoding (TightVNC\-specific). Quality level 0 denotes bad image -+quality but very impressive compression ratios, while level 9 offers -+very good image quality at lower compression ratios. Note that the -+"tight" encoder uses JPEG to encode only those screen areas that look -+suitable for lossy compression, so quality level 0 does not always -+mean unacceptable image quality. -+.TP -+\fB\-nojpeg\fR -+Disable lossy JPEG compression in Tight encoding (TightVNC\-specific). -+Disabling JPEG compression is not a good idea in typical cases, as -+that makes the Tight encoder less efficient. You might want to use -+this option if it's absolutely necessary to achieve perfect image -+quality (see also the \fB\-quality\fR option). -+.TP -+\fB\-nocursorshape\fR -+Disable cursor shape updates, protocol extensions used to handle -+remote cursor movements locally on the client side -+(TightVNC\-specific). Using cursor shape updates decreases delays with -+remote cursor movements, and can improve bandwidth usage dramatically. -+.TP -+\fB\-x11cursor\fR -+Use a real X11 cursor with X-style cursor shape updates, instead of -+drawing the remote cursor on the framebuffer. This option also -+disables the dot cursor, and disables cursor position updates in -+non-fullscreen mode. -+.TP -+\fB\-autopass\fR -+Read a plain-text password from stdin. This option affects only the -+standard VNC authentication. -+ -+.SH Enhanced TightVNC Viewer (SSVNC) OPTIONS -+.TP -+Enhanced TightVNC Viewer (SSVNC) web page is located at: -+.TP -+http://www.karlrunge.com/x11vnc/ssvnc.html -+.TP -+Note: ZRLE and ZYWRLE encodings are now supported. -+.TP -+Note: F9 is shortcut to Toggle FullScreen mode. -+.TP -+Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1 -+to allow more than one incoming VNC server at a time. -+.TP -+Note: If the host:port is specified as "exec=command args..." -+then instead of making a TCP/IP socket connection to the -+remote VNC server, "command args..." is executed and the -+viewer is attached to its stdio. This enables tunnelling -+established via an external command, e.g. an stunnel(8) -+that does not involve a listening socket. -+This mode does not work for -listen reverse connections. -+.TP -+Note: If the host:port contains a '/' it is interpreted as a -+unix-domain socket (AF_LOCAL insead of AF_INET) -+.TP -+\fB\-use64\fR -+In \fB\-bgr233\fR mode, use 64 colors instead of 256. -+.TP -+\fB\-bgr222\fR -+Same as \fB\-use64\fR. -+.TP -+\fB\-use8\fR -+In \fB\-bgr233\fR mode, use 8 colors instead of 256. -+.TP -+\fB\-bgr111\fR -+Same as \fB\-use8\fR. -+.TP -+\fB\-16bpp\fR -+If the vnc viewer X display is depth 24 at 32bpp -+request a 16bpp format from the VNC server to cut -+network traffic by up to 2X, then tranlate the -+pixels to 32bpp locally. -+.TP -+\fB\-bgr565\fR -+Same as \fB\-16bpp\fR. -+.TP -+\fB\-grey\fR -+Use a grey scale for the 16- and 8\fB\-bpp\fR modes. -+.TP -+\fB\-alpha\fR -+Use alphablending transparency for local cursors -+requires: x11vnc server, both client and server -+must be 32bpp and same endianness. -+.TP -+\fB\-ycrop\fR n -+Only show the top n rows of the framebuffer. For -+use with x11vnc \fB\-ncache\fR client caching option -+to help "hide" the pixel cache region. -+Use a negative value (e.g. \fB\-1\fR) for autodetection. -+Autodetection will always take place if the remote -+fb height is more than 2 times the width. -+.TP -+\fB\-sbwidth\fR n -+Scrollbar width for x11vnc \fB\-ncache\fR mode (\fB\-ycrop\fR), -+default is very narrow: 2 pixels, it is narrow to -+avoid distraction in \fB\-ycrop\fR mode. -+.TP -+\fB\-nobell\fR -+Disable bell. -+.TP -+\fB\-rawlocal\fR -+Prefer raw encoding for localhost, default is -+no, i.e. assumes you have a SSH tunnel instead. -+.TP -+\fB\-graball\fR -+Grab the entire X server when in fullscreen mode, -+needed by some old window managers like fvwm2. -+.TP -+\fB\-popupfix\fR -+Warp the popup back to the pointer position, -+needed by some old window managers like fvwm2. -+.TP -+\fB\-grabkbd\fR -+Grab the X keyboard when in fullscreen mode, -+needed by some window managers. Same as \fB\-grabkeyboard\fR. -+\fB\-grabkbd\fR is the default, use \fB\-nograbkbd\fR to disable. -+.TP -+\fB\-bs\fR, \fB\-nobs\fR -+Whether or not to use X server Backingstore for the -+main viewer window. The default is to not, mainly -+because most Linux, etc, systems X servers disable -+*all* Backingstore by default. To re\fB\-enable\fR it put -+Option "Backingstore" -+in the Device section of /etc/X11/xorg.conf. -+In \fB\-bs\fR mode with no X server backingstore, whenever an -+area of the screen is re\fB\-exposed\fR it must go out to the -+VNC server to retrieve the pixels. This is too slow. -+In \fB\-nobs\fR mode, memory is allocated by the viewer to -+provide its own backing of the main viewer window. This -+actually makes some activities faster (changes in large -+regions) but can appear to "flash" too much. -+.TP -+\fB\-noshm\fR -+Disable use of MIT shared memory extension (not recommended) -+.TP -+\fB\-termchat\fR -+Do the UltraVNC chat in the terminal vncviewer is in -+instead of in an independent window. -+.TP -+\fB\-unixpw\fR -+str Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a -+string that allows many ways to enter the Unix Username -+and Unix Password. These characters: username, newline, -+password, newline are sent to the VNC server after any VNC -+authentication has taken place. Under x11vnc they are -+used for the \fB\-unixpw\fR login. Other VNC servers could do -+something similar. -+You can also indicate "str" via the environment -+variable SSVNC_UNIXPW. -+Note that the Escape key is actually sent first to tell -+x11vnc to not echo the Unix Username back to the VNC -+viewer. Set SSVNC_UNIXPW_NOESC=1 to override this. -+If str is ".", then you are prompted at the command line -+for the username and password in the normal way. If str is -+"-" the stdin is read via getpass(3) for username@password. -+Otherwise if str is a file, it is opened and the first line -+read is taken as the Unix username and the 2nd as the -+password. If str prefixed by "rm:" the file is removed -+after reading. Otherwise, if str has a "@" character, -+it is taken as username@password. Otherwise, the program -+exits with an error. Got all that? -+.TP -+\fB-repeater\fR str This is for use with UltraVNC repeater proxy described -+here: http://www.uvnc.com/addons/repeater.html. The "str" -+is the ID string to be sent to the repeater. E.g. ID:1234 -+It can also be the hostname and port or display of the VNC -+server, e.g. 12.34.56.78:0 or snoopy.com:1. Note that when -+using -repeater, the host:dpy on the cmdline is the repeater -+server, NOT the VNC server. The repeater will connect you. -+Example: vncviewer ... -repeater ID:3333 repeat.host:5900 -+Example: vncviewer ... -repeater vhost:0 repeat.host:5900 -+.TP -+\fB\-printres\fR Print out the Ssvnc X resources (appdefaults) and -+then exit. You can save them to a file and customize them (e.g. the -+keybindings and Popup menu) Then point to the file via -+XENVIRONMENT or XAPPLRESDIR. -+.TP -+\fB New Popup actions:\fR -+ -+ ViewOnly: ~ -viewonly -+ Disable Bell: ~ -nobell -+ Cursor Shape: ~ -nocursorshape -+ X11 Cursor: ~ -x11cursor -+ Cursor Alphablend: ~ -alpha -+ Toggle Tight/ZRLE: ~ -encodings ... -+ Toggle ZRLE/ZYWRLE: ~ -encodings zywrle... -+ Quality Level ~ -quality (both Tight and ZYWRLE) -+ Compress Level ~ -compresslevel -+ Disable JPEG: ~ -nojpeg (Tight) -+ Full Color ~ as many colors as local screen allows. -+ Grey scale (16 & 8-bpp) ~ -grey, for low colors 16/8bpp modes. -+ 16 bit color (BGR565) ~ -16bpp / -bgr565 -+ 8 bit color (BGR233) ~ -bgr233 -+ 256 colors ~ -bgr233 default # of colors. -+ 64 colors ~ -bgr222 / -use64 -+ 8 colors ~ -bgr111 / -use8 -+ Set Y Crop (y-max) ~ -ycrop -+ Set Scrollbar Width ~ -sbwidth -+ -+ UltraVNC Extensions: -+ -+ Set 1/n Server Scale Ultravnc ext. Scale desktop by 1/n. -+ Text Chat Ultravnc ext. Do Text Chat. -+ File Transfer Ultravnc ext. File xfer via Java helper. -+ Single Window Ultravnc ext. Grab a single window. -+ (click on the window you want). -+ Disable Remote Input Ultravnc ext. Try to prevent input and -+ viewing of monitor at physical display. -+ -+ Note: the Ultravnc extensions only apply to servers that -+ support them. x11vnc/libvncserver supports some of them. -+ -+.SH ENCODINGS -+The server supplies information in whatever format is desired by the -+client, in order to make the client as easy as possible to implement. -+If the client represents itself as able to use multiple formats, the -+server will choose one. -+ -+.I Pixel format -+refers to the representation of an individual pixel. The most common -+formats are 24 and 16 bit "true\-color" values, and 8\-bit "color map" -+representations, where an arbitrary map converts the color number to -+RGB values. -+ -+.I Encoding -+refers to how a rectangle of pixels are sent (all pixel information in -+VNC is sent as rectangles). All rectangles come with a header giving -+the location and size of the rectangle and an encoding type used by -+the data which follows. These types are listed below. -+.TP -+.B Raw -+The raw encoding simply sends width*height pixel values. All clients -+are required to support this encoding type. Raw is also the fastest -+when the server and viewer are on the same machine, as the connection -+speed is essentially infinite and raw encoding minimizes processing -+time. -+.TP -+.B CopyRect -+The Copy Rectangle encoding is efficient when something is being -+moved; the only data sent is the location of a rectangle from which -+data should be copied to the current location. Copyrect could also be -+used to efficiently transmit a repeated pattern. -+.TP -+.B RRE -+The Rise\-and\-Run\-length\-Encoding is basically a 2D version of -+run\-length encoding (RLE). In this encoding, a sequence of identical -+pixels are compressed to a single value and repeat count. In VNC, this -+is implemented with a background color, and then specifications of an -+arbitrary number of subrectangles and color for each. This is an -+efficient encoding for large blocks of constant color. -+.TP -+.B CoRRE -+This is a minor variation on RRE, using a maximum of 255x255 pixel -+rectangles. This allows for single\-byte values to be used, reducing -+packet size. This is in general more efficient, because the savings -+from sending 1\-byte values generally outweighs the losses from the -+(relatively rare) cases where very large regions are painted the same -+color. -+.TP -+.B Hextile -+Here, rectangles are split up in to 16x16 tiles, which are sent in a -+predetermined order. The data within the tiles is sent either raw or -+as a variant on RRE. Hextile encoding is usually the best choice for -+using in high\-speed network environments (e.g. Ethernet local\-area -+networks). -+.TP -+.B Zlib -+Zlib is a very simple encoding that uses zlib library to compress raw -+pixel data. This encoding achieves good compression, but consumes a -+lot of CPU time. Support for this encoding is provided for -+compatibility with VNC servers that might not understand Tight -+encoding which is more efficient than Zlib in nearly all real\-life -+situations. -+.TP -+.B Tight -+Like Zlib encoding, Tight encoding uses zlib library to compress the -+pixel data, but it pre\-processes data to maximize compression ratios, -+and to minimize CPU usage on compression. Also, JPEG compression may -+be used to encode color\-rich screen areas (see the description of -+\-quality and \-nojpeg options above). Tight encoding is usually the -+best choice for low\-bandwidth network environments (e.g. slow modem -+connections). -+.TP -+.B ZRLE -+The SSVNC viewer has ported the RealVNC (www.realvnc.com) ZRLE encoding -+to the unix tightvnc viewer. -+.TP -+.B ZYWRLE -+The SSVNC viewer has ported the Hitachi lossy wavelet based ZRLE -+encoding from http://mobile.hitachi-system.co.jp/publications/ZYWRLE/ -+to the unix tightvnc viewer. -+.SH RESOURCES -+X resources that \fBvncviewer\fR knows about, aside from the -+normal Xt resources, are as follows: -+.TP -+.B shareDesktop -+Equivalent of \fB\-shared\fR/\fB\-noshared\fR options. Default true. -+.TP -+.B viewOnly -+Equivalent of \fB\-viewonly\fR option. Default false. -+.TP -+.B fullScreen -+Equivalent of \fB\-fullscreen\fR option. Default false. -+.TP -+.B grabKeyboard -+Grab keyboard in full-screen mode. This can help to solve problems -+with losing keyboard focus. Default false. -+.TP -+.B raiseOnBeep -+Equivalent of \fB\-noraiseonbeep\fR option, when set to false. Default -+true. -+.TP -+.B passwordFile -+Equivalent of \fB\-passwd\fR option. -+.TP -+.B userLogin -+Equivalent of \fB\-user\fR option. -+.TP -+.B passwordDialog -+Whether to use a dialog box to get the password (true) or get it from -+the tty (false). Irrelevant if \fBpasswordFile\fR is set. Default -+false. -+.TP -+.B encodings -+Equivalent of \fB\-encodings\fR option. -+.TP -+.B compressLevel -+Equivalent of \fB\-compresslevel\fR option (TightVNC\-specific). -+.TP -+.B qualityLevel -+Equivalent of \fB\-quality\fR option (TightVNC\-specific). -+.TP -+.B enableJPEG -+Equivalent of \fB\-nojpeg\fR option, when set to false. Default true. -+.TP -+.B useRemoteCursor -+Equivalent of \fB\-nocursorshape\fR option, when set to false -+(TightVNC\-specific). Default true. -+.TP -+.B useBGR233 -+Equivalent of \fB\-bgr233\fR option. Default false. -+.TP -+.B nColours -+When using BGR233, try to allocate this many "exact" colors from the -+BGR233 color cube. When using a shared colormap, setting this resource -+lower leaves more colors for other X clients. Irrelevant when using -+truecolor. Default is 256 (i.e. all of them). -+.TP -+.B useSharedColours -+If the number of "exact" BGR233 colors successfully allocated is less -+than 256 then the rest are filled in using the "nearest" colors -+available. This resource says whether to only use the "exact" BGR233 -+colors for this purpose, or whether to use other clients' "shared" -+colors as well. Default true (i.e. use other clients' colors). -+.TP -+.B forceOwnCmap -+Equivalent of \fB\-owncmap\fR option. Default false. -+.TP -+.B forceTrueColour -+Equivalent of \fB\-truecolour\fR option. Default false. -+.TP -+.B requestedDepth -+Equivalent of \fB\-depth\fR option. -+.TP -+.B useSharedMemory -+Use MIT shared memory extension if on the same machine as the X -+server. Default true. -+.TP -+.B wmDecorationWidth, wmDecorationHeight -+The total width and height taken up by window manager decorations. -+This is used to calculate the maximum size of the VNC viewer window. -+Default is width 4, height 24. -+.TP -+.B bumpScrollTime, bumpScrollPixels -+When in full screen mode and the VNC desktop is bigger than the X -+display, scrolling happens whenever the mouse hits the edge of the -+screen. The maximum speed of scrolling is bumpScrollPixels pixels -+every bumpScrollTime milliseconds. The actual speed of scrolling will -+be slower than this, of course, depending on how fast your machine is. -+Default 20 pixels every 25 milliseconds. -+.TP -+.B popupButtonCount -+The number of buttons in the popup window. See the README file for -+more information on how to customize the buttons. -+.TP -+.B debug -+For debugging. Default false. -+.TP -+.B rawDelay, copyRectDelay -+For debugging, see the README file for details. Default 0 (off). -+.SH ENVIRONMENT -+When started with the \fB\-via\fR option, vncviewer reads the -+\fBVNC_VIA_CMD\fR environment variable, expands patterns beginning -+with the "%" character, and executes result as a command assuming that -+it would create TCP tunnel that should be used for VNC connection. If -+not set, this environment variable defaults to "/usr/bin/ssh -f -L -+%L:%H:%R %G sleep 20". -+ -+The following patterns are recognized in the \fBVNC_VIA_CMD\fR (note -+that all the patterns %G, %H, %L and %R must be present in the command -+template): -+.TP -+.B %% -+A literal "%"; -+.TP -+.B %G -+gateway host name; -+.TP -+.B %H -+remote VNC host name, as known to the gateway; -+.TP -+.B %L -+local TCP port number; -+.TP -+.B %R -+remote TCP port number. -+.SH SEE ALSO -+\fBvncserver\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1), -+\fBvncconnect\fR(1), \fBssh\fR(1) -+.SH AUTHORS -+Original VNC was developed in AT&T Laboratories Cambridge. TightVNC -+additions was implemented by Constantin Kaplinsky. Many other people -+participated in development, testing and support. -+ -+\fBMan page authors:\fR -+.br -+Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>, -+.br -+Terran Melconian <terran@consistent.org>, -+.br -+Tim Waugh <twaugh@redhat.com>, -+.br -+Constantin Kaplinsky <const@ce.cctpu.edu.ru> diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncviewer/vncviewer.c --- vnc_unixsrc.orig/vncviewer/vncviewer.c 2004-01-13 09:22:05.000000000 -0500 -+++ vnc_unixsrc/vncviewer/vncviewer.c 2008-09-06 16:54:58.000000000 -0400 ++++ vnc_unixsrc/vncviewer/vncviewer.c 2008-09-09 00:08:07.000000000 -0400 @@ -22,6 +22,7 @@ */ @@ -9096,7 +8796,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi char *programName; XtAppContext appContext; -@@ -29,11 +30,168 @@ +@@ -29,11 +30,179 @@ Widget toplevel; @@ -9264,10 +8964,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi - programName = argv[0]; + int i, save_sbw; + programName = argv[0]; ++ ++ for (i = 1; i < argc; i++) { ++ if (strcmp(argv[i], "-env") == 0) { ++ if (i+1 < argc) { ++ char *estr = argv[i+1]; ++ if (strchr(estr, '=')) { ++ putenv(estr); ++ } ++ } ++ } ++ } /* The -listen option is used to make us a daemon process which listens for incoming connections from servers, rather than actively connecting to a -@@ -45,89 +203,1219 @@ +@@ -45,89 +214,1235 @@ listenForIncomingConnections() returns, setting the listenSpecified flag. */ @@ -9381,13 +9092,26 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi - if (!listenSpecified) { - if (!ConnectToRFBServer(vncServerHost, vncServerPort)) exit(1); - } ++ if (appData.repeaterUltra == NULL) { ++ if (getenv("SSVNC_REPEATER") != NULL) { ++ appData.repeaterUltra = strdup(getenv("SSVNC_REPEATER")); ++ } ++ } ++ + if (!listenSpecified) { + if (!ConnectToRFBServer(vncServerHost, vncServerPort)) { + exit(1); + } + if (appData.repeaterUltra != NULL) { + char tmp[256]; ++ if (strstr(appData.repeaterUltra, "SCIII=") == appData.repeaterUltra) { ++ appData.repeaterUltra = strdup(appData.repeaterUltra + strlen("SCIII=")); ++ fprintf(stderr, "sending 'testB' to ultravnc SC III SSL repeater...\n"); ++ WriteExact(rfbsock, "testB" , 5); ++ } + if (ReadFromRFBServer(tmp, 12)) { ++ tmp[12] = '\0'; ++ fprintf(stderr, "repeater 1st proto line: '%s'\n", tmp); + if (strstr(tmp, "RFB 000.000") == tmp) { + int i; + for (i=0; i<256; i++) { @@ -9399,8 +9123,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi + } + tmp[i] = appData.repeaterUltra[i]; + } -+ WriteExact(rfbsock, tmp,250); ++ fprintf(stderr, "sending '%s' to repeater...\n", tmp); ++ WriteExact(rfbsock, tmp, 250); + } ++ } else { ++ fprintf(stderr, "repeater NO proto line!\n"); + } + } + } @@ -9596,8 +9323,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi + } + schedule_format_change(); +} - -- Cleanup(); ++ +/* + * ToggleNColors + */ @@ -10020,8 +9746,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi + set_server_scale(n); + } +} - -- return 0; ++ +void set_server_quality(int n) { + fprintf(stderr, "set_quality: %d\n", n); + if (n >= 0 && n <= 9) { @@ -10090,7 +9815,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi + } +} + -+ + +- Cleanup(); +void set_ycrop(int n) { + if (n >= 1) { + int w = si.framebufferWidth; @@ -10123,7 +9849,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi + set_ycrop(n); + } +} -+ + +- return 0; +void set_scbar(int n) { + if (n >= 1) { + int w = si.framebufferWidth; @@ -10525,7 +10252,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi } diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncviewer/vncviewer.h --- vnc_unixsrc.orig/vncviewer/vncviewer.h 2004-03-11 13:14:40.000000000 -0500 -+++ vnc_unixsrc/vncviewer/vncviewer.h 2008-09-02 12:21:52.000000000 -0400 ++++ vnc_unixsrc/vncviewer/vncviewer.h 2008-09-13 13:54:01.000000000 -0400 @@ -51,7 +51,7 @@ (((l) & 0x0000ff00) << 8) | \ (((l) & 0x000000ff) << 24)) : (l)) @@ -10535,7 +10262,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi #define FLASH_PORT_OFFSET 5400 #define LISTEN_PORT_OFFSET 5500 -@@ -68,51 +68,75 @@ +@@ -68,51 +68,77 @@ /* argsresources.c */ typedef struct { @@ -10611,6 +10338,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi + char *userLogin; + char *unixPW; + char *repeaterUltra; ++ Bool ultraDSM; ++ char *rfbVersion; + + char *passwordFile; + Bool passwordDialog; @@ -10652,7 +10381,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi extern char *fallback_resources[]; extern char vncServerHost[]; -@@ -130,10 +154,11 @@ +@@ -130,10 +156,11 @@ /* colour.c */ extern unsigned long BGR233ToPixel[]; @@ -10665,7 +10394,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi extern void SetVisualAndCmap(); -@@ -157,13 +182,40 @@ +@@ -157,13 +184,40 @@ extern void DesktopInitBeforeRealization(); extern void DesktopInitAfterRealization(); @@ -10706,7 +10435,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi extern void ServerDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params); extern char *DoServerDialog(); -@@ -181,6 +233,11 @@ +@@ -181,6 +235,11 @@ extern void FullScreenOn(); extern void FullScreenOff(); @@ -10718,7 +10447,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi /* listen.c */ extern void listenForIncomingConnections(); -@@ -207,6 +264,18 @@ +@@ -207,6 +266,18 @@ Cardinal *num_params); extern void CreatePopup(); @@ -10737,7 +10466,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi /* rfbproto.c */ extern int rfbsock; -@@ -229,6 +298,15 @@ +@@ -229,6 +300,15 @@ extern Bool SendClientCutText(char *str, int len); extern Bool HandleRFBServerMessage(); @@ -10753,7 +10482,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi extern void PrintPixelFormat(rfbPixelFormat *format); /* selection.c */ -@@ -241,8 +319,9 @@ +@@ -241,8 +321,9 @@ /* shm.c */ @@ -10764,7 +10493,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi /* sockets.c */ -@@ -253,8 +332,11 @@ +@@ -253,8 +334,11 @@ extern int FindFreeTcpPort(void); extern int ListenAtTcpPort(int port); extern int ConnectToTcpAddr(unsigned int host, int port); @@ -10776,7 +10505,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi extern int StringToIPAddr(const char *str, unsigned int *addr); extern Bool SameMachine(int sock); -@@ -271,3 +353,63 @@ +@@ -271,3 +355,63 @@ extern XtAppContext appContext; extern Display* dpy; extern Widget toplevel; @@ -10842,7 +10571,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi +extern void SetFileXferState(Widget w, XEvent *ev, String *params, Cardinal *num_params); diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vncviewer/vncviewer.man --- vnc_unixsrc.orig/vncviewer/vncviewer.man 2004-03-11 13:14:40.000000000 -0500 -+++ vnc_unixsrc/vncviewer/vncviewer.man 2008-09-02 13:31:57.000000000 -0400 ++++ vnc_unixsrc/vncviewer/vncviewer.man 2008-09-14 14:32:53.000000000 -0400 @@ -5,38 +5,51 @@ .\" Copyright (C) 1998 Marcus.Brinkmann@ruhr-uni-bochum.de .\" Copyright (C) 2000,2001 Red Hat, Inc. @@ -10903,7 +10632,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc You can use F8 to display a pop\-up utility menu. Press F8 twice to pass single F8 to the remote side. .SH OPTIONS -@@ -168,6 +181,188 @@ +@@ -168,6 +181,227 @@ \fB\-autopass\fR Read a plain-text password from stdin. This option affects only the standard VNC authentication. @@ -10920,6 +10649,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc +.TP +Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1 +to allow more than one incoming VNC server at a time. ++This is the same as -multilisten described below. Set ++SSVNC_MULTIPLE_LISTEN=MAX:n to allow no more than "n" ++simultaneous reverse connections. +.TP +Note: If the host:port is specified as "exec=command args..." +then instead of making a TCP/IP socket connection to the @@ -10932,6 +10664,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc +Note: If the host:port contains a '/' it is interpreted as a +unix-domain socket (AF_LOCAL insead of AF_INET) +.TP ++\fB\-multilisten\fR ++As in -listen (reverse connection listening) except ++allow more than one incoming VNC server to be connected ++at a time. The default for -listen of only one at a ++time tries to play it safe by not allowing anyone on ++the network to put (many) desktops on your screen over ++a long window of time. Use -multilisten for no limit. ++.TP +\fB\-use64\fR +In \fB\-bgr233\fR mode, use 64 colors instead of 256. +.TP @@ -11016,8 +10756,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc +Do the UltraVNC chat in the terminal vncviewer is in +instead of in an independent window. +.TP -+\fB\-unixpw\fR -+str Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a ++\fB\-unixpw\fR \fIstr\fR ++Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a +string that allows many ways to enter the Unix Username +and Unix Password. These characters: username, newline, +password, newline are sent to the VNC server after any VNC @@ -11039,17 +10779,45 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc +it is taken as username@password. Otherwise, the program +exits with an error. Got all that? +.TP -+\fB-repeater\fR str This is for use with UltraVNC repeater proxy described ++\fB-repeater\fR \fIstr\fR ++This is for use with UltraVNC repeater proxy described +here: http://www.uvnc.com/addons/repeater.html. The "str" +is the ID string to be sent to the repeater. E.g. ID:1234 +It can also be the hostname and port or display of the VNC +server, e.g. 12.34.56.78:0 or snoopy.com:1. Note that when +using -repeater, the host:dpy on the cmdline is the repeater +server, NOT the VNC server. The repeater will connect you. ++ +Example: vncviewer ... -repeater ID:3333 repeat.host:5900 ++ +Example: vncviewer ... -repeater vhost:0 repeat.host:5900 ++ ++Use, e.g., '-repeater SCIII=ID:3210' if the repeater is a ++Single Click III (SSL) repeater (repeater_SSL.exe) and you ++are passing the SSL part of the connection through stunnel, socat, etc. ++This way the magic UltraVNC string 'testB' needed to work with the ++repeater is sent to it. ++.TP ++\fB-rfbversion\fR \fIstr\fR ++Set the advertised RFB version. E.g.: -rfbversion 3.6 For some ++servers, e.g. UltraVNC this needs to be done. ++.TP ++\fB-ultradsm\fR ++UltraVNC has symmetric private encryption DSM plugins. See ++http://www.uvnc.com/features/encryption.html. It is assumed ++you are using a unix program (e.g. our ultravnc_dsm_helper) to ++encrypt and decrypt the UltraVNC DSM stream. IN ADDITION TO ++THAT supply -ultradsm to tell THIS viewer to modify the RFB ++data sent so as to work with the UltraVNC Server. For some ++reason, each RFB msg type must be sent twice under DSM. +.TP -+\fB\-printres\fR Print out the Ssvnc X resources (appdefaults) and ++\fB-env\fR \fIVAR=VALUE\fR ++To save writing a shell script to set environment ++variables, specify as many as you need on the command line. For example, ++-env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi ++.TP ++\fB\-printres\fR ++Print out the Ssvnc X resources (appdefaults) and +then exit. You can save them to a file and customize them (e.g. the +keybindings and Popup menu) Then point to the file via +XENVIRONMENT or XAPPLRESDIR. @@ -11092,7 +10860,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc .SH ENCODINGS The server supplies information in whatever format is desired by the client, in order to make the client as easy as possible to implement. -@@ -238,6 +433,15 @@ +@@ -238,6 +472,15 @@ \-quality and \-nojpeg options above). Tight encoding is usually the best choice for low\-bandwidth network environments (e.g. slow modem connections). @@ -11108,6 +10876,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc .SH RESOURCES X resources that \fBvncviewer\fR knows about, aside from the normal Xt resources, are as follows: +@@ -364,8 +607,8 @@ + .B %R + remote TCP port number. + .SH SEE ALSO +-\fBvncserver\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1), +-\fBvncconnect\fR(1), \fBssh\fR(1) ++\fBvncserver\fR(1), \fBx11vnc\fR(1), \fBssvnc\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1), ++\fBvncconnect\fR(1), \fBssh\fR(1), http://www.karlrunge.com/x11vnc, http://www.karlrunge.com/x11vnc/ssvnc.html + .SH AUTHORS + Original VNC was developed in AT&T Laboratories Cambridge. TightVNC + additions was implemented by Constantin Kaplinsky. Many other people +@@ -380,3 +623,5 @@ + Tim Waugh <twaugh@redhat.com>, + .br + Constantin Kaplinsky <const@ce.cctpu.edu.ru> ++.br ++Karl Runge <runge@karlrunge.com> diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/zrle.c vnc_unixsrc/vncviewer/zrle.c --- vnc_unixsrc.orig/vncviewer/zrle.c 2007-02-04 18:59:50.000000000 -0500 +++ vnc_unixsrc/vncviewer/zrle.c 2008-02-17 10:34:45.000000000 -0500 |