x11vnc: enhanced_tightvnc_viewer files, ssh -t keystroke response improvement.

32 files changed, 7663 insertions, 0 deletions

diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/COPYING b/x11vnc/misc/enhanced_tightvnc_viewer/COPYING
new file mode 100644
index 0000000..a3f6b12
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          59 Temple Place - Suite 330, Boston, MA
+                          02111-1307, USA.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	Appendix: How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/README b/x11vnc/misc/enhanced_tightvnc_viewer/README
new file mode 100644
index 0000000..ff3dc39
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/README
@@ -0,0 +1,228 @@
+                  Enhanced TightVNC Viewer package
+
+Copyright (c) Karl J. Runge <runge@karlrunge.com>
+All rights reserved.
+
+These packages provide 1) An enhanced TightVNC Viewer on Unix, 2) Binaries
+for many Operating Systems (including Windows) for your convenience,
+3) Wrapper scripts and etc. for gluing them all together.
+
+One can straight-forwardly download all of the components and get them
+to work together by oneself: this package is mostly for your convenience
+to combine and wrap together the freely available software.
+
+Bundled software co-shipped in this package is copyright and licensed
+by others.  See these sites and related ones for more information:
+
+        http://www.tightvnc.com
+        http://www.realvnc.com
+        http://www.stunnel.org
+        http://www.openssl.org
+        http://www.chiark.greenend.org.uk/~sgtatham/putty/
+
+Note: Some of the Windows binaries included contain cryptographic software
+that you may not be allowed to download, use, or redistribute.  Please
+check your situation first before downloading any of these packages.
+See the survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful
+information.  The Unix programs do not contain cryptographic software, but
+rather will make use of cryptographic libraries that are installed on your
+Unix system.  Depending on your circumstances you may still need to check.
+
+All work by Karl J. Runge in this package is Copyright (c) Karl J. Runge
+and is licensed under the GPL as described in the file COPYING in this
+directory.
+
+All the files and information in this package are provided "AS IS"
+without any warranty of any kind.  Use them at your own risk.
+
+
+=============================================================================
+
+This package contains a convenient collection of enhanced TightVNC viewers
+and stunnel binaries for different flavors of Unix and wrapper scripts,
+etc to glue them together.  SSL and SSH encryption tunnelling is provided.
+
+Also, a Windows SSL wrapper for the co-bundled TightVNC binary and other
+utilities are provided.  (Launch ssl_tightvncviewer.exe in the
+Windows subdirectory).
+
+
+Features:
+--------
+
+The enhanced TightVNC viewer features are:
+
+	- SSL support for connections using the co-bundled stunnel program.
+
+	- Automatic SSH connections from the GUI (ssh must already be
+	  installed on Unix; co-bundled plink is used on Windows)
+
+	- rfbNewFBSize VNC support on Unix (screen resizing)
+
+	- cursor alphablending with x11vnc at 32bpp (-alpha option, Unix only)
+
+	- xgrabserver support for fullscreen mode, for old window
+	  managers (-grab option, Unix only).
+
+	- Automatic Service tunnelling via SSH for CUPS and SMB Printing,
+	  ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting.
+
+        - Port Knocking for "closed port" SSH/SSL connections.  In addition
+          to a simple fixed port sequence and one-time-pad implementation,
+          a hook is also provided to run any port knocking client before a
+          connecting.
+
+
+Your package should have included binaries for many OS's: Linux, Solaris,
+FreeBSD, etc.  See the subdirectories of
+
+	./bin
+
+for the ones that were shipped in this package, e.g. ./bin/Linux.i686
+Run "uname -sm" to see your OS+arch combination. (See the
+./bin/tightvncviewer -h output for how to override platform autodection
+via the UNAME env. var).
+
+
+If you need to Build:
+--------------------
+
+If your OS/arch is not included, the script "build.unix" may be able to
+successfully build on for you and deposit the binaries down in ./bin/...
+using the included source code.
+
+You must run the build.unix script from this directory (that this toplevel
+README is in) and like this:
+
+	./build.unix
+
+
+The programs:
+------------
+
+The wrapper scripts: 
+
+	./bin/ssl_tightvncviewer
+	./bin/tightvncviewer
+
+are the main programs you will run and will try to autodetect your OS+arch
+combination and if binaries are present for it automatically use them.
+(if not found try the running the build.unix script).
+
+If you prefer a GUI to prompt for parameters and then start ssl_tightvncviewer
+you can run this instead:
+
+	./bin/ssl_vnc_gui
+
+this is essentially the same GUI that is run on Windows (the
+ssl_tightvncviewer.exe).
+
+Using the GUI is it impossible to initiate a VNC connection that is not
+encrypted with either SSL or SSH.  Unencrypted VNC connections can only
+be started by manually running the ./bin/tightvncviewer script.
+
+For convenience, you can make symlinks from a directory in your PATH to
+any of the 3 programs above you wish to run.  That is all you usually
+need to do for it to pick up all of the binaries, utils, etc. E.g.
+assuming $HOME/bin is in your $PATH:
+
+	cd $HOME/bin
+	ln -s /path/to/enhanced_tightvnc_viewer/bin/{s,t}* .
+
+(note the "." at the end). The above commands is basically the way to
+"install" this package on Unix.
+
+
+On Windows run:
+
+	Windows/ssl_tightvncviewer.exe
+
+
+Examples:
+--------
+
+Use enhanced TightVNC unix viewer to connect to x11vnc via SSL:
+
+	./bin/ssl_tightvncviewer   far-away.east:0
+
+	./bin/tightvncviewer -ssl  far-away.east:0   (same)
+
+	./bin/ssl_vnc_gui                            (start GUI launcher)
+
+Use enhanced TightVNC unix viewer without SSL:
+
+	./bin/tightvncviewer far-away.east:0
+
+Use SSL to connect to a x11vnc server, and also verify the server's
+identity using the SSL Certificate in the file ./x11vnc.pem:
+
+	./bin/ssl_tightvncviewer -alpha -verify ./x11vnc.pem far-away.east:0
+
+(also turns on the viewer-side cursor alphablending hack). 
+
+
+Brief description of the subdirectories:
+---------------------------------------
+
+	./bin/util		some utility scripts, e.g. ssl_vncviewer
+				and ssl_tightvncviewer.tcl
+
+	./src			source code and patches.
+	./src/zips		zip files of source code and binaries.
+
+	./src/vnc_unixsrc	unpacked tightvnc source code tree.
+	./src/stunnel-4.14	unpacked stunnel source code tree.
+	./src/patches		patches to TightVNC viewer for the new
+				features on Unix (used by build.unix).
+	./src/tmp		temporary build dir for build.unix
+				(the last four are used by build.unix)
+
+
+	./man			man pages for TightVNC viewer and stunnel.
+
+	./Windows		Stock TightVNC viewer and Stunnel, Openssl
+				etc Windows binaries. ssl_tightvncviewer.exe
+				is the program to run.
+
+Since they are large, depending on which package you use not all of the
+above may be present in your package.
+
+
+Help and Info:
+-------------
+
+For more help on other options and usage patterns run these:
+
+	./bin/ssl_tightvncviewer -h
+	./bin/tightvncviewer -h
+	./bin/util/ssl_vncviewer -h
+
+See also:
+
+	http://www.karlrunge.com/x11vnc
+	http://www.karlrunge.com/x11vnc/#faq
+	x11vnc -h | more
+
+	http://www.stunnel.org
+	http://www.openssl.org
+	http://www.tightvnc.com
+        http://www.realvnc.com
+        http://www.chiark.greenend.org.uk/~sgtatham/putty/
+
+
+Windows:
+-------
+
+	A wrapper to create a STUNNEL tunnel and then launch the
+	Windows TightVNC viewer is provided in:
+
+		Windows/ssl_tightvncviewer.exe
+
+	Just launch it and fill in the remote VNC display.
+
+	Click the Help buttons for more info.  There is also a
+	Windows/README.txt file.
+
+	On Windows you may need to terminate the STUNNEL process
+	from the System Tray if the tool cannot terminate it
+	by itself.  Just right-click on the STUNNEL icon.
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/README.txt b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/README.txt
new file mode 100644
index 0000000..8710251
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/README.txt
@@ -0,0 +1,51 @@
+

+This is a Windows utility to automatically start up STUNNEL to redirect

+SSL VNC connections to a remote host.  Then TightVNC Viewer (included)

+is launched to used this SSL tunnel.

+

+An example server would be "x11vnc -ssl", or any VNC server with a

+2nd STUNNEL program running on the server side.

+

+Just click on the program "ssl_tightvncviewer.exe", and then enter

+the remote VNC Server and click "Connect".  Click on "Help" for more

+information.  You can also set some simple options under "Options ..."

+

+Note that on Windows when the TightVNC viewer disconnects you may need to

+terminate the STUNNEL program manually.  To do this: Click on the STUNNEL

+icon (dark green) on the System Tray and then click "Exit".  Before that,

+however, you will be prompted if you want ssl_tightvncviewer.exe to try

+to terminate STUNNEL for you. (Note that even if STUNNEL termination is

+successful, the Tray Icon may not go away until the mouse hovers over it!)

+

+With this STUNNEL and TightVNC Viewer wrapper you can also enable using

+SSL Certificates with STUNNEL, and so the connection is not only encrypted

+but it is also not susceptible to man-in-the-middle attacks.

+

+See the STUNNEL and x11vnc documentation for how to create and add SSL

+Certificates (PEM files) for authentication.  Click on the "Certs ..."

+button to specify the certificate(s).  See the Help there for more info

+and also:

+

+	http://www.karlrunge.com/x11vnc

+	http://www.tightvnc.com

+	http://www.stunnel.org

+	http://www.openssl.org

+	http://www.chiark.greenend.org.uk/~sgtatham/putty/

+

+You can use x11vnc to create certificates if you like:

+

+	http://www.karlrunge.com/x11vnc/#faq-ssl-ca

+

+

+Misc:

+

+	The openssl.exe stunnel.exe vncviewer.exe libeay32.dll

+	libssl32.dll programs came from the websites mentioned above.

+

+	IMPORTANT: some of these binaries may have cryptographic

+	software that you may not be allowed to download or use.

+	See the above websites for more information and also the

+        util/info subdirectories. 

+

+	Also, the kill.exe and tlist.exe programs in the w98 directory

+	came from diagnostic tools ftp site of Microsoft's.

diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/esound/download.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/esound/download.url
new file mode 100644
index 0000000..59f1f6b
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/esound/download.url
@@ -0,0 +1 @@
+http://www.tux.org/~ricdude/EsounD.html
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/download.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/download.url
new file mode 100644
index 0000000..237d4b1
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/download.url
@@ -0,0 +1 @@
+http://www.stunnel.org/download/stunnel/win32/
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/location.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/location.url
new file mode 100644
index 0000000..c700866
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/location.url
@@ -0,0 +1 @@
+http://www.stunnel.org/download/binaries.html
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/download.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/download.url
new file mode 100644
index 0000000..a23901e
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/download.url
@@ -0,0 +1 @@
+http://www.chiark.greenend.org.uk/%7esgtatham/putty/download.html
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/licence.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/licence.url
new file mode 100644
index 0000000..2efcc31
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/licence.url
@@ -0,0 +1 @@
+http://www.chiark.greenend.org.uk/%7esgtatham/putty/licence.html
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/download.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/download.url
new file mode 100644
index 0000000..237d4b1
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/download.url
@@ -0,0 +1 @@
+http://www.stunnel.org/download/stunnel/win32/
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/location.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/location.url
new file mode 100644
index 0000000..c700866
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/location.url
@@ -0,0 +1 @@
+http://www.stunnel.org/download/binaries.html
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/download.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/download.url
new file mode 100644
index 0000000..36c60e4
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/download.url
@@ -0,0 +1 @@
+http://www.tightvnc.com/download.html
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/location.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/location.url
new file mode 100644
index 0000000..a686ae0
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/location.url
@@ -0,0 +1 @@
+http://www.tightvnc.com
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-client.conf b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-client.conf
new file mode 100644
index 0000000..7517e23
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-client.conf
@@ -0,0 +1,43 @@
+#
+# Example SSL stunnel CLIENT configuration file.  (you run stunnel on
+# this machine and point your vnc viewer to it, it goes to remote VNC
+# server via SSL)
+#
+# To use this file you will need to edit it.  Then you will need
+# to manually start up stunnel using it.
+# (e.g. /path/to/stunnel stunnel-server.conf)
+#
+# This is just an example and is not used by the tools in this package.
+# It is here to show how to create outgoing SSL connections to remote
+# VNC servers when not using the tools in this package.
+#
+client = yes
+options = ALL
+RNDbytes = 2048
+RNDfile = bananarand.bin
+RNDoverwrite = yes
+#
+# Remote server certs could go here:
+#  CApath = /path/to/.../crt-dir
+#  CAfile = /path/to/.../foo.crt
+#  verify = 2
+# My cert could go here:
+#  cert = /path/to/.../my.pem
+#
+[vnc]
+#
+# Set to local listening port number (e.g. 5900 for vnc display 0):
+#
+accept = localhost:5900
+#
+# Set to remote host:port to connect to (e.g. far-away.east:5900):
+# (this is where the VNC server is. :0 -> port 5900, etc)
+#
+connect = HOST:PORT
+delay = no 
+#
+# You could add additional ones going to other VNC servers:
+# [vnc2]
+# accept = localhost:5901
+# connect = HOST2:PORT2
+# etc ...
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-server.conf b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-server.conf
new file mode 100644
index 0000000..8e5dd50
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-server.conf
@@ -0,0 +1,34 @@
+#
+# Example SSL stunnel SERVER configuration file.  (e.g. for your VNC
+# server on this same machine.)
+#
+# To use this file you may need to edit it.  Then you will need
+# to manually start up stunnel using it.
+# (e.g. /path/to/stunnel stunnel-server.conf)
+#
+# This is just an example and is not used by the tools in this package.
+# It is here in case you wanted to see how to add SSL support to any
+# VNC server you have.
+#
+RNDbytes = 2048
+RNDfile = bananarand.bin
+RNDoverwrite = yes
+#
+# Remote client certs could go here:
+#  CApath = /path/to/.../crt-dir
+#  CAfile = /path/to/.../foo.crt
+#  verify = 2
+# My server cert could go here:
+#  cert = /path/to/.../my.pem
+#
+[vnc]
+#
+# Set to local listening port number (e.g. 5901 for vnc display 1):
+# so the remote viewers would connect to: yourmachine:1
+#
+accept = 5901
+#
+# Set to localhost:port to connect to VNC server on this same machine:
+# (E.g. you run WinVNC on :0, preferably listening on localhost).
+#
+connect = localhost:5900
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/w98/location.url b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/w98/location.url
new file mode 100644
index 0000000..eb94b91
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/w98/location.url
@@ -0,0 +1 @@
+ftp://ftp.microsoft.com/Services/TechNet/samples/PS/Win98/Reskit/DIAGNOSE/
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_tightvncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_tightvncviewer
new file mode 100755
index 0000000..8472853
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_tightvncviewer
@@ -0,0 +1,124 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# ssl_tightvncviewer:
+#
+#    A wrapper that calls ssl_vncviewer to use the enhanced TightVNC viewer. 
+#
+# The enhanced TightVNC viewer features are:
+#
+#	- SSL support for connections using the co-bundled stunnel program.
+#	- rfbNewFBSize VNC support (screen resizing)
+#	- cursor alphablending with x11vnc at 32bpp
+#	- xgrabserver support for fullscreen mode (for old window mgrs)
+#
+#
+# Your platform (e.g. Linux.i686) is autodetected and enhanced
+# vncviewer and stunnel binaries for it are used (see the ./bin directory).
+#
+# See the build.unix script if your platform is not in this package.
+# You can also set the env. var. UNAME=os.arch to any "os.arch" you want
+# to override the autodetetion.
+#
+# Usage:
+#
+#     ssl_tightvncviewer [ssl_vncviewer-args] hostname:N [tightvncviewer-args]
+#
+# "hostname:N" is the host and VNC display to connect to, e.g. snoopy:0
+#
+# See the script util/ssl_vncviewer for details about its arguments:
+#
+#	-verify pemfile
+#	-mycert pemfile
+#	-proxy  phost:pport
+#	-alpha
+#	-grab
+#
+#
+# See the TightVNC viewer documentation for on its cmdline arguments.
+#
+# For convenience, here is the current (7/2006) TightVNC viewer -help output:
+#
+#       TightVNC viewer version 1.3dev5
+#       
+#       Usage: vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>]
+#              vncviewer [<OPTIONS>] [<HOST>][::<PORT#>]
+#              vncviewer [<OPTIONS>] -listen [<DISPLAY#>]
+#              vncviewer -help
+#       
+#       <OPTIONS> are standard Xt options, or:
+#               -via <GATEWAY>
+#               -shared (set by default)
+#               -noshared
+#               -viewonly
+#               -fullscreen
+#               -noraiseonbeep
+#               -passwd <PASSWD-FILENAME> (standard VNC authentication)
+#               -user <USERNAME> (Unix login authentication)
+#               -encodings <ENCODING-LIST> (e.g. "tight copyrect")
+#               -bgr233
+#               -owncmap
+#               -truecolour
+#               -depth <DEPTH>
+#               -compresslevel <COMPRESS-VALUE> (0..9: 0-fast, 9-best)
+#               -quality <JPEG-QUALITY-VALUE> (0..9: 0-low, 9-high)
+#               -nojpeg
+#               -nocursorshape
+#               -x11cursor
+#               -autopass
+#       
+#       Option names may be abbreviated, e.g. -bgr instead of -bgr233.
+#       See the manual page for more information.
+#  
+
+if [ "X$1" = "X-h" -o "X$1" = "X-help" -o "X$1" = "X--help" ]; then
+	head -70 "$0" | grep -v bin/sh
+	exit
+fi
+
+# Include /usr/bin... to be sure to get regular utilities:
+#
+PATH=$PATH:/usr/bin:/bin
+export PATH
+
+# Set this for ssl_vncviewer to pick up:
+#
+VNCVIEWERCMD="vncviewer"
+export VNCVIEWERCMD
+
+# work out os.arch platform string and check for binaries:
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+
+if [ -L "$0" ]; then
+	d=`dirname "\`ls -l "$0" | sed -e 's/^.* -> //'\`"`
+	if echo "$d" | grep '^/' > /dev/null; then
+		dir="$d"
+	else
+		dir="`dirname "$0"`/$d"
+	fi
+else
+	dir=`dirname "$0"`
+fi
+if [ ! -d "$dir/$name" ]; then
+	echo "cannot find platform dir: $dir/$name for your OS:" 
+	uname -sm
+	echo "you can set the \$UNAME env. var. to override the setting."
+	exit 1
+fi
+
+# Put our os.arch and other utils dirs at head of PATH to be sure to
+# pick them up:
+#
+PATH="$dir:$dir/$name:$dir/util:$PATH"
+
+STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+export STUNNEL_EXTRA_OPTS
+
+# Force the use of tight encoding for localhost redir connection:
+#
+ssl_vncviewer "$@" -encodings 'copyrect tight zrle zlib hextile'
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_vnc_gui b/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_vnc_gui
new file mode 100755
index 0000000..abdb2d3
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_vnc_gui
@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# ssl_vnc_gui:
+#
+#    A wrapper for ssl_tightvncviewer using a tcl/tk gui.
+#
+# See ssl_tightvncviewer for details.
+#
+if [ "X$XTERM_PRINT" != "X" ]; then
+	XTERM_PRINT=""
+	cat > /dev/null
+fi
+if [ "X$1" = "X-bg" ]; then
+	shift
+	$0 "$@" &
+	exit 0
+fi
+
+PATH=$PATH:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin
+export PATH
+
+SSL_VNC_GUI_CMD="$0 $*"
+export SSL_VNC_GUI_CMD
+SSL_VNC_LAUNCH=$SSL_VNC_GUI_CMD
+export SSL_VNC_LAUNCH
+
+# work out os.arch platform string and check for binaries:
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+
+if [ -L "$0" ]; then
+	d=`dirname "\`ls -l "$0" | sed -e 's/^.* -> //'\`"`
+	if echo "$d" | grep '^/' > /dev/null; then
+		dir="$d"
+	else
+		dir="`dirname "$0"`/$d"
+	fi
+else
+	dir=`dirname "$0"`
+fi
+if [ ! -d "$dir/$name" ]; then
+	echo "cannot find platform dir: $dir/$name for your OS:" 
+	uname -sm
+	echo "you can set the \$UNAME env. var. to override the setting."
+	exit 1
+fi
+
+# Put our os.arch and other utils dirs at head of PATH to be sure to
+# pick them up:
+#
+PATH="$dir:$dir/$name:$dir/util:$PATH"
+
+SSL_VNC_BASEDIR="$dir"
+export SSL_VNC_BASEDIR
+
+STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+export STUNNEL_EXTRA_OPTS
+
+exec ssl_tightvncviewer.tcl "$@"
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/tightvncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/tightvncviewer
new file mode 100755
index 0000000..8ba6d56
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/tightvncviewer
@@ -0,0 +1,129 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# tightvncviewer:
+#
+#    A wrapper that calls the enhanced TightVNC viewer. 
+#
+# The enhanced TightVNC viewer features are:
+#
+#	- SSL support for connections using the co-bundled stunnel program.
+#	- rfbNewFBSize VNC support (screen resizing)
+#	- cursor alphablending with x11vnc at 32bpp
+#	- xgrabserver support for fullscreen mode (for old window mgrs)
+#
+#
+# Your platform (e.g. Linux.i686) is autodetected and enhanced
+# vncviewer and stunnel binaries for it are used (see the ./bin directory).
+#
+# See the build.unix script if your platform is not in this package if
+# you want to build one.
+#
+# See the build.unix script if your platform is not in this package if you want to build one.
+# You can also set the env. var. UNAME=os.arch to any "os.arch" you want
+# to override the autodetetion.
+#
+# Usage:
+#
+#     tightvncviewer [tightvncviewer-args] hostname:N 
+# or
+#     tightvncviewer -ssl hostname:N [tightvncviewer-args]
+#
+# "hostname:N" is the host and VNC display to connect to, e.g. snoopy:0
+#
+# If the first argument is "-ssl" then ssl_tightvncviewer is called 
+# instead.  See that script for details.
+#
+# See the TightVNC viewer documentation for on its cmdline arguments.
+#
+# For convenience, here is the current (7/2006) TightVNC viewer -help output:
+#
+#       TightVNC viewer version 1.3dev5
+#       
+#       Usage: vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>]
+#              vncviewer [<OPTIONS>] [<HOST>][::<PORT#>]
+#              vncviewer [<OPTIONS>] -listen [<DISPLAY#>]
+#              vncviewer -help
+#       
+#       <OPTIONS> are standard Xt options, or:
+#               -via <GATEWAY>
+#               -shared (set by default)
+#               -noshared
+#               -viewonly
+#               -fullscreen
+#               -noraiseonbeep
+#               -passwd <PASSWD-FILENAME> (standard VNC authentication)
+#               -user <USERNAME> (Unix login authentication)
+#               -encodings <ENCODING-LIST> (e.g. "tight copyrect")
+#               -bgr233
+#               -owncmap
+#               -truecolour
+#               -depth <DEPTH>
+#               -compresslevel <COMPRESS-VALUE> (0..9: 0-fast, 9-best)
+#               -quality <JPEG-QUALITY-VALUE> (0..9: 0-low, 9-high)
+#               -nojpeg
+#               -nocursorshape
+#               -x11cursor
+#               -autopass
+#       
+#       Option names may be abbreviated, e.g. -bgr instead of -bgr233.
+#       See the manual page for more information.
+#  
+
+if [ "X$1" = "X-h" -o "X$1" = "X-help" -o "X$1" = "X--help" ]; then
+	head -69 "$0" | grep -v bin/sh
+	exit
+fi
+
+# Include /usr/bin... to be sure to get regular utilities:
+#
+PATH=$PATH:/usr/bin:/bin
+export PATH
+
+# Set this for ssl_vncviewer to pick up:
+#
+VNCVIEWERCMD="vncviewer"
+export VNCVIEWERCMD
+
+# work out os.arch platform string and check for binaries:
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+
+if [ -L "$0" ]; then
+	d=`dirname "\`ls -l "$0" | sed -e 's/^.* -> //'\`"`
+	if echo "$d" | grep '^/' > /dev/null; then
+		dir="$d"
+	else
+		dir="`dirname "$0"`/$d"
+	fi
+else
+	dir=`dirname "$0"`
+fi
+if [ ! -d "$dir/$name" ]; then
+	echo "cannot find platform dir: $dir/$name for your OS:" 
+	uname -sm
+	echo "you can set the \$UNAME env. var. to override the setting."
+	exit 1
+fi
+
+# Put our os.arch and other utils dirs at head of PATH to be sure to
+# pick them up:
+#
+PATH="$dir:$dir/$name:$dir/util:$PATH"
+
+if [ "X$1" = "X-ssl" ]; then
+	shift	
+	ssl_tightvncviewer "$@"
+	exit $?
+fi
+
+STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"}
+export STUNNEL_EXTRA_OPTS
+
+# Force the use of tight encoding for localhost redir connection:
+#
+vncviewer -encodings 'copyrect tight zrle zlib hextile' "$@"
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl
new file mode 100755
index 0000000..bd9f5c9
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl
@@ -0,0 +1,5031 @@
+#!/bin/sh
+# the next line restarts using wish \
+exec wish "$0" "$@"
+
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# ssl_tightvncviewer.tcl: gui wrapper to the , etc. programs in this
+# ssl_tightvncviewerpackage. Also sets up service port forwarding.
+#
+
+set buck_zero $argv0
+
+proc center_win {w} {
+	set W [winfo screenwidth  $w]
+	set W [expr $W + 1]
+	wm geometry $w +$W+0
+	update
+	set x [expr [winfo screenwidth  $w]/2 - [winfo width  $w]/2]
+	set y [expr [winfo screenheight $w]/2 - [winfo height $w]/2]
+	wm geometry $w +$x+$y
+	update
+}
+
+proc apply_bg {w} {
+	global is_windows system_button_face
+	if {$is_windows && $system_button_face != ""} {
+		catch {$w configure -bg "$system_button_face"}
+	}
+}
+
+proc scroll_text {fr {w 80} {h 35}} {
+	global help_font is_windows
+
+	catch {destroy $fr}
+	
+	frame $fr -bd 0
+
+	eval text $fr.t -width $w -height $h $help_font \
+		 -setgrid 1 -bd 2 -yscrollcommand {"$fr.y set"} -relief ridge 
+
+	apply_bg $fr.t
+
+	scrollbar $fr.y -orient v -relief sunken -command "$fr.t yview"
+	pack $fr.y -side right -fill y
+	pack $fr.t -side top -fill both -expand 1
+
+	focus $fr.t
+}
+
+proc scroll_text_dismiss {fr {w 80} {h 35}} {
+	global help_font
+
+	scroll_text $fr $w $h
+
+	set up $fr
+	regsub {\.[^.]*$} $up "" up
+
+	button $up.d -text "Dismiss" -command "destroy $up"
+	bind $up <Escape> "destroy $up"
+	pack $up.d -side bottom -fill x
+	pack $fr -side top -fill both -expand 1
+}
+
+proc help {} {
+	catch {destroy .h}
+	toplevel .h
+
+	scroll_text_dismiss .h.f
+
+	center_win .h
+	wm title .h "SSL TightVNC Viewer Help"
+
+	set msg {
+    Enter the VNC host and display in the 'VNC Server' entry box.
+    
+    It is of the form "host:number", where "host" is the hostname of the
+    machine running the VNC Server and "number" is the VNC display number;
+    it is often "0".  Examples:
+
+           snoopy:0
+           far-away.east:0
+           sunray-srv1.west:17
+           24.67.132.27:0
+    
+    Then click on "Connect".  When you do so the STUNNEL program will be
+    started locally to provide you with an outgoing SSL tunnel.
+
+    Once the STUNNEL is running, the TightVNC Viewer will be automatically
+    started directed to the local SSL tunnel which, in turn, encrypts and
+    redirects the connection to the remote VNC server.
+
+    The remote VNC server must support an initial SSL handshake before
+    using the VNC protocol (i.e. VNC is tunnelled through the SSL channel
+    after it is established).  "x11vnc -ssl ..."  does this, and any VNC
+    server can be made to do this by using, e.g., STUNNEL on the remote side.
+
+    Click on "Options ..." if you want to use an *SSH* tunnel instead of
+    SSL (then the VNC Server does not need to speak SSL or use STUNNEL).
+
+
+    Note that on Windows when the Viewer connection is finished you may
+    need to terminate STUNNEL manually from the System Tray (right click
+    on dark green icon) and selecting "Exit".
+
+
+    Proxies: If an intermediate proxy is needed to make the SSL connection
+    (e.g. web gateway out of a firewall), supply both hosts separated
+    by spaces (with the proxy 2nd):
+
+           host:number   gwhost:port 
+
+    E.g.:  far-way.east:0   mygateway.com:8080
+
+    See the ssl_vncviewer description and x11vnc FAQ for info on proxies:
+
+           http://www.karlrunge.com/x11vnc/#ssl_vncviewer
+           http://www.karlrunge.com/x11vnc/#faq-ssl-java-viewer-proxy
+
+
+    If you want to use a SSL Certificate (PEM) file to authenticate yourself
+    to the VNC server ("MyCert") or to verify the identity of the VNC Server
+    ("ServerCert" or "CertsDir") import the certificate file by clicking
+    the "Certs ..." button before connecting.
+
+    Certificate verification is needed to prevent Man In the Middle attacks.
+    See the x11vnc documentation: 
+
+           http://www.karlrunge.com/x11vnc/ssl.html
+
+    for how to create and use PEM SSL certificate files.  An easy way is:
+
+           x11vnc -ssl SAVE ...
+
+    where it will print out its automatically generated certificate to
+    the screen and that can be safely copied to the viewer side.
+
+
+    To set other Options, e.g. to use SSH instead of STUNNEL SSL,
+    click on the "Options ..." button and read the Help there.
+
+    See these links for more information:
+
+           http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-ext
+           http://www.stunnel.org
+           http://www.tightvnc.com
+
+
+    Tips:
+
+     1) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N
+        on the GUI.  If only the xterm window is visible you can press
+        Ctrl-N or try Ctrl-LeftButton -> New SSL_VNC_GUI.  On Windows you
+        will have to manually Start a new one: Start -> Run ..., etc.
+
+     2) If you use "user@hostname cmd=SHELL" then you get an SSH shell only:
+        no VNC viewer will be launched.  On Windows "user@hostname cmd=PUTTY"
+        will try to use putty.exe (better terminal emulation than plink.exe)
+        A shortcut for this is Ctrl-S.
+}
+
+	.h.f.t insert end $msg
+	#raise .h
+}
+
+proc help_certs {} {
+	catch {destroy .ch}
+	toplevel .ch
+
+	scroll_text_dismiss .ch.f 90 33
+
+	center_win .ch
+	wm resizable .ch 1 0
+
+	wm title .ch "SSL Certificates Help"
+
+	set msg {
+    Only with SSL Certificate verification can Man In the Middle attacks be
+    prevented. Otherwise, only passive snooping attacks are prevented with SSL.
+
+    You can specify your own SSL certificate (PEM) file in "MyCert" in which case it
+    is used to authenticate you (the viewer) to the remote VNC Server.  If this fails
+    the remote VNC Server will drop the connection.
+    
+    Server certs can be specified in one of two ways:
+    
+        - A single certificate (PEM) file for a single server
+          or a single Certificate Authority (CA)
+    
+        - A directory of certificate (PEM) files stored in
+          the special OpenSSL hash fashion.
+    
+    
+    The former is set via "ServerCert" in this gui.
+    The latter is set via "CertsDir" in this gui.
+    
+    The former corresponds to the "CAfile" STUNNEL parameter.
+    The latter corresponds to the "CApath" STUNNEL parameter.
+    See stunnel(8) or www.stunnel.org for more information.
+    
+    If the remote VNC Server fails to authenticate itself with respect to the specified
+    certificate(s), then the VNC Viewer (your side) will drop the connection.
+
+    If "Use SSH instead" has been selected then SSL certs are disabled.
+
+    See the x11vnc and STUNNEL documentation for how to create and use PEM
+    certificate files:
+
+        http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-ext
+        http://www.karlrunge.com/x11vnc/ssl.html
+        http://www.stunnel.org
+}
+
+	.ch.f.t insert end $msg
+	#raise .ch
+}
+
+proc help_opts {} {
+	catch {destroy .oh}
+	toplevel .oh
+
+	scroll_text_dismiss .oh.f
+
+	center_win .oh
+
+	wm title .oh "SSL Viewer Options Help"
+
+set msg {
+  Use SSH:  Instead of using STUNNEL SSL, use ssh(1) for the encrypted
+            tunnel.  You must be able to log in via ssh to the remote host.
+
+            On Unix the cmdline ssh(1) program will be run in an xterm
+            for authentication, etc. On Windows the cmdline plink.exe
+            program will be launched in a Windows Console window.
+
+            You can set the "VNC Server" to "user@host:disp" to indicate
+            ssh should log in as "user" on "host".  On Windows you must
+            always supply the "user@" part (due to a plink deficiency). E.g.:
+
+                  fred@far-away.east:0
+
+            If a gateway machine must be used (e.g. to enter a firewall;
+            the VNC Server is not running on it), put something like this
+            in the "VNC Server" entry box:
+
+                  workstation:0   user@gateway-host:port
+  
+            ssh is used to login to user@gateway-host and then a -L port
+            redirection is set up to go to workstation:0 from gateway-host.
+            ":port" is optional, use it if the gateway-host SSH port is
+            not the default value 22.
+
+            At the very end of the entry box, you can also append a
+            cmd=... string to indicate that command should be run via ssh
+            on the remote machine instead of the default "sleep 15".  E.g.:
+
+                  user@host:0   cmd=x11vnc -nopw -display :0
+
+            (if a gateway is also needed, put it just before the cmd=...)
+
+            Trick: If you use "cmd=SHELL" then you get an SSH shell only:
+            no VNC viewer will be launched.  On Windows "cmd=PUTTY" will
+            try to use putty.exe (better terminal emulation than plink.exe)
+            Ctrl-S is a shortcut for this.
+
+  Use SSH and SSL: Tunnel the SSL connection through a SSH tunnel.  Use this
+            if you want end-to-end SSL and must use a SSH gateway (e.g. to
+            enter a firewall) or if additional SSH port redirs are required
+            (CUPS, Sound, SMB tunnelling: See Advanced options).
+
+
+  Putty PW:  On Windows only: use the supplied password for plink SSH logins.
+             Unlike the other options the value is not saved when 'Save
+             Profile' is used.  This feature useful when options under
+             "Advanced" are set that require 2 SSH's: you just have
+             to type the password once in this entry box.  The bundled
+             pagent.exe and puttygen.exe programs can also be used to avoid
+             repeatedly entering passwords (note this requires setting up
+             and distributing SSH keys).  Start up pagent.exe or puttygen.exe
+             and read the instructions there.
+                
+  ssh-agent: On Unix only: restart the GUI in the presence of ssh-agent(1)
+             (e.g. in case you forgot to start your agent before starting
+             this GUI).  An xterm will be used to enter passphrases, etc.
+             This can avoid repeatedly entering passphrases for the
+             SSH logins (note this requires setting up and distributing
+             SSH keys).
+
+
+  View Only:               Have VNC Viewer ignore mouse and keyboard input.
+  
+  Fullscreen:              Start the VNC Viewer in fullscreen mode.
+  
+  Raise On Beep:           Deiconify viewer when bell rings.
+  
+  Use 8bit color:          Request a very low-color pixel format.
+  
+  Cursor Alphablending:    Use the x11vnc alpha hack for translucent cursors
+                           (requires Unix, 32bpp and same endianness)
+  
+  Use XGrabServer:         On Unix only, use the XGrabServer workaround for
+                           old window managers.
+
+  Do not use JPEG:         Do not use the jpeg aspect of the tight encoding.
+
+  Compress Level/Quality:  Set TightVNC encoding parameters.
+
+
+  Save and Load:   You can Save the current settings by clicking on Save
+                   Profile (.vnc file) and you can also read in a saved one
+                   with Load Profile.
+
+  Clear Options:   Set all options to their defaults (i.e. unset).
+
+  Advanced:        Bring up the Advanced options dialog.
+}
+	.oh.f.t insert end $msg
+	#raise .oh
+}
+
+proc win_nokill_msg {} {
+	global help_font is_windows system_button_face
+	catch {destroy .w}
+	toplevel .w
+
+	eval text .w.t -width 60 -height 11 $help_font
+	button .w.d -text "Dismiss" -command {destroy .w}
+	pack .w.t .w.d -side top -fill x
+
+	apply_bg .w.t
+
+	center_win .w
+	wm resizable .w 1 0
+
+	wm title .w "SSL Viewer: Warning"
+
+	set msg {
+    The TightVNC Viewer has exited.
+    
+    You will need to terminate STUNNEL manually.
+    
+    To do this go to the System Tray and right-click on the STUNNEL
+    icon (dark green).  Then click "Exit".
+    
+    You can also double click on the STUNNEL icon to view the log
+    for error messages and other information.
+}
+	.w.t insert end $msg
+	#raise .w
+}
+
+proc win_kill_msg {pids} {
+	global terminate_pids
+	global help_font
+	catch {destroy .w}
+	toplevel .w
+
+	eval text .w.t -width 72 -height 19 $help_font
+	button .w.d -text "Dismiss" -command {destroy .w; set terminate_pids no}
+	button .w.k -text "Terminate STUNNEL" -command {destroy .w; set terminate_pids yes}
+	pack .w.t .w.k .w.d -side top -fill x
+
+	apply_bg .w.t
+
+	center_win .w
+	wm resizable .w 1 0
+
+	wm title .w "SSL Viewer: Warning"
+
+	set msg {
+    The TightVNC Viewer has exited.
+    
+    We can terminate the following still running STUNNEL process(es):
+    
+}
+	append msg "         $pids\n"
+
+	append msg {
+    Click on the "Terminate STUNNEL" button below to do so.
+    
+    Before terminating STUNNEL you can double click on the STUNNEL
+    Tray icon to view its log for error messages and other information.
+
+    Note: You may STILL need to terminate STUNNEL manually if we are
+    unable to kill it.  To do this go to the System Tray and right-click
+    on the STUNNEL icon (dark green).  Then click "Exit".  You will
+    probably also need to hover the mouse over the STUNNEL Tray Icon to
+    make the Tray notice STUNNEL is gone...
+}
+	.w.t insert end $msg
+	#raise .w
+}
+
+proc win9x_plink_msg {file} {
+	catch {destroy .pl}
+	global help_font win9x_plink_msg_done
+	toplevel .pl
+
+	eval text .pl.t -width 90 -height 26 $help_font
+	button .pl.d -text "OK" -command {destroy .pl; set win9x_plink_msg_done 1}
+	wm protocol .pl WM_DELETE_WINDOW {catch {destroy .pl}; set win9x_plink_msg_done 1}
+	pack .pl.t .pl.d -side top -fill x
+
+	apply_bg .pl.t
+
+	center_win .pl
+	wm resizable .pl 1 0
+
+	wm title .pl "SSL Viewer: Win9x Warning"
+
+	set msg {
+    Due to limitations on Window 9x you will have to manually start up
+    a COMMAND.COM terminal and paste in the following command:
+
+}
+	set pwd [pwd]
+	regsub -all {/} $pwd "\\" pwd
+	append msg "        $pwd\\$file\n"  
+
+	append msg {
+    The reason for this is a poor Console application implementation that
+    affects many text based applications.
+    
+    To start up a COMMAND.COM terminal, click on the Start -> Run, and then
+    type COMMAND in the entry box and hit Return or click OK.
+
+    To select the above command, highlight it with the mouse and then press
+    Ctrl-C.  Then go over the the COMMAND.COM window and click on the
+    Clipboard paste button.  Once pasted in, press Return to run the script.
+    
+    This will start up a PLINK.EXE ssh login to the remote computer,
+    and after you log in successfully and indicate (QUICKLY!!) that the
+    connection is OK by clicking OK in this dialog. If the SSH connection
+    cannot be autodetected you will ALSO need to click "Success" in the
+    "plink ssh status?" dialog, the VNC Viewer will be started going
+    through the SSH tunnel.
+}
+	.pl.t insert end $msg
+	wm deiconify .pl
+}
+
+proc mesg {str} {
+	set maxx 53
+	if {[string length $str] > $maxx} {
+		set str [string range $str 0 $maxx]
+		append str " ..."
+	}
+	.l configure -text $str
+	update
+}
+
+proc get_ssh_hp {str} {
+	set str [string trim $str]
+	regsub {[ 	].*$} $str "" str
+	return $str
+}
+
+proc get_ssh_cmd {str} {
+	set str [string trim $str]
+	if [regexp {cmd=(.*$)} $str m cmd] {
+		set cmd [string trim $cmd]
+		regsub -nocase {^%x11vncr$} $cmd "x11vnc -nopw -display none -rawfb rand" cmd
+		regsub -nocase {^%x11vnc$}  $cmd "x11vnc -nopw -display none -rawfb null" cmd
+		return $cmd
+	} else {
+		return ""
+	}
+}
+
+proc get_ssh_proxy {str} {
+	set str [string trim $str]
+	regsub {cmd=(.*$)} $str "" str
+	set str [string trim $str]
+	if { ![regexp {[ 	]} $str]} {
+		return ""
+	}
+	regsub {^.*[ 	][ 	]*} $str "" str
+	return $str
+}
+
+proc set_defaults {} {
+	global mycert svcert crtdir
+	global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
+	global use_nojpeg use_raise_on_beep use_compresslevel use_quality
+	global compresslevel_text quality_text
+	global use_cups use_sound use_smbmnt
+	global cups_local_server cups_remote_port cups_manage_rcfile
+	global cups_local_smb_server cups_remote_smb_port
+	global change_vncviewer change_vncviewer_path vncviewer_realvnc4
+	global additional_port_redirs additional_port_redirs_list
+	global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
+	global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start 
+	global smb_su_mode smb_mount_list
+	global use_port_knocking port_knocking_list
+
+	set use_ssh 0
+	set use_sshssl 0
+	putty_pw_entry check
+
+	set use_viewonly 0
+	set use_fullscreen 0
+	set use_raise_on_beep 0
+	set use_bgr233 0
+	set use_alpha 0
+	set use_grab 0
+	set use_nojpeg 0
+	set use_compresslevel "default"
+	set use_quality "default"
+	set compresslevel_text "Compress Level: $use_compresslevel"
+	set quality_text "Quality: $use_quality"
+
+	set mycert ""
+	set svcert ""
+	set crtdir ""
+
+	set use_cups 0
+	set use_sound 0
+	set use_smbmnt 0
+
+	set change_vncviewer 0 
+	set change_vncviewer_path "" 
+	set cups_manage_rcfile 0 
+	set vncviewer_realvnc4 0
+
+	set additional_port_redirs 0
+	set additional_port_redirs_list ""
+
+	set cups_local_server ""
+	set cups_remote_port ""
+	set cups_local_smb_server ""
+	set cups_remote_smb_port ""
+
+	set smb_su_mode "su"
+	set smb_mount_list ""
+
+	set sound_daemon_remote_cmd ""
+	set sound_daemon_remote_port ""
+	set sound_daemon_kill 0
+	set sound_daemon_restart 0
+
+	set sound_daemon_local_cmd ""
+	set sound_daemon_local_port ""
+	set sound_daemon_local_start 0
+	set sound_daemon_local_kill 0
+
+	set use_port_knocking 0
+	set port_knocking_list ""
+}
+
+proc do_viewer_windows {n} {
+	global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
+	global use_nojpeg use_raise_on_beep use_compresslevel use_quality
+	global change_vncviewer change_vncviewer_path vncviewer_realvnc4
+
+	set cmd "vncviewer"
+	if {$change_vncviewer && $change_vncviewer_path != ""} {
+		set cmd [string trim $change_vncviewer_path]
+		regsub -all {\\} $cmd {/} cmd
+		if {[regexp {[ \t]} $cmd]} {
+			if {[regexp -nocase {\.exe$} $cmd]} {
+				if {! [regexp {["']} $cmd]} { #"
+					# hmmm, not following instructions, are they?
+					set cmd "\"$cmd\""
+				}
+			}
+		}
+	}
+	if {$use_viewonly} {
+		if {$vncviewer_realvnc4} {
+			append cmd " viewonly=1"
+		} else {
+			append cmd " /viewonly"
+		}
+	}
+	if {$use_fullscreen} {
+		if {$vncviewer_realvnc4} {
+			append cmd " fullscreen=1"
+		} else {
+			append cmd " /fullscreen"
+		}
+	}
+	if {$use_bgr233} {
+		if {$vncviewer_realvnc4} {
+			append cmd " lowcolourlevel=1"
+		} else {
+			append cmd " /8bit"
+		}
+	}
+	if {$use_nojpeg} {
+		if {! $vncviewer_realvnc4} {
+			append cmd " /nojpeg"
+		}
+	}
+	if {$use_raise_on_beep} {
+		if {! $vncviewer_realvnc4} {
+			append cmd " /belldeiconify"
+		}
+	}
+	if {$use_compresslevel != "" && $use_compresslevel != "default"} {
+		if {$vncviewer_realvnc4} {
+			append cmd " zliblevel=$use_compresslevel"
+		} else {
+			append cmd " /compresslevel $use_compresslevel"
+		}
+	}
+	if {$use_quality != "" && $use_quality != "default"} {
+		if {! $vncviewer_realvnc4} {
+			append cmd " /quality $use_quality"
+		}
+	}
+	append cmd " localhost:$n"
+	
+	mesg $cmd
+	set emess ""
+	set rc [catch {eval exec $cmd} emess]
+	if {$rc != 0} {
+		tk_messageBox -type ok -icon error -message $emess -title "Error: $cmd"
+	}
+}
+
+proc get_netstat {} {
+	set ns ""
+	catch {set ns [exec netstat -an]}
+	return $ns
+}
+
+proc get_ipconfig {} {
+	global is_win9x
+	set ip ""
+	if {! $is_win9x} {
+		catch {set ip [exec ipconfig]}
+		return $ip
+	}
+
+	set file "ip"
+	append file [pid]
+	append file ".txt"
+
+	catch {[exec winipcfg /Batch $file]}
+
+	if [file exists $file] {
+		set fh [open $file "r"]
+		while {[gets $fh line] > -1} {
+			append ip "$line\n"
+		}
+		close $fh
+		catch {file delete $file}
+	}
+	return $ip
+}
+
+proc guess_nat_ip {} {
+	global save_nat last_save_nat
+	set s ""
+
+	if {! [info exists save_nat]} {
+		set save_nat ""
+		set last_save_nat 0
+	}
+	if {$save_nat != ""} {
+		set now [clock seconds]
+		if {$now < $last_save_nat + 45} {
+			return $save_nat
+		}
+	}
+	set s ""
+	catch {set s [socket "www.whatismyip.com" 80]}
+	set ip "unknown"
+	if {$s != ""} {
+		fconfigure $s -buffering none
+		puts $s "GET / HTTP/1.1"
+		puts $s "Host: www.whatismyip.com"
+		puts $s "Connection: close"
+		puts $s ""
+		flush $s
+		set on 0
+		while { [gets $s line] > -1 } {
+			if {! $on && [regexp {<HEAD>}  $line]} {set on 1}
+			if {! $on && [regexp {<HTML>}  $line]} {set on 1}
+			if {! $on && [regexp {<TITLE>} $line]} {set on 1}
+			if {! $on} {
+				continue;
+			}
+			if [regexp {([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*)} $line ip] {
+				break
+			}
+		}
+		close $s
+	}
+	if {$ip != "unknown"} {
+		set save_nat $ip
+		set last_save_nat [clock seconds]
+	}
+	return $ip
+}
+
+proc guess_ip {} {
+	global env is_windows
+	if {! $is_windows} {
+		set out ""
+		set out [get_hostname]
+		if {$out != ""} {
+			set hout ""
+			catch {set hout [exec host $out]}
+			if {$hout != ""} {
+				if [regexp {has address ([.0-9][.0-9]*)} $hout mvar ip] {
+					set ip [string trim $ip]
+					return $ip
+				}
+			}
+		}
+		return ""
+	} else {
+		set out [get_ipconfig]
+		set out [string trim $out]
+		if {$out == ""} {
+			return ""
+		}
+		foreach line [split $out "\n\r"] {
+			if {[regexp -nocase {IP Address.*:[ \t]*([.0-9][.0-9]*)} $line mvar ip]} {
+				set ip [string trim $ip]
+				if [regexp {^[.0]*$} $ip] {
+					continue
+				}
+				if [regexp {127\.0\.0\.1} $ip] {
+					continue
+				}
+				if {$ip != ""} {
+					return $ip
+				}
+			}
+		}
+	}
+}
+
+proc windows_start_sound_daemon {file} {
+	global env
+	global use_sound sound_daemon_local_cmd sound_daemon_local_start
+
+	regsub {\.bat} $file "snd.bat" file2
+	set fh2 [open $file2 "w"]
+
+	puts $fh2 $sound_daemon_local_cmd
+	puts $fh2 "del $file2"
+	close $fh2
+
+	mesg "Starting SOUND daemon..."
+	if [info exists env(COMSPEC)] {
+		exec $env(COMSPEC) /c $file2 &
+	} else {
+		exec cmd.exe /c $file2 &
+	}
+	after 1500
+}
+
+proc windows_stop_sound_daemon {} {
+	global env is_win9x
+	global use_sound sound_daemon_local_cmd sound_daemon_local_start
+
+	set cmd [string trim $sound_daemon_local_cmd]
+
+	regsub {[ \t].*$} $cmd "" cmd
+	regsub {^.*\\} $cmd "" cmd
+	regsub {^.*/} $cmd "" cmd
+
+	if {$cmd == ""} {
+		return
+	}
+
+	set output [get_task_list]
+	
+	foreach line [split $output "\n\r"] {
+		if [regexp "$cmd" $line] {
+			if [regexp {(-?[0-9][0-9]*)} $line m p] {
+				set pids($p) $line
+			}
+		}
+	}
+
+	set count 0
+	foreach pid [array names pids] {
+		mesg "Stopping SOUND pid: $pid"
+		if {$is_win9x} {
+			catch {exec w98/kill.exe /f $pid}
+		} else {
+			catch {exec tskill.exe $pid}
+		}
+		if {$count == 0} {
+			after 1200
+		} else {
+			after 500
+		}
+		incr count
+	}
+}
+
+proc contag {} {
+	global concount
+	if {! [info exists concount]} {
+		set concount 0
+	}
+	incr concount
+	set str [pid]
+	set str "-$str-$concount"
+}
+
+proc launch_windows_ssh {hp file n} {
+	global is_win9x 
+	global use_sshssl use_ssh putty_pw
+
+	set hpnew  [get_ssh_hp $hp]
+	set proxy  [get_ssh_proxy $hp]
+	set sshcmd [get_ssh_cmd $hp]
+
+	set vnc_host "localhost"
+	set vnc_disp $hpnew
+	regsub {^.*:} $vnc_disp "" vnc_disp
+
+	if {![regexp {^[0-9][0-9]*$} $vnc_disp]} {
+		if {[regexp {cmd=SHELL} $hp]} {
+			;
+		} elseif {[regexp {cmd=PUTTY} $hp]} {
+			;
+		} else {
+			mesg "Bad vncdisp, missing :0 ?, $vnc_disp"
+			bell
+			return 0
+		}
+	}
+
+	if {$vnc_disp < 200} {
+		set vnc_port [expr $vnc_disp + 5900]
+	} else {
+		set vnc_port $vnc_disp
+	}
+
+
+	set ssh_port 22
+	set ssh_host $hpnew
+	regsub {:.*$} $ssh_host "" ssh_host
+
+	if {$proxy != ""} {
+		set ssh_host $proxy
+		regsub {:.*$} $ssh_host "" ssh_host
+		set ssh_port $proxy
+		regsub {^.*:} $ssh_port "" ssh_port
+		if {$ssh_port == ""} {
+			set ssh_port 22
+		}
+		set vnc_host $hpnew
+		regsub {:.*$} $vnc_host "" vnc_host
+	}
+
+	if {![regexp {^[^ 	][^ 	]*@} $ssh_host]} {
+		mesg "You must supply a username: user@host..."
+		bell
+		return 0
+	}
+
+	set verb "-v"
+
+	set pwd ""
+	if {$is_win9x} {
+		set pwd [pwd]
+		regsub -all {/} $pwd "\\" pwd
+	}
+
+	set use [expr $n + 5900]
+
+	set_smb_mounts
+	
+	global use_smbmnt use_sound sound_daemon_kill 
+	set do_pre 0
+	if {$use_smbmnt}  {
+		set do_pre 1
+	} elseif {$use_sound && $sound_daemon_kill} {
+		set do_pre 1
+	}
+
+	global skip_pre
+	if {$skip_pre} {
+		set do_pre 0
+		set skip_pre 0
+	}
+
+	set pw ""
+	if {$putty_pw != ""} {
+		if {! [regexp {"} $putty_pw]} {  #"
+			set pw "                                                      -pw                                                   \"$putty_pw\""
+		}
+	}
+
+	set tag [contag]
+
+	set file_pre ""
+	set file_pre_cmd ""
+	if {$do_pre} {
+		set setup_cmds [ugly_setup_scripts pre $tag] 
+		
+		if {$setup_cmds != ""} {
+			regsub {\.bat} $file "pre.cmd" file_pre_cmd
+			set fh [open $file_pre_cmd "w"]
+			puts $fh "$setup_cmds sleep 10; "
+			close $fh
+
+			regsub {\.bat} $file "pre.bat" file_pre
+			set fh [open $file_pre "w"]
+			set plink_str "plink.exe -ssh -C -P $ssh_port -m $file_pre_cmd $verb -t" 
+
+			global smb_redir_0
+			if {$smb_redir_0 != ""} {
+				append plink_str " $smb_redir_0"
+			}
+
+			append plink_str "$pw $ssh_host" 
+
+			if {$pw != ""} {
+				puts $fh "echo off"
+			}
+			puts $fh $plink_str
+
+			if {$file_pre_cmd != ""} {
+				puts $fh "del $file_pre_cmd"
+			}
+			puts $fh "del $file_pre"
+
+			close $fh
+		}
+	}
+
+	if {$is_win9x} {
+		set sleep 35
+	} else {
+		set sleep 20
+	}
+
+	set setup_cmds [ugly_setup_scripts post $tag] 
+
+	set do_shell 0
+	if {$sshcmd == "SHELL"} {
+		set setup_cmds ""
+		set sshcmd {$SHELL}
+		set do_shell 1
+	} elseif {$sshcmd == "PUTTY"} {
+		set setup_cmds ""
+		set do_shell 1
+	}
+
+	set file_cmd ""
+	if {$setup_cmds != ""} {
+		regsub {\.bat} $file ".cmd" file_cmd
+		set fh_cmd [open $file_cmd "w"]
+
+		set str $setup_cmds
+		if {$sshcmd != ""} {
+			append str " $sshcmd; "
+		} else {
+			append str " sleep $sleep; "
+		}
+		puts $fh_cmd $str
+		close $fh_cmd
+
+		set sshcmd $setup_cmds
+	}
+
+	if {$sshcmd == ""} {
+		set pcmd "echo; echo SSH connected OK.; echo If this state is not autodetected,; echo Go Click the Success button."
+		set sshcmd "$pcmd; sleep $sleep"
+	}
+
+	global use_sound sound_daemon_local_cmd sound_daemon_local_start
+	if {! $do_shell && ! $is_win9x && $use_sound && $sound_daemon_local_start && $sound_daemon_local_cmd != ""} {
+		windows_start_sound_daemon $file
+	}
+
+	set fh [open $file "w"]
+	if {$is_win9x} {
+		puts $fh "cd $pwd"
+		if {$file_pre != ""} {
+			puts $fh "echo Press Ctrl-C --HERE-- when done with the Pre-Command shell work."
+			puts $fh "start /w command.com /c $file_pre"
+		}
+	}
+
+	global use_cups use_smbmnt
+	set extra_redirs ""
+	if {$use_cups} {
+		append extra_redirs [get_cups_redir]
+	}
+	if {$use_sound} {
+		append extra_redirs [get_sound_redir]
+	}
+	global additional_port_redirs
+	if {$additional_port_redirs} {
+		append extra_redirs [get_additional_redir]
+	}
+
+	set plink_str "plink.exe -ssh -P $ssh_port $verb -L $use:$vnc_host:$vnc_port $extra_redirs -t" 
+	if {$extra_redirs != ""} {
+		regsub {exe} $plink_str "exe -C" plink_str
+	}
+	if {$do_shell} {
+		if {$sshcmd == "PUTTY"} {
+		    if {$is_win9x} {
+			set plink_str "putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" 
+		    } else {
+			set plink_str "start \"putty $ssh_host\" putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" 
+		    }
+		} else {
+			set plink_str "plink.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" 
+			append plink_str { "$SHELL"}
+		}
+	} elseif {$file_cmd != ""} {
+		append plink_str " -m $file_cmd$pw $ssh_host"
+	} else {
+		append plink_str "$pw $ssh_host \"$sshcmd\""
+	}
+
+	if {$pw != ""} {
+		puts $fh "echo off"
+	}
+	puts $fh $plink_str
+	if {$file_cmd != ""} {
+		puts $fh "del $file_cmd"
+	}
+	puts $fh "del $file"
+	close $fh
+
+	catch {destroy .o}
+	catch {destroy .oa}
+
+	do_port_knock $ssh_host
+
+	if {$is_win9x} {
+		wm withdraw .
+		update
+		win9x_plink_msg $file
+		global win9x_plink_msg_done
+		set win9x_plink_msg_done 0
+		vwait win9x_plink_msg_done
+	} else {
+		global env
+		set com "cmd.exe"
+		if [info exists env(COMSPEC)] {
+			set com $env(COMSPEC)
+		}
+
+		if {$file_pre != ""} {
+			exec $com /c $file_pre &
+			set sl 0
+			if {$use_smbmnt}  {
+				global smb_su_mode
+				if {$smb_su_mode == "su"} {
+					set sl [expr $sl + 15]
+				} elseif {$smb_su_mode == "sudo"} {
+					set sl [expr $sl + 15]
+				} else {
+					set sl [expr $sl + 3]
+				}
+			}
+			if {$pw == ""} {
+				set sl [expr $sl + 5]
+			}
+
+			set sl [expr $sl + 5]
+			set st [clock seconds]
+			set dt 0
+			global entered_gui_top
+			set entered_gui_top 0
+
+			while {$dt < $sl} {
+				after 100
+				set dt [clock seconds]
+				set dt [expr $dt - $st]
+				mesg "Click or Enter when done with 1st SSH $dt/$sl"
+				update
+				update idletasks
+				if {$entered_gui_top != 0 && $dt >= 3} {
+					mesg "Running 2nd SSH now ..."
+					after 1000
+					break
+				}
+			}
+			mesg "Running 2nd SSH ..."
+		}
+
+		wm withdraw .
+		update
+		exec $com /c $file &
+		after 1000
+	}
+
+	if {$do_shell} {
+		wm deiconify .
+		return 1
+	}
+
+	catch {destroy .plink}
+	toplevel .plink
+	wm title .plink "plink SSH status?"
+	set wd 37
+	label .plink.l1 -anchor w -text "Login via plink/ssh to the remote server" -width $wd
+	label .plink.l2 -anchor w -text "(supply username and password as needed)." -width $wd
+	label .plink.l3 -anchor w -text "" -width $wd
+	label .plink.l4 -anchor w -text "After ssh is set up, AND if the connection" -width $wd
+	label .plink.l5 -anchor w -text "success is not autodetected, please click" -width $wd
+	label .plink.l6 -anchor w -text "one of these buttons:" -width $wd
+	global plink_status
+	button .plink.fail -text "Failed" -command {destroy .plink; set plink_status no}
+	button .plink.ok   -text "Success" -command {destroy .plink; set plink_status yes}
+	pack .plink.l1 .plink.l2 .plink.l3 .plink.l4 .plink.l5 .plink.l6 .plink.fail .plink.ok -side top -fill x
+
+	wm geometry .plink +700+500
+	wm deiconify .plink
+	set plink_status ""
+	set waited 0
+	set cnt 0
+	while {$waited < 30000} {
+		after 500
+		update
+		set ns [get_netstat]
+		set re ":$use"
+		append re {[ 	][ 	]*[0:.][0:.]*[ 	][ 	]*LISTEN}
+		if [regexp $re $ns] {
+			set plink_status yes
+		}
+		if {$plink_status != ""} {
+			catch {destroy .plink}
+			break
+		}
+
+		if {$waited == 0} {
+			wm deiconify .plink
+		}
+		set waited [expr "$waited + 500"]
+
+		incr cnt
+		if {$cnt >= 12} {
+			set cnt 0
+			#catch {wm deiconify .plink}
+		}
+	}
+	if {$plink_status == ""} {
+		vwait plink_status
+	}
+
+	if {$use_sshssl} {
+		global launch_windows_ssh_files 
+		if {$file != ""} {
+			append launch_windows_ssh_files "$file "
+		}
+		if {$file_pre != ""} {
+			append launch_windows_ssh_files "$file_pre "
+		}
+		if {$file_pre_cmd != ""} {
+			append launch_windows_ssh_files "$file_pre_cmd "
+		}
+		regsub { *$} $launch_windows_ssh_files "" launch_windows_ssh_files
+		return 1
+	}
+
+	if {$plink_status != "yes"} {
+		wm deiconify .
+	} else {
+		after 1000
+		do_viewer_windows $n
+		wm deiconify .
+		mesg "Disconnected from $hp"
+	}
+
+	if {$file != ""} {
+		catch {file delete $file}	
+	}
+	if {$file_pre != ""} {
+		catch {file delete $file_pre}	
+	}
+	if {$file_pre_cmd != ""} {
+		catch {file delete $file_pre_cmd}	
+	}
+
+	global sound_daemon_local_kill
+	if {! $is_win9x && $use_sound && $sound_daemon_local_kill && $sound_daemon_local_cmd != ""} {
+		windows_stop_sound_daemon
+	}
+	return 1
+}
+
+proc check_ssh_needed {} {
+	global use_cups use_sound use_smbmnt
+	global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
+	global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start 
+	global cups_local_server cups_remote_port cups_manage_rcfile
+	global cups_local_smb_server cups_remote_smb_port
+	global smb_su_mode smb_mount_list
+	global use_ssh use_sshssl
+	
+	if {$use_ssh || $use_sshssl} {
+		return
+	}
+	set must 0
+	if {$use_cups} {
+		if {$cups_local_server != ""} {set must 1}
+		if {$cups_remote_port != ""} {set must 1}
+		if {$cups_local_smb_server != ""} {set must 1}
+		if {$cups_remote_smb_port != ""} {set must 1}
+		if {$cups_manage_rcfile != ""} {set must 1}
+	}
+	if {$use_sound} {
+		if {$sound_daemon_remote_cmd != ""} {set must 1}
+		if {$sound_daemon_remote_port != ""} {set must 1}
+		if {$sound_daemon_kill} {set must 1}
+		if {$sound_daemon_restart} {set must 1}
+		if {$sound_daemon_local_cmd != ""} {set must 1}
+		if {$sound_daemon_local_port != ""} {set must 1}
+		if {$sound_daemon_local_kill} {set must 1}
+		if {$sound_daemon_local_start} {set must 1}
+	}
+	if {$use_smbmnt} {
+		if {[regexp {//} $smb_mount_list]} {set must 1}
+	}
+	if {$must} {
+		set use_sshssl 1
+		putty_pw_entry check
+		mesg "Enabling \"Use SSH and SSL\" mode for port redir"
+		update
+		bell
+		after 4000
+	}
+}
+
+proc set_smb_mounts {} {
+	global smb_redir_0 smb_mounts use_smbmnt 
+	
+	set smb_redir_0 ""
+	set smb_mounts ""
+	if {$use_smbmnt} {
+		set l2 [get_smb_redir]
+		set smb_redir_0 [lindex $l2 0]
+		set smb_redir_0 [string trim $smb_redir_0]
+		set smb_mounts  [lindex $l2 1]
+	}
+}
+
+proc xterm_center_geometry {} {
+	set sh [winfo screenheight .]
+	set sw [winfo screenwidth .]
+	set gw 500
+	set gh 300
+	set x [expr $sw/2 - $gw/2]
+	set y [expr $sh/2 - $gh/2]
+	if {$x < 0} {
+		set x 10
+	}
+	if {$y < 0} {
+		set y 10
+	}
+
+	return "+$x+$y"
+}
+
+proc smbmnt_wait {tee} {
+	if {$tee != ""} {
+		set start [clock seconds]
+		set cut 30
+		while {1} {
+			set now [clock seconds]
+			if {$now > $start + $cut} {
+				break;
+			}
+			if [file exists $tee] {
+				set sz 0
+				catch {set sz [file size $tee]}
+				if {$sz > 50} {
+					set cut 50
+				}
+			}
+			set g ""
+			catch {set g [exec grep vnc-helper-exiting $tee]}
+			if [regexp {vnc-helper-exiting} $g] {
+				break
+			}
+			after 1000
+		}
+		catch {file delete $tee}
+	} else {
+		global smb_su_mode
+		if {$smb_su_mode == "su"} {
+			after 15000
+		} elseif {$smb_su_mode == "sudo"} {
+			after 10000
+		}
+	}
+}
+
+proc do_unix_pre {tag proxy hp pk_hp}  {
+	global env smb_redir_0 use_smbmnt
+	global did_port_knock
+	
+	set setup_cmds [ugly_setup_scripts pre $tag] 
+	set c "ssl_vncviewer -ssh"
+
+	if {$proxy == ""} {
+		set pxy $hp
+		regsub {:.*$} $pxy "" pxy
+		set c "$c -proxy '$pxy'"
+	} else {
+		set c "$c -proxy '$proxy'"
+	}
+
+	if {$setup_cmds != ""} {
+		set env(SSL_VNCVIEWER_SSH_CMD) "$setup_cmds sleep 10"
+		set env(SSL_VNCVIEWER_SSH_ONLY) 1
+		if {$smb_redir_0 != ""} {
+			set c "$c -sshargs '$smb_redir_0'"
+		}
+
+		do_port_knock $pk_hp
+		set did_port_knock 1
+
+		if {$use_smbmnt} {
+			set title "SSL VNC Viewer $hp -- SMB MOUNTS"
+		} else {
+			set title "SSL VNC Viewer $hp -- Pre Commands"
+		}
+
+		set tee ""
+		if {$use_smbmnt} {
+			set tee $env(HOME) 
+			append tee "/.tee-etv$tag"
+			set fh ""
+			catch {set fh [open $tee "w"]}
+			if {$fh == ""} {
+				set tee ""
+			} else {
+				close $fh
+				set c "$c | tee $tee"
+			}
+		}
+
+		exec xterm -geometry "80x25+100+100" \
+		    -title "$title" \
+		    -e sh -c "set -xv; $c" &
+
+		set env(SSL_VNCVIEWER_SSH_CMD) ""
+		set env(SSL_VNCVIEWER_SSH_ONLY) ""
+
+		if {$use_smbmnt} {
+			smbmnt_wait $tee
+		} else {
+			after 2000
+		}
+	}
+}
+
+proc launch_unix {hp} {
+	global mycert svcert crtdir env
+	global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
+	global use_nojpeg use_raise_on_beep use_compresslevel use_quality
+	global change_vncviewer change_vncviewer_path vncviewer_realvnc4
+	global additional_port_redirs additional_port_redirs_list
+	global use_cups use_sound use_smbmnt
+	global smb_redir_0 smb_mounts
+	global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
+	global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start 
+
+	set cmd ""
+
+	if [regexp {cmd=} $hp] {
+		if {! $use_ssh && ! $use_sshssl} {
+			set use_ssh 1
+		}
+	}
+	check_ssh_needed
+
+	set_smb_mounts
+
+	global did_port_knock
+	set did_port_knock 0
+	set pk_hp ""
+
+	if {$use_ssh || $use_sshssl} {
+		if {$use_ssh} {
+			set cmd "ssl_vncviewer -ssh"
+		} else {
+			set cmd "ssl_vncviewer -sshssl"
+		}
+		set hpnew  [get_ssh_hp $hp]
+		set proxy  [get_ssh_proxy $hp]
+		set sshcmd [get_ssh_cmd $hp]
+		set hp $hpnew
+
+		if {$proxy != ""} {
+			set cmd "$cmd -proxy '$proxy'"
+			set pk_hp $proxy
+		}
+		if {$pk_hp == ""} {
+			set pk_hp $hp
+		}
+
+		set do_pre 0
+		if {$use_smbmnt}  {
+			set do_pre 1
+		} elseif {$use_sound && $sound_daemon_kill} {
+			set do_pre 1
+		}
+		global skip_pre
+		if {$skip_pre} {
+			set do_pre 0
+			set skip_pre 0
+		}
+
+		set tag [contag]
+
+		if {$do_pre} {
+			do_unix_pre $tag $proxy $hp $pk_hp
+		}
+
+
+		set setup_cmds [ugly_setup_scripts post $tag] 
+
+		if {$sshcmd == "SHELL"} {
+			set env(SSL_VNCVIEWER_SSH_CMD) {$SHELL}
+			set env(SSL_VNCVIEWER_SSH_ONLY) 1
+		} elseif {$setup_cmds != ""} {
+			set env(SSL_VNCVIEWER_SSH_CMD) "$setup_cmds$sshcmd"
+		} else {
+			if {$sshcmd != ""} {
+				set cmd "$cmd -sshcmd '$sshcmd'"
+			}
+		}
+		
+		set sshargs ""
+		if {$use_cups} {
+			append sshargs [get_cups_redir]
+		}
+		if {$use_sound} {
+			append sshargs [get_sound_redir]
+		}
+		if {$additional_port_redirs} {
+			append sshargs [get_additional_redir]
+		}
+
+		set sshargs [string trim $sshargs]
+		if {$sshargs != ""} {
+			set cmd "$cmd -sshargs '$sshargs'"
+			set env(SSL_VNCVIEWER_USE_C) 1
+		}
+		if {$sshcmd == "SHELL"} {
+			set env(SSL_VNCVIEWER_SSH_ONLY) 1
+			if {$proxy == ""} {
+				set hpt $hpnew
+				regsub {:[0-9]*$} $hpt "" hpt
+				set cmd "$cmd -proxy '$hpt'"
+			}
+			set geometry [xterm_center_geometry]
+			if {$pk_hp == ""} {
+				set pk_hp $hp
+			}
+			if {! $did_port_knock} {
+				do_port_knock $pk_hp
+				set did_port_knock 1
+			}
+
+			exec xterm -geometry $geometry -title "SHELL to $hp" \
+			    -e sh -c "$cmd" &
+			set env(SSL_VNCVIEWER_SSH_CMD) ""
+			set env(SSL_VNCVIEWER_SSH_ONLY) ""
+			set env(SSL_VNCVIEWER_USE_C) ""
+			return
+		}
+	} else {
+		set cmd "ssl_tightvncviewer"
+		set hpnew  [get_ssh_hp $hp]
+		set proxy  [get_ssh_proxy $hp]
+		if {$mycert != ""} {
+			set cmd "$cmd -mycert '$mycert'"
+		}
+		if {$svcert != ""} {
+			set cmd "$cmd -verify '$svcert'"
+		} elseif {$crtdir != ""} {
+			set cmd "$cmd -verify '$crtdir'"
+		}
+		if {$proxy != ""} {
+			set cmd "$cmd -proxy '$proxy'"
+		}
+		set hp $hpnew
+	}
+
+	if {$use_alpha} {
+		set cmd "$cmd -alpha"
+	}
+	if {$use_grab} {
+		set cmd "$cmd -grab"
+	}
+
+	set cmd "$cmd $hp"
+
+	if {$use_viewonly} {
+		set cmd "$cmd -viewonly"
+	}
+	if {$use_fullscreen} {
+		set cmd "$cmd -fullscreen"
+	}
+	if {$use_bgr233} {
+		if {$vncviewer_realvnc4} {
+			set cmd "$cmd -lowcolourlevel 1"
+		} else {
+			set cmd "$cmd -bgr233"
+		}
+	}
+	if {$use_nojpeg} {
+		if {! $vncviewer_realvnc4} {
+			set cmd "$cmd -nojpeg"
+		}
+	}
+	if {! $use_raise_on_beep} {
+		if {! $vncviewer_realvnc4} {
+			set cmd "$cmd -noraiseonbeep"
+		}
+	}
+	if {$use_compresslevel != "" && $use_compresslevel != "default"} {
+		if {$vncviewer_realvnc4} {
+			set cmd "$cmd -zliblevel '$use_compresslevel'"
+		} else {
+			set cmd "$cmd -compresslevel '$use_compresslevel'"
+		}
+	}
+	if {$use_quality != "" && $use_quality != "default"} {
+		if {! $vncviewer_realvnc4} {
+			set cmd "$cmd -quality '$use_quality'"
+		}
+	}
+	if {$use_ssh || $use_sshssl} {
+		# realvnc4 -preferredencoding zrle
+		if {$vncviewer_realvnc4} {
+			set cmd "$cmd -preferredencoding zrle"
+		} else {
+			set cmd "$cmd -encodings 'copyrect tight zrle zlib hextile'"
+		}
+	}
+
+	if {$change_vncviewer && $change_vncviewer_path != ""} {
+		global env
+		set env(VNCVIEWERCMD) $change_vncviewer_path
+	} else {
+		set env(VNCVIEWERCMD) ""
+	}
+
+	catch {destroy .o}
+	catch {destroy .oa}
+	wm withdraw .
+	update
+
+	if {$sound_daemon_local_start && $sound_daemon_local_cmd != ""} {
+		mesg "running: $sound_daemon_local_cmd"
+		exec sh -c "$sound_daemon_local_cmd" >& /dev/null </dev/null &
+		update
+		after 500
+	}
+
+	if {$pk_hp == ""} {
+		set pk_hp $hp
+	}
+	if {! $did_port_knock} {
+		do_port_knock $pk_hp
+		set did_port_knock 1
+	}
+
+	set geometry [xterm_center_geometry]
+	set xrm1 "*.srinterCommand:true"
+	set xrm2 $xrm1
+	set xrm3 $xrm1
+	if {[info exists env(SSL_VNC_GUI_CMD)]} {
+		set xrm1 "*.printerCommand:env XTERM_PRINT=1 $env(SSL_VNC_GUI_CMD)"
+		set xrm2 "XTerm*VT100*translations:#override Shift<Btn3Down>:print()\\nCtrl<Key>N:print()"
+		set xrm3 "*mainMenu*print*Label:  New SSL_VNC_GUI"
+	}
+	exec xterm -geometry $geometry -xrm "$xrm1" -xrm "$xrm2" -xrm "$xrm3" \
+	    -title "SSL VNC Viewer $hp" \
+	    -e sh -c "set -xv; $cmd; set +xv; echo; echo Done. You Can X-out or Ctrl-C this Terminal whenever you like.; echo; echo sleep 15; echo; sleep 15"
+	set env(SSL_VNCVIEWER_SSH_CMD) ""
+	set env(SSL_VNCVIEWER_USE_C) ""
+
+	if {$sound_daemon_local_kill && $sound_daemon_local_cmd != ""} {
+		set daemon [string trim $sound_daemon_local_cmd]
+		regsub {^gw[ \t]*} $daemon "" daemon
+		regsub {[ \t].*$} $daemon "" daemon
+		regsub {^.*/} $daemon "" daemon
+		mesg "killing sound daemon: $daemon"
+		if {$daemon != ""} {
+			catch {exec sh -c "killall $daemon"  >/dev/null 2>/dev/null </dev/null &}
+			catch {exec sh -c "pkill -x $daemon" >/dev/null 2>/dev/null </dev/null &}
+		}
+	}
+	wm deiconify .
+	mesg "Disconnected from $hp"
+}
+
+proc kill_stunnel {pids} {
+	global is_win9x env
+
+	set count 0
+	foreach pid $pids {
+		mesg "killing STUNNEL pid: $pid"
+		if {$is_win9x} {
+			catch {exec w98/kill.exe /f $pid}
+		} else {
+			catch {exec tskill.exe $pid}
+		}
+		if {$count == 0} {
+			after 1200
+		} else {
+			after 500
+		}
+		incr count
+	}
+}
+
+proc get_task_list {} {
+	global env is_win9x
+	
+	set output1 ""
+	set output2 ""
+	if {! $is_win9x} {
+		# try for tasklist on XP pro
+		catch {set output1 [exec tasklist.exe]}
+	}
+	catch {set output2 [exec w98/tlist.exe]}
+
+	set output $output1
+	append output "\n"
+	append output $output2
+
+	return $output
+}
+
+proc note_stunnel_pids {when} {
+	global env
+	global is_win9x pids_before pids_after pids_new
+
+	if {$when == "before"} {
+		array unset pids_before
+		array unset pids_after
+		set pids_new {}
+		set pids_before(none) "none"
+		set pids_after(none)  "none"
+	}
+
+	set output [get_task_list]
+	
+	foreach line [split $output "\n\r"] {
+		if [regexp -nocase {stunnel} $line] {
+			if [regexp {(-?[0-9][0-9]*)} $line m p] {
+				if {$when == "before"} {
+					set pids_before($p) $line
+				} else {
+					set pids_after($p) $line
+				}
+			}
+		}
+	}
+	if {$when == "after"} {
+		foreach new [array names pids_after] {
+			if {! [info exists pids_before($new)]} {
+				lappend pids_new $new
+			}
+		}
+	}
+}
+
+proc del_launch_windows_ssh_files {} {
+	global launch_windows_ssh_files
+	
+	if {$launch_windows_ssh_files != ""} {
+		foreach tf [split $launch_windows_ssh_files] {
+			if {$tf == ""} {
+				continue
+			}
+			catch {file delete $tf}
+		}
+	}
+}
+
+proc launch_shell_only {} {
+	global vncdisplay is_windows
+	global skip_pre
+
+	set hp $vncdisplay
+	regsub {cmd=.*$} $vncdisplay "" hp
+	set hp [string trim $hp]
+	if {$is_windows} {
+		append hp " cmd=PUTTY"
+	} else {
+		append hp " cmd=SHELL"
+	}
+	set skip_pre 1
+	launch $hp
+}
+
+proc launch {{hp ""}} {
+	global vncdisplay env tcl_platform is_windows
+	global mycert svcert crtdir
+	global pids_before pids_after pids_new
+	global use_ssh use_sshssl
+
+	set debug 0
+	if {$hp == ""} {
+		set hp [string trim $vncdisplay]
+	}
+
+	if {[regexp {^[ 	]*$} $hp]} {
+		mesg "No host:disp supplied."
+		bell
+		return
+	}
+	if {! [regexp ":" $hp]} {
+		if {! [regexp {cmd=} $hp]} {
+			append hp ":0"
+		}
+	}
+
+	mesg "Using: $hp"
+	after 600
+
+	if {$debug} {
+		mesg "\"$tcl_platform(os)\" | \"$tcl_platform(osVersion)\""
+		after 1000
+	}
+	if {! $is_windows} {
+		launch_unix $hp
+		return
+	}
+
+	if [regexp {cmd=} $hp] {
+		if {! $use_ssh && ! $use_sshssl} {
+			set use_ssh 1
+		}
+	}
+	check_ssh_needed
+
+	if {! $use_ssh} {
+		if {$mycert != ""} {
+			if {! [file exists $mycert]} {
+				mesg "MyCert does not exist: $mycert"
+				bell
+				return
+			}
+		}
+		if {$svcert != ""} {
+			if {! [file exists $svcert]} {
+				mesg "ServerCert does not exist: $svcert"
+				bell
+				return
+			}
+		} elseif {$crtdir != ""} {
+			if {! [file exists $crtdir]} {
+				mesg "CertsDir does not exist: $crtdir"
+				bell
+				return
+			}
+		}
+	}
+
+	set prefix "stunnel-vnc"
+	set suffix "conf"
+	if {$use_ssh || $use_sshssl} {
+		set prefix "plink-vnc"
+		set suffix "bat"
+	}
+
+	# we avoid parsing netstat output on Windows (but I guess we do now elsewhere):
+	set file ""
+	set n ""
+	set file2 ""
+	set n2 ""
+	set now [clock seconds]
+
+	for {set i 30} {$i < 90} {incr i}  {
+		set try "$prefix-$i.$suffix"
+		if {[file exists $try]}  {
+			set mt [file mtime $try]
+			set age [expr "$now - $mt"]
+			set week [expr "7 * 3600 * 24"]
+			if {$age > $week} {
+				catch {file delete $file}
+			}
+		}
+		if {! [file exists $try]}  {
+			if {$use_sshssl} {
+				if {$file != ""} {
+					set file2 $try
+					set n2 $i
+					break
+				}
+			}
+			set file $try
+			set n $i
+			if {! $use_sshssl} {
+				break
+			}
+		}
+	}
+
+	if {$file == ""} {
+		mesg "could not find free stunnel file"
+		bell
+		return
+	}
+
+	global launch_windows_ssh_files 
+	set launch_windows_ssh_files ""
+
+	set did_port_knock 0
+
+	if {$use_sshssl} {
+		set rc [launch_windows_ssh $hp $file2 $n2]
+		if {$rc == 0} {
+			catch {file delete $file}
+			catch {file delete $file2}
+			del_launch_windows_ssh_files
+			return
+		}
+		set did_port_knock 1
+	} elseif {$use_ssh} {
+		launch_windows_ssh $hp $file $n
+		return
+	}
+
+	if [regexp {[ 	]} $hp] {
+		# proxy or cmd case (should not happen? yet?) 
+		regsub {[ 	].*$} $hp "" hp2
+	} else {
+		set list [split $hp ":"] 
+		set host [lindex $list 0]
+		set disp [lindex $list 1]
+		set port [expr "$disp + 5900"]
+	}
+
+	set list [split $hp ":"] 
+	set host [lindex $list 0]
+	set disp [lindex $list 1]
+	set port [expr "$disp + 5900"]
+
+	if {$debug} {
+		mesg "file: $file"
+		after 1000
+	}
+
+	set fh [open $file "w"]
+
+	puts $fh "client = yes"
+	puts $fh "options = ALL"
+	puts $fh "taskbar = yes"
+	puts $fh "RNDbytes = 2048"
+	puts $fh "RNDfile = bananarand.bin"
+	puts $fh "RNDoverwrite = yes"
+	puts $fh "debug = 6"
+	if {$mycert != ""} {
+		if {! [file exists $mycert]} {
+			mesg "MyCert does not exist: $mycert"
+			bell
+			return
+		}
+		puts $fh "cert = $mycert"
+	}
+	if {$svcert != ""} {
+		if {! [file exists $svcert]} {
+			mesg "ServerCert does not exist: $svcert"
+			bell
+			return
+		}
+		puts $fh "CAfile = $svcert"
+		puts $fh "verify = 2"
+	} elseif {$crtdir != ""} {
+		if {! [file exists $crtdir]} {
+			mesg "CertsDir does not exist: $crtdir"
+			bell
+			return
+		}
+		puts $fh "CApath = $crtdir"
+		puts $fh "verify = 2"
+	}
+
+	puts $fh "\[vnc$n\]"
+	set port2 [expr "$n + 5900"] 
+	puts $fh "accept = localhost:$port2"
+
+	if {$use_sshssl} {
+		set port [expr "$n2 + 5900"]
+		puts $fh "connect = localhost:$port"
+	} else {
+		puts $fh "connect = $host:$port"
+	}
+
+	puts $fh "delay = no"
+	puts $fh ""
+	close $fh
+
+	mesg "Starting STUNNEL on port $port2 ..."
+	after 600
+
+	note_stunnel_pids "before"
+
+	set pids [exec stunnel $file &]
+
+	after 1300
+
+	note_stunnel_pids "after"
+
+	if {$debug} {
+		after 1000
+		mesg "pids $pids"
+		after 1000
+	} else {
+		catch {destroy .o}
+		catch {destroy .oa}
+		wm withdraw .
+	}
+
+	if {! $did_port_knock} {
+		do_port_knock $host
+		set did_port_knock 1
+	}
+
+	do_viewer_windows $n
+
+	del_launch_windows_ssh_files
+
+	catch {file delete $file}
+
+	if {$debug} {
+		;
+	} else {
+		wm deiconify .
+	}
+	mesg "Disconnected from $hp."
+
+	if {[llength $pids_new] > 0} {
+		set plist [join $pids_new ", "]
+		global terminate_pids
+		set terminate_pids ""
+		win_kill_msg $plist
+		update
+		vwait terminate_pids
+		if {$terminate_pids == "yes"} {
+			kill_stunnel $pids_new
+		}
+	} else {
+		win_nokill_msg
+	}
+	mesg "Disconnected from $hp."
+
+	global is_win9x use_sound sound_daemon_local_kill sound_daemon_local_cmd
+	if {! $is_win9x && $use_sound && $sound_daemon_local_kill && $sound_daemon_local_cmd != ""} {
+		windows_stop_sound_daemon
+	}
+}
+
+proc get_idir {str} {
+	set idir ""
+	if {$str != ""} {
+		if [file isdirectory $str] {
+			set idir $str
+		} else {
+			set idir [file dirname $str]
+		}
+	}
+	if {$idir == ""} {
+		global env
+		if [info exists env(HOME)] {
+			set t "$env(HOME)/.vnc/certs"	
+			if [file isdirectory $t] {
+				set idir $t
+			}
+		}
+	}
+	if {$idir == ""} {
+		set idir [pwd]
+	}
+	return $idir
+}
+
+proc set_mycert {} {
+	global mycert
+	set idir [get_idir $mycert]
+	if {$idir != ""} {
+		set mycert [tk_getOpenFile -initialdir $idir]
+	} else {
+		set mycert [tk_getOpenFile]
+	}
+	catch {wm deiconify .c}
+	update
+}
+
+proc set_svcert {} {
+	global svcert crtdir
+	set idir [get_idir $svcert]
+	if {$idir != ""} {
+		set svcert [tk_getOpenFile -initialdir $idir]
+	} else {
+		set svcert [tk_getOpenFile]
+	}
+	if {$svcert != ""} {
+		set crtdir ""
+	}
+	catch {wm deiconify .c}
+	update
+}
+
+proc set_crtdir {} {
+	global svcert crtdir
+	set idir [get_idir $crtdir]
+	if {$idir != ""} {
+		set crtdir [tk_chooseDirectory -initialdir $idir]
+	} else {
+		set crtdir [tk_chooseDirectory]
+	}
+	if {$crtdir != ""} {
+		set svcert ""
+	}
+	catch {wm deiconify .c}
+	update
+}
+
+proc getcerts {} {
+	global mycert svcert crtdir
+	global use_ssh use_sshssl
+	catch {destroy .c}
+	toplevel .c
+	wm title .c "Set SSL Certificates"
+	frame .c.mycert
+	frame .c.svcert
+	frame .c.crtdir
+	label .c.mycert.l -anchor w -width 12 -text "MyCert:"
+	label .c.svcert.l -anchor w -width 12 -text "ServerCert:"
+	label .c.crtdir.l -anchor w -width 12 -text "CertsDir:"
+	
+	entry .c.mycert.e -width 32 -textvariable mycert
+	entry .c.svcert.e -width 32 -textvariable svcert
+	entry .c.crtdir.e -width 32 -textvariable crtdir
+	button .c.mycert.b -text "Browse..." -command {set_mycert; catch {raise .c}}
+	button .c.svcert.b -text "Browse..." -command {set_svcert; catch {raise .c}}
+	button .c.crtdir.b -text "Browse..." -command {set_crtdir; catch {raise .c}}
+
+	frame .c.b
+	button .c.b.done -text "Done" -command {catch {destroy .c}}
+	bind .c <Escape> {destroy .c}
+	button .c.b.help -text "Help" -command help_certs
+	pack .c.b.help .c.b.done -fill x -expand 1 -side left
+
+	foreach w [list mycert svcert crtdir] {
+		pack .c.$w.l -side left
+		pack .c.$w.e -side left -expand 1 -fill x
+		pack .c.$w.b -side left
+		bind .c.$w.e <Return> ".c.$w.b invoke"
+		if {$use_ssh} {
+			.c.$w.l configure -state disabled	
+			.c.$w.e configure -state disabled	
+			.c.$w.b configure -state disabled	
+		}	
+	}
+
+	pack .c.mycert .c.svcert .c.crtdir .c.b -side top -fill x
+	center_win .c
+	wm resizable .c 1 0
+
+	focus .c
+}
+
+proc get_profiles_dir {} {
+	global env is_windows
+	
+	set dir ""
+	if {$is_windows} {
+		set t [file dirname [pwd]]
+		set t "$t/profiles"
+		if [file isdirectory $t] {
+			set dir $t
+		}
+	} elseif [info exists env(HOME)] {
+		set t "$env(HOME)/.vnc"
+		if [file isdirectory $t] {
+			set dir $t
+			set s "$t/profiles"
+			if {! [file exists $s]} {
+				catch {file mkdir $s}
+			}
+		}
+	}
+	
+	if {$dir != ""} {
+		
+	} elseif [info exists env(SSL_VNC_BASEDIR)] {
+		set dir $env(SSL_VNC_BASEDIR)
+	} else {
+		set dir [pwd]
+	}
+	if [file isdirectory "$dir/profiles"] {
+		set dir "$dir/profiles"
+	}
+	return $dir
+}
+	
+proc load_profile {} {
+	global env
+	global mycert svcert crtdir vncdisplay
+	global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
+	global use_nojpeg use_raise_on_beep use_compresslevel use_quality
+	global compresslevel_text quality_text
+	global use_smbmnt use_sound
+	global use_cups cups_local_server cups_remote_port cups_manage_rcfile
+	global cups_local_smb_server cups_remote_smb_port
+	global smb_su_mode smb_mount_list
+	global change_vncviewer change_vncviewer_path vncviewer_realvnc4
+	global additional_port_redirs additional_port_redirs_list
+	global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
+	global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start 
+	global use_port_knocking port_knocking_list
+	global profdone
+
+	set dir [get_profiles_dir]
+
+	set file [tk_getOpenFile -defaultextension ".vnc" \
+		-initialdir $dir -title "Load VNC Profile"]
+	if {$file == ""} {
+		set profdone 1
+		return
+	}
+	set fh [open $file "r"]
+	if {! [info exists fh]} {
+		set profdone 1
+		return
+	}
+
+	set_defaults
+
+	while {[gets $fh line] > -1} {
+		if [regexp {^disp=(.*)$} $line m val] {
+			set vncdisplay $val 
+		} elseif [regexp {^ssh=(.*)$} $line m val] {
+			set use_ssh $val 
+		} elseif [regexp {^sshssl=(.*)$} $line m val] {
+			set use_sshssl $val 
+		} elseif [regexp {^viewonly=(.*)$} $line m val] {
+			set use_viewonly $val 
+		} elseif [regexp {^fullscreen=(.*)$} $line m val] {
+			set use_fullscreen $val 
+		} elseif [regexp {^belldeiconify=(.*)$} $line m val] {
+			set use_raise_on_beep $val 
+		} elseif [regexp {^8bit=(.*)$} $line m val] {
+			set use_bgr233 $val 
+		} elseif [regexp {^alpha=(.*)$} $line m val] {
+			set use_alpha $val 
+		} elseif [regexp {^grab=(.*)$} $line m val] {
+			set use_grab $val 
+		} elseif [regexp {^nojpeg=(.*)$} $line m val] {
+			set use_nojpeg $val 
+		} elseif [regexp {^compresslevel=(.*)$} $line m val] {
+			set use_compresslevel $val 
+			set compresslevel_text "Compress Level: $val"
+		} elseif [regexp {^quality=(.*)$} $line m val] {
+			set use_quality $val 
+			set quality_text "Quality: $val"
+		} elseif [regexp {^mycert=(.*)$} $line m val] {
+			set mycert $val 
+		} elseif [regexp {^svcert=(.*)$} $line m val] {
+			set svcert $val 
+		} elseif [regexp {^crtdir=(.*)$} $line m val] {
+			set crtdir $val 
+		} elseif [regexp {^use_smbmnt=(.*)$} $line m val] {
+			set use_smbmnt $val 
+		} elseif [regexp {^use_sound=(.*)$} $line m val] {
+			set use_sound $val 
+		} elseif [regexp {^use_cups=(.*)$} $line m val] {
+			set use_cups $val 
+		} elseif [regexp {^cups_local_server=(.*)$} $line m val] {
+			set cups_local_server $val 
+		} elseif [regexp {^cups_remote_port=(.*)$} $line m val] {
+			set cups_remote_port $val 
+		} elseif [regexp {^cups_local_smb_server=(.*)$} $line m val] {
+			set cups_local_smb_server $val 
+		} elseif [regexp {^cups_remote_smb_port=(.*)$} $line m val] {
+			set cups_remote_smb_port $val 
+		} elseif [regexp {^cups_manage_rcfile=(.*)$} $line m val] {
+			set cups_manage_rcfile $val 
+		} elseif [regexp {^smb_mount_list=(.*)$} $line m val] {
+			regsub -all {%%%} $val "\n" val
+			set smb_mount_list $val 
+		} elseif [regexp {^smb_su_mode=(.*)$} $line m val] {
+			set smb_su_mode $val 
+		} elseif [regexp {^port_knocking_list=(.*)$} $line m val] {
+			regsub -all {%%%} $val "\n" val
+			set port_knocking_list $val 
+		} elseif [regexp {^use_port_knocking=(.*)$} $line m val] {
+			set use_port_knocking $val 
+		} elseif [regexp {^sound_daemon_remote_cmd=(.*)$} $line m val] {
+			set sound_daemon_remote_cmd $val 
+		} elseif [regexp {^sound_daemon_remote_port=(.*)$} $line m val] {
+			set sound_daemon_remote_port $val 
+		} elseif [regexp {^sound_daemon_kill=(.*)$} $line m val] {
+			set sound_daemon_kill $val 
+		} elseif [regexp {^sound_daemon_restart=(.*)$} $line m val] {
+			set sound_daemon_restart $val 
+		} elseif [regexp {^sound_daemon_local_cmd=(.*)$} $line m val] {
+			set sound_daemon_local_cmd $val 
+		} elseif [regexp {^sound_daemon_local_port=(.*)$} $line m val] {
+			set sound_daemon_local_port $val 
+		} elseif [regexp {^sound_daemon_local_start=(.*)$} $line m val] {
+			set sound_daemon_local_start $val 
+		} elseif [regexp {^sound_daemon_local_kill=(.*)$} $line m val] {
+			set sound_daemon_local_kill $val 
+		} elseif [regexp {^change_vncviewer=(.*)$} $line m val] {
+			set change_vncviewer $val 
+		} elseif [regexp {^change_vncviewer_path=(.*)$} $line m val] {
+			set change_vncviewer_path $val 
+		} elseif [regexp {^vncviewer_realvnc4=(.*)$} $line m val] {
+			set vncviewer_realvnc4 $val 
+		} elseif [regexp {^additional_port_redirs=(.*)$} $line m val] {
+			set additional_port_redirs $val 
+		} elseif [regexp {^additional_port_redirs_list=(.*)$} $line m val] {
+			set additional_port_redirs_list $val 
+		}
+	}
+	close $fh
+	set profdone 1
+	putty_pw_entry check
+}
+
+proc save_profile {} {
+	global env is_windows
+	global mycert svcert crtdir vncdisplay
+	global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
+	global use_nojpeg use_raise_on_beep use_compresslevel use_quality
+	global profdone
+	
+	set dir [get_profiles_dir]
+
+	set disp [string trim $vncdisplay]
+	if {$disp != ""} {
+		regsub {[ 	].*$} $disp "" disp
+	}
+	if {$is_windows} {
+		regsub -all {:} $disp "_" disp
+	}
+
+	set file [tk_getSaveFile -defaultextension ".vnc" \
+		-initialdir $dir -initialfile "$disp" -title "Save VNC Profile"]
+	if {$file == ""} {
+		set profdone 1
+		return
+	}
+	set fh [open $file "w"]
+	if {! [info exists fh]} {
+		set profdone 1
+		return
+	}
+	set h [string trim $vncdisplay]
+	set p $h
+	regsub {:.*$} $h "" h
+	set host $h
+	regsub {[ 	].*$} $p "" p
+	regsub {^.*:} $p "" p
+	if {$p == ""} {
+		set p 0
+	}
+	if {$p < 200} {
+		set port [expr $p + 5900]
+	} else {
+		set port $p
+	}
+
+	set h [string trim $vncdisplay]
+	regsub {cmd=.*$} $h "" h
+	set h [string trim $h]
+	if {! [regexp {[ 	]} $h]} {
+		set h ""
+	} else {
+		regsub {^.*[ 	]} $h "" h
+	}
+	if {$h == ""} {
+		set proxy ""
+		set proxyport ""
+	} else {
+		set p $h
+		regsub {:.*$} $h "" h
+		set proxy $h
+		regsub {[ 	].*$} $p "" p
+		regsub {^.*:} $p "" p
+		if {$p == ""} {
+			set proxyport 0
+		} else {
+			set proxyport $p
+		}
+	}
+	
+	puts $fh "\[connection\]"
+	puts $fh "host=$host"
+	puts $fh "port=$port"
+	puts $fh "proxyhost=$proxy"
+	puts $fh "proxyport=$proxyport"
+	puts $fh "disp=$vncdisplay"
+	puts $fh "\n\[options\]"
+	puts $fh "ssh=$use_ssh"
+	puts $fh "sshssl=$use_sshssl"
+	puts $fh "viewonly=$use_viewonly"
+	puts $fh "fullscreen=$use_fullscreen"
+	puts $fh "belldeiconify=$use_raise_on_beep"
+	puts $fh "8bit=$use_bgr233"
+	puts $fh "alpha=$use_alpha"
+	puts $fh "grab=$use_grab"
+	puts $fh "nojpeg=$use_nojpeg"
+	puts $fh "compresslevel=$use_compresslevel"
+	puts $fh "quality=$use_quality"
+	puts $fh "mycert=$mycert"
+	puts $fh "svcert=$svcert"
+	puts $fh "crtdir=$crtdir"
+
+	global use_smbmnt use_sound
+	puts $fh "use_smbmnt=$use_smbmnt"
+	puts $fh "use_sound=$use_sound"
+
+	global use_cups cups_local_server cups_remote_port cups_manage_rcfile
+	global cups_local_smb_server cups_remote_smb_port
+	puts $fh "use_cups=$use_cups"
+	puts $fh "cups_local_server=$cups_local_server"
+	puts $fh "cups_remote_port=$cups_remote_port"
+	puts $fh "cups_local_smb_server=$cups_local_smb_server"
+	puts $fh "cups_remote_smb_port=$cups_remote_smb_port"
+	puts $fh "cups_manage_rcfile=$cups_manage_rcfile"
+
+	global change_vncviewer change_vncviewer_path vncviewer_realvnc4
+	global additional_port_redirs additional_port_redirs_list
+	puts $fh "change_vncviewer=$change_vncviewer"
+	puts $fh "change_vncviewer_path=$change_vncviewer_path"
+	puts $fh "vncviewer_realvnc4=$vncviewer_realvnc4"
+	puts $fh "additional_port_redirs=$additional_port_redirs"
+	puts $fh "additional_port_redirs_list=$additional_port_redirs_list"
+
+	global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
+	global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start 
+	puts $fh "sound_daemon_remote_cmd=$sound_daemon_remote_cmd"
+	puts $fh "sound_daemon_remote_port=$sound_daemon_remote_port"
+	puts $fh "sound_daemon_kill=$sound_daemon_kill"
+	puts $fh "sound_daemon_restart=$sound_daemon_restart"
+	puts $fh "sound_daemon_local_cmd=$sound_daemon_local_cmd"
+	puts $fh "sound_daemon_local_port=$sound_daemon_local_port"
+	puts $fh "sound_daemon_local_kill=$sound_daemon_local_kill"
+	puts $fh "sound_daemon_local_start=$sound_daemon_local_start"
+
+	global smb_su_mode smb_mount_list
+	set list $smb_mount_list
+	regsub -all "\n" $list "%%%" list
+	puts $fh "smb_su_mode=$smb_su_mode"
+	puts $fh "smb_mount_list=$list"
+
+	global use_port_knocking port_knocking_list
+	set list $port_knocking_list
+	regsub -all "\n" $list "%%%" list
+	puts $fh "use_port_knocking=$use_port_knocking"
+	puts $fh "port_knocking_list=$list"
+
+	close $fh
+	set profdone 1
+}
+
+proc set_ssh {} {
+	global use_ssh use_sshssl
+	if {! $use_ssh && ! $use_sshssl} {
+		set use_ssh 1
+	}
+	putty_pw_entry check
+}
+
+proc expand_IP {redir} {
+	if {! [regexp {:IP:} $redir]} {
+		return $redir
+	}
+	if {! [regexp {(-R).*:IP:} $redir]} {
+		return $redir
+	}
+
+	set ip [guess_ip]
+	set ip [string trim $ip]
+	if {$ip == ""} {
+		return $redir
+	}
+
+	regsub -all {:IP:} $redir ":$ip:" redir
+	return $redir
+}
+
+proc get_cups_redir {} {
+	global cups_local_server cups_remote_port
+	global cups_local_smb_server cups_remote_smb_port
+	set redir "$cups_remote_port:$cups_local_server"
+	regsub -all {['" 	]} $redir {} redir; #"
+	set redir " -R $redir"
+	if {$cups_local_smb_server != "" && $cups_remote_smb_port != ""} {
+		set redir2 "$cups_remote_smb_port:$cups_local_smb_server"
+		regsub -all {['" 	]} $redir2 {} redir2; #"
+		set redir "$redir -R $redir2"
+	}
+	set redir [expand_IP $redir]
+	return $redir
+}
+
+proc get_additional_redir {} {
+	global additional_port_redirs additional_port_redirs_list
+	if {! $additional_port_redirs || $additional_port_redirs_list == ""} {
+		return ""
+	}
+	set redir [string trim $additional_port_redirs_list]
+	regsub -all {['"]} $redir {} redir; #"
+	set redir " $redir"
+	set redir [expand_IP $redir]
+	return $redir
+}
+
+proc get_sound_redir {} {
+	global sound_daemon_remote_port sound_daemon_local_port
+	set loc $sound_daemon_local_port
+	if {! [regexp {:} $loc]} {
+		set loc "localhost:$loc"
+	}
+	set redir "$sound_daemon_remote_port:$loc"
+	regsub -all {['" 	]} $redir {} redir; #"
+	set redir " -R $redir"
+	set redir [expand_IP $redir]
+	return $redir
+}
+
+proc get_smb_redir {} {
+	global smb_mount_list
+
+	set s [string trim $smb_mount_list]
+	if {$s == ""} {
+		return ""
+	}
+
+	set did(0) 1
+	set redir ""
+	set mntlist ""
+
+	foreach line [split $s "\r\n"] {
+		set str [string trim $line] 
+		if {$str == ""} {
+			continue
+		}
+		if {[regexp {^#} $str]} {
+			continue
+		}
+
+		set port ""
+		if [regexp {^([0-9][0-9]*)[ \t][ \t]*(.*)} $str mvar port rest] {
+			# leading port
+			set str [string trim $rest]
+		}
+
+		# grab:  //share /dest [host[:port]]
+		set share ""
+		set dest ""
+		set hostport ""
+		foreach item [split $str] {
+			if {$item == ""} {
+				continue
+			}
+			if {$share == ""} {
+				set share [string trim $item]
+			} elseif {$dest == ""} {
+				set dest [string trim $item]
+			} elseif {$hostport == ""} {
+				set hostport [string trim $item]
+			}
+		}
+
+		regsub {^~/} $dest {$HOME/} dest
+
+		# work out the local host:port
+		set lhost ""
+		set lport ""
+		if {$hostport != ""} {
+			if [regexp {(.*):(.*)} $hostport mvar lhost lport] {
+				;
+			} else {
+				set lhost $hostport
+				set lport 139
+			}
+		} else {
+			if [regexp {//([^/][^/]*)/} $share mvar h] {
+				if [regexp {(.*):(.*)} $h mvar lhost lport] {
+					;
+				} else {
+					set lhost $h
+					set lport 139
+				}
+			} else {
+				set lhost localhost
+				set lport 139
+			}
+		}
+
+		if {$port == ""} {
+			if [info exists did("$lhost:$lport")] {
+				# reuse previous one:
+				set port $did("$lhost:$lport")
+			} else {
+				# choose one at random:
+				for {set i 0} {$i < 3} {incr i} {
+					set port [expr 20100 + 9000 * rand()]	
+					set port [expr round($port)]
+					if { ! [info exists did($port)] } {
+						break
+					}
+				}
+			}
+			set did($port) 1
+		}
+
+		if {$mntlist != ""} {
+			append mntlist " "
+		}
+		append mntlist "$share,$dest,$port"
+
+		if { ! [info exists did("$lhost:$lport")] } {
+			append redir " -R $port:$lhost:$lport"
+			set did("$lhost:$lport") $port
+		}
+	}
+
+	regsub -all {['"]} $redir {} redir; #"
+	set redir [expand_IP $redir]
+
+	regsub -all {['"]} $mntlist {} mntlist; #"
+
+	set l [list]
+	lappend l $redir
+	lappend l $mntlist
+	return $l
+}
+
+proc ugly_setup_scripts {mode tag} {
+
+set cmd(1) {
+	SSHD_PID=""
+	FLAG=$HOME/.vnc-helper-flag__PID__
+
+	if [ "X$USER" = "X" ]; then
+		USER=$LOGNAME
+	fi
+
+	DO_CUPS=0
+	cups_dir=$HOME/.cups
+	cups_cfg=$cups_dir/client.conf
+	cups_host=localhost
+	cups_port=NNNN
+
+	DO_SMB=0
+	DO_SMB_SU=0
+	DO_SMB_WAIT=0
+	smb_mounts=
+	DONE_PORT=NNNN
+	smb_script=$HOME/.smb-mounts__PID__.sh
+
+	DO_SOUND=0
+	DO_SOUND_KILL=0
+	DO_SOUND_RESTART=0
+	sound_daemon_remote_prog=
+	sound_daemon_remote_args=
+
+	findpid() {
+		i=1
+		back=10
+		touch $FLAG
+
+		if [ "X$TOPPID" = "X" ]; then
+			TOPPID=$$
+			back=50
+		fi
+
+		while [ $i -lt $back ]
+		do
+			try=`expr $TOPPID - $i`
+			if ps $try 2>/dev/null | grep sshd >/dev/null; then
+				SSHD_PID="$try"	
+				echo SSHD_PID=$try
+				echo
+				break
+			fi
+			i=`expr $i + 1`
+		done
+	}
+
+	wait_til_ssh_gone() {
+		try_perl=""
+		if type perl >/dev/null 2>&1; then
+			try_perl=1
+		fi
+		uname=`uname`
+		if [ "X$uname" != "XLinux" -a "X$uname" != "XSunOS" ]; then
+			try_perl=""
+		fi
+		if [ "X$try_perl" = "X1" ]; then
+			# try to avoid wasting pids:
+			perl -e "while (1) {if(! -e \"/proc/$SSHD_PID\"){exit} if(! -f \"$FLAG\"){exit} sleep 1;}"
+		else
+			while [ 1 ]
+			do
+				ps $SSHD_PID > /dev/null 2>&1
+				if [ $? != 0 ]; then
+					break
+				fi
+				if [ ! -f $FLAG ]; then
+					break
+				fi
+				sleep 1
+			done
+		fi
+		rm -f $FLAG
+		if [ "X$DO_SMB_WAIT" = "X1" ]; then
+			rm -f $smb_script
+		fi
+	}
+};
+
+set cmd(2) {
+	update_client_conf() {
+		mkdir -p $cups_dir
+		if [ -f $cups_cfg ]; then
+			cp -p $cups_cfg $cups_cfg.back
+		else
+			touch $cups_cfg.back
+		fi
+		sed -e "s/^ServerName/#-etv-#ServerName/" $cups_cfg.back > $cups_cfg
+		echo "ServerName $cups_host:$cups_port" >> $cups_cfg
+		echo
+		echo "--------------------------------------------------------------"
+		echo "The CUPS $cups_cfg config file has been set to:"
+		echo
+		cat $cups_cfg
+		echo
+		echo "If there are problems automatically restoring it, edit or"
+		echo "remove the file to go back to local CUPS settings."
+		echo
+		echo "A backup has been placed in: $cups_cfg.back"
+		echo
+		echo "See the help description for more details on printing."
+		echo
+		echo "done."
+		echo "--------------------------------------------------------------"
+		echo
+	}
+
+	reset_client_conf() {
+		cp -p $cups_cfg $cups_cfg.tmp
+		grep -v "^ServerName" $cups_cfg.tmp | sed -e "s/^#-etv-#ServerName/ServerName/" > $cups_cfg
+		rm -f $cups_cfg.tmp
+	}
+
+	cupswait() {
+		trap "" INT QUIT HUP
+		wait_til_ssh_gone
+		reset_client_conf
+	}
+};
+
+#		if [ "X$DONE_PORT" != "X" ]; then
+#			if type perl >/dev/null 2>&1; then
+#				perl -e "use IO::Socket::INET; \$SIG{INT} = \"IGNORE\"; \$SIG{QUIT} = \"IGNORE\"; \$SIG{HUP} = \"INGORE\"; my \$client = IO::Socket::INET->new(Listen => 5, LocalAddr => \"localhost\", LocalPort => $DONE_PORT, Proto => \"tcp\")->accept(); \$line = <\$client>; close \$client; unlink \"$smb_script\";" </dev/null >/dev/null 2>/dev/null &
+#				if [ $? = 0 ]; then
+#					have_perl_done="1"
+#				fi
+#			fi
+#		fi
+
+set cmd(3) {
+	smbwait() {
+		trap "" INT QUIT HUP
+		wait_til_ssh_gone
+	}
+	do_smb_mounts() {
+		if [ "X$smb_mounts" = "X" ]; then
+			return
+		fi
+		echo > $smb_script
+		have_perl_done=""
+		echo "echo" >> $smb_script 
+		dests=""
+		for mnt in $smb_mounts
+		do
+			smfs=`echo "$mnt" | awk -F, "{print \\\$1}"`
+			dest=`echo "$mnt" | awk -F, "{print \\\$2}"`
+			port=`echo "$mnt" | awk -F, "{print \\\$3}"`
+			dest=`echo "$dest" | sed -e "s,__USER__,$USER,g" -e "s,__HOME__,$HOME,g"`
+			if [ ! -d $dest ]; then
+				mkdir -p $dest
+			fi
+			echo "echo SMBMOUNT:" >> $smb_script
+			echo "echo smbmount $smfs $dest -o uid=$USER,ip=127.0.0.1,port=$port" >> $smb_script
+			echo "smbmount \"$smfs\" \"$dest\" -o uid=$USER,ip=127.0.0.1,port=$port" >> $smb_script
+			echo "echo; df \"$dest\"; echo" >> $smb_script
+			dests="$dests $dest"
+		done
+		#}
+};
+
+set cmd(4) {
+		echo "(" >> $smb_script
+		echo "trap \"\" INT QUIT HUP" >> $smb_script
+
+		try_perl=""
+		if type perl >/dev/null 2>&1; then
+			try_perl=1
+		fi
+		uname=`uname`
+		if [ "X$uname" != "XLinux" -a "X$uname" != "XSunOS" ]; then
+			try_perl=""
+		fi
+
+		if [ "X$try_perl" = "X" ]; then
+			echo "while [ -f $smb_script ]" >> $smb_script
+			echo "do" >> $smb_script
+			echo "     sleep 1" >> $smb_script
+			echo "done" >> $smb_script
+		else
+			echo "perl -e \"while (-f \\\\\"$smb_script\\\\\") {sleep 1;} exit 0;\"" >> $smb_script
+		fi
+		for dest in $dests
+		do
+			echo "echo smbumount $dest" >> $smb_script
+			echo "smbumount \"$dest\"" >> $smb_script
+		done
+		echo ") &" >> $smb_script
+		echo "--------------------------------------------------------------"
+		if [ "$DO_SMB_SU" = "0" ]; then
+			echo "We now run the smbmount script as user $USER"
+			echo
+			echo sh $smb_script
+			sh $smb_script
+			rc=0
+		elif [ "$DO_SMB_SU" = "1" ]; then
+			echo "We now run the smbmount script via su(1)"
+			echo
+			echo "The first \"Password:\" will be for that of root to run the smbmount script."
+			echo
+			echo "Subsequent \"Password:\" will be for the SMB share(s) (hit Return if no passwd)"
+			echo
+			echo SU:
+			echo "su root -c \"sh $smb_script\""
+			su root -c "sh $smb_script"
+			rc=$?
+		elif [ "$DO_SMB_SU" = "2" ]; then
+			echo "We now run the smbmount script via sudo(8)"
+			echo
+			echo "The first \"Password:\" will be for that of the sudo(8) password."
+			echo
+			echo "Subsequent \"Password:\" will be for the SMB shares (hit enter if no passwd)"
+			echo
+			echo SUDO:
+			echo sudo sh $smb_script
+			sudo sh $smb_script
+			rc=$?
+		fi
+};
+
+set cmd(5) {
+		#{
+		echo
+		if [ "$rc" = 0 ]; then
+			if [ "X$have_perl_done" = "X1" -o 1 = 1 ] ; then
+				echo
+				echo "Your SMB shares will be be unmounted when the VNC connection"
+				echo "closes.  If that fails follow these instructions:"
+			fi
+			echo
+			echo "To unmount your SMB shares make sure no applications are still using"
+			echo "any of the files and no shells are still cd-ed into the share area,"
+			echo "then type:"
+			echo 
+			echo "   rm -f $smb_script"
+			echo 
+			echo "(to avoid a 2nd ssh, try to do this before terminating the VNC Viewer)"
+			echo
+			echo "In the worst case run: smbumount /path/to/mount/point for each mount."
+		else
+			echo 
+			if [ "$DO_SMB_SU" = "1" ]; then
+				echo "su(1) to run smbmount(8) failed."
+			elif [ "$DO_SMB_SU" = "2" ]; then
+				echo "sudo(8) to run smbmount(8) failed."
+			fi
+			rm -f $smb_script
+		fi
+		echo
+		echo "done."
+		echo "--------------------------------------------------------------"
+		echo
+	}
+};
+
+set cmd(6) {
+
+	setup_sound() {
+		dpid=""
+		d=$sound_daemon_remote_prog
+		if type pgrep >/dev/null 2>/dev/null; then
+			dpid=`pgrep -U $USER -x $d | head -1`
+		else
+			dpid=`env PATH=/usr/ucb:$PATH ps wwwwaux | grep -w $USER | grep -w $d | grep -v grep | head -1`
+		fi
+		echo "--------------------------------------------------------------"
+		echo "Setting up Sound: pid=$dpid"
+		if [ "X$dpid" != "X" ]; then
+			dcmd=`env PATH=/usr/ucb:$PATH ps wwwwaux | grep -w $USER | grep -w $d | grep -w $dpid | grep -v grep | head -1 | sed -e "s/^.*$d/$d/"`
+			if [ "X$DO_SOUND_KILL" = "X1" ]; then
+				echo "Stopping sound daemon: $sound_daemon_remote_prog $dpid"
+				echo "sound cmd: $dcmd"
+				kill -TERM $dpid
+			fi
+		fi
+		echo
+		echo "done."
+		echo "--------------------------------------------------------------"
+		echo
+	}
+
+	reset_sound() {
+		if [ "X$DO_SOUND_RESTART" = "X1" ]; then
+			d=$sound_daemon_remote_prog
+			a=$sound_daemon_remote_args
+			echo "Restaring sound daemon: $d $a"
+			$d $a </dev/null >/dev/null 2>&1 &
+		fi
+	}
+
+	soundwait() {
+		trap "" INT QUIT HUP
+		wait_til_ssh_gone
+		reset_sound
+	}
+
+	findpid
+
+	if [ $DO_SMB = 1 ]; then
+		do_smb_mounts
+	fi
+
+	waiter=0
+
+	if [ $DO_CUPS = 1 ]; then
+		update_client_conf
+		cupswait </dev/null >/dev/null 2>/dev/null &
+		waiter=1
+	fi
+
+	if [ $DO_SOUND = 1 ]; then
+		setup_sound
+		soundwait </dev/null >/dev/null 2>/dev/null &
+		waiter=1
+	fi
+	if [ $DO_SMB_WAIT = 1 ]; then
+		if [ $waiter != 1 ]; then
+			smbwait </dev/null >/dev/null 2>/dev/null &
+			waiter=1
+		fi
+	fi
+
+
+	echo "--vnc-helper-exiting--"
+	echo
+	rm -f $0
+	exit 0
+};
+
+	set cmdall ""
+
+	for {set i 1} {$i <= 6} {incr i} {
+		set v $cmd($i);
+		regsub -all "\n" $v "%" v
+		set cmd($i) $v
+		append cmdall "echo "
+		if {$i == 1} {
+			append cmdall {TOPPID=$$%} 
+		}
+		append cmdall {'}
+		append cmdall $cmd($i)
+		append cmdall {' | tr '%' '\n'}
+		if {$i == 1} {
+			append cmdall {>}
+		} else {
+			append cmdall {>>}
+		}
+		append cmdall {$HOME/.vnc-helper-cmd__PID__; }
+	}
+	append cmdall {sh $HOME/.vnc-helper-cmd__PID__; }
+
+	regsub -all {vnc-helper-cmd} $cmdall "vnc-helper-cmd-$mode" cmdall
+	if {$tag == ""} {
+		set tag [pid]
+	}
+	regsub -all {__PID__} $cmdall "$tag" cmdall
+
+	set orig $cmdall
+
+	global use_cups cups_local_server cups_remote_port cups_manage_rcfile
+	if {$use_cups && $cups_manage_rcfile} {
+		if {$mode == "post"} {
+			regsub {DO_CUPS=0} $cmdall {DO_CUPS=1} cmdall
+			regsub {cups_port=NNNN} $cmdall "cups_port=$cups_remote_port" cmdall
+		}
+	}
+	
+	global use_smbmnt smb_su_mode
+	if {$use_smbmnt} {
+		global smb_mounts 
+		if {$smb_mounts != ""} {
+			set smbm $smb_mounts
+			regsub -all {%USER} $smbm "__USER__" smbm
+			regsub -all {%HOME} $smbm "__HOME__" smbm
+			if {$mode == "pre"} {
+				regsub {DO_SMB=0} $cmdall {DO_SMB=1} cmdall
+				if {$smb_su_mode == "su"} {
+					regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=1} cmdall
+				} elseif {$smb_su_mode == "sudo"} {
+					regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=2} cmdall
+				} elseif {$smb_su_mode == "none"} {
+					regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=0} cmdall
+				} else {
+					regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=1} cmdall
+				}
+				regsub {smb_mounts=} $cmdall "smb_mounts=\"$smbm\"" cmdall
+			} elseif {$mode == "post"} {
+				regsub {DO_SMB_WAIT=0} $cmdall {DO_SMB_WAIT=1} cmdall
+			}
+		}
+	}
+
+	global use_sound
+	if {$use_sound} {
+		if {$mode == "pre"} {
+			global sound_daemon_remote_cmd sound_daemon_kill sound_daemon_restart
+			if {$sound_daemon_kill} {
+				regsub {DO_SOUND_KILL=0} $cmdall {DO_SOUND_KILL=1} cmdall
+				regsub {DO_SOUND=0} $cmdall {DO_SOUND=1} cmdall
+			}
+			if {$sound_daemon_restart} {
+				regsub {DO_SOUND_RESTART=0} $cmdall {DO_SOUND_RESTART=1} cmdall
+				regsub {DO_SOUND=0} $cmdall {DO_SOUND=1} cmdall
+			}
+			set sp [string trim $sound_daemon_remote_cmd]
+			regsub {[ \t].*$} $sp "" sp
+			set sa [string trim $sound_daemon_remote_cmd]
+			regsub {^[^ \t][^ \t]*[ \t][ \t]*} $sa "" sa
+			regsub {sound_daemon_remote_prog=} $cmdall "sound_daemon_remote_prog=\"$sp\"" cmdall
+			regsub {sound_daemon_remote_args=} $cmdall "sound_daemon_remote_args=\"$sa\"" cmdall
+		}
+	}
+	
+	if {"$orig" == "$cmdall"} {
+		return ""
+	} else {
+		return $cmdall
+	}
+}
+
+proc cups_dialog {} {
+
+	catch {destroy .cups}
+	toplevel .cups
+	wm title .cups "CUPS Tunnelling"
+	global cups_local_server cups_remote_port cups_manage_rcfile
+	global cups_local_smb_server cups_remote_smb_port
+
+	scroll_text .cups.f
+
+	set msg {
+    CUPS Printing requires SSH be used to set up the Print service port
+    redirection.  This will be either of the "Use SSH instead" or "Use
+    SSH and SSL" modes under "Options".  Pure SSL tunnelling will not work.
+
+    This method requires working CUPS software setups on both the remote
+    and local sides of the connection.
+
+    (See Method #1 below for perhaps the easiest way to get applications
+    to print through the tunnel; it requires admin privileges however).
+
+    You choose an actual remote CUPS port below under "Use Remote CUPS
+    Port:" (6631 is just our default and used in the examples below).
+    Note that the normal default CUPS server port is 631.
+
+    The port you choose must be unused on the VNC server machine (n.b. no
+    checking is done).  Print requests connecting to it are redirected to
+    your local machine through the SSH tunnel.  Note: root permission is
+    needed for ports less than 1024 (this is not recommended).
+
+    Then enter the VNC Viewer side (i.e. where you are sitting) CUPS server
+    under "Local CUPS Server".  E.g. use "localhost:631" if there is one
+    on the viewer machine, or, say, "my-print-srv:631" for a nearby CUPS
+    print server.
+
+    Several methods are now described for how to get applications to
+    print through the port redirected tunnel.
+
+    Method #0: Create or edit the file $HOME/.cups/client.conf on the VNC
+    server side by putting in something like this in it:
+
+    	ServerName localhost:6631
+
+    based on the port you selected above.
+    
+    NOTE: For this client.conf ServerName setting to work with lp(1)
+    and lpr(1) CUPS 1.2 or greater is required.  The cmdline option 
+    "-h localhost:6631" can be used for older versions.  For client.conf to
+    work in general (e.g. Openoffice, Firefox), a bugfix found in CUPS 1.2.3
+    is required.  Two Workarounds (Methods #1 and #2) are described below.
+
+    After the remote VNC Connection is finished, to go back to the non-SSH
+    tunnelled CUPS server and either remove the client.conf file or comment
+    out the ServerName line.  This restores the normal CUPS server for
+    you on the remote machine.
+
+    Select "Manage ServerName in the $HOME/.cups/client.conf file for me" to
+    attempt to do this editing of the CUPS config file for you automatically.
+
+    Method #1: If you have admin permission on the VNC Server machine you
+    can likely "Add a Printer" via a GUI dialog, wizard, lpadmin(8), etc.
+    This makes the client.conf ServerName parameter unnecessary.  You will
+    need to tell the GUI dialog that the printer is at, e.g., localhost:6631,
+    and anything else needed to identify the printer (type, model, etc).
+
+    Method #2: Restarting individual applications with the IPP_PORT
+    set will enable redirected printing for them, e.g.:
+    "env IPP_PORT=6631 firefox"
+
+    Windows/SMB Printers:  Under "Local SMB Print Server" you can set
+    a port redirection for a Windows (non-CUPS) SMB printer.  E.g. port
+    6632 -> localhost:139.  If localhost:139 does not work, try IP:139,
+    etc. or put in the IP address manually.  Then at the least you can
+    print using the smbspool(8) program like this:
+
+       smbspool smb://localhost:6632/lp job user title 1 "" myfile.ps
+
+    You could put this in a script, "myprinter".  It appears on the the URI,
+    the number of copies ("1" above) and the file itself are important.
+    (XXX this might only work for Samba printers...)
+
+    If you have root permission you can configure CUPS to know about this
+    printer via lpadmin(8), etc.  You basically give it the smb:// URI.
+
+    For more info see: http://www.karlrunge.com/x11vnc/#faq-cups
+}
+	.cups.f.t insert end $msg
+
+	if {$cups_local_server == ""} {
+		set cups_local_server "localhost:631"
+	}
+	if {$cups_remote_port == ""} {
+		set cups_remote_port "6631"
+	}
+	if {$cups_local_smb_server == ""} {
+		global is_windows
+		if {$is_windows} {
+			set cups_local_smb_server "IP:139"
+		} else {
+			set cups_local_smb_server "localhost:139"
+		}
+	}
+	if {$cups_remote_smb_port == ""} {
+		set cups_remote_smb_port "6632"
+	}
+
+	frame .cups.serv
+	label .cups.serv.l -text "Local CUPS Server:      "
+	entry .cups.serv.e -width 40 -textvariable cups_local_server
+	pack .cups.serv.l -side left
+	pack .cups.serv.e -side left -expand 1 -fill x
+
+	frame .cups.port
+	label .cups.port.l -text "Use Remote CUPS Port:"
+	entry .cups.port.e -width 40 -textvariable cups_remote_port
+	pack .cups.port.l -side left
+	pack .cups.port.e -side left -expand 1 -fill x
+
+	frame .cups.smbs
+	label .cups.smbs.l -text "Local SMB Print Server:      "
+	entry .cups.smbs.e -width 40 -textvariable cups_local_smb_server
+	pack .cups.smbs.l -side left
+	pack .cups.smbs.e -side left -expand 1 -fill x
+
+	frame .cups.smbp
+	label .cups.smbp.l -text "Use Remote SMB Print Port:"
+	entry .cups.smbp.e -width 40 -textvariable cups_remote_smb_port
+	pack .cups.smbp.l -side left
+	pack .cups.smbp.e -side left -expand 1 -fill x
+
+	checkbutton .cups.cupsrc -anchor w -variable cups_manage_rcfile -text \
+		"Manage ServerName in the remote \$HOME/.cups/client.conf file for me"
+
+	button .cups.done -text "Done" -command {destroy .cups; if {$use_cups} {set_ssh}}
+	bind .cups <Escape> {destroy .cups; if {$use_cups} {set_ssh}}
+
+	button .cups.guess -text "Help me decide ..." -command {}
+	.cups.guess configure -state disabled
+
+	pack .cups.done .cups.guess .cups.cupsrc .cups.smbp .cups.smbs .cups.port .cups.serv -side bottom -fill x
+	pack .cups.f -side top -fill both -expand 1
+
+	center_win .cups
+}
+
+proc sound_dialog {} {
+
+	global is_windows
+
+	catch {destroy .snd}
+	toplevel .snd
+	wm title .snd "ESD/ARTSD Sound Tunnelling"
+
+	scroll_text .snd.f 80 30
+
+	set msg {
+    Sound daemon tunnelling requires SSH be used to set up the service
+    port redirection.  This will be either of the "Use SSH instead" or "Use
+    SSH and SSL" modes under "Options".  Pure SSL tunnelling will not work.
+
+    This method requires working Sound daemon (e.g. ESD or ARTSD) software
+    setups on both the remote and local sides of the connection.
+
+    Often this means you want to run your ENTIRE remote desktop with all
+    applications instructed to use the sound daemon's network port.  E.g.
+
+        esddsp -s localhost:16001  startkde
+        esddsp -s localhost:16001  gnome-session
+
+    and similarly for artsdsp, etc.  You put this in your ~/.xession,
+    or other startup file.  This is non standard.  If you do not want to
+    do this you still can direct *individual* sound applications through
+    the tunnel, for example "esddsp -s localhost:16001 soundapp", where
+    "soundapp" is some application that makes noise (say xmms or mpg123).
+
+    Also, usually the remote Sound daemon must be killed BEFORE the SSH port
+    redir is established (because it is listening on the port we want to use
+    for the SSH redir), and, presumably, restarted when the VNC connection
+    finished.
+
+    One may also want to start and kill a local sound daemon that will
+    play the sound received over the network on the local machine.
+
+    You can indicate the remote and local Sound daemon commands below and
+    how they should be killed and/or restart.  Some examples:
+
+        esd -promiscuous -as 5 -port 16001 -tcp -bind 127.0.0.1
+        artsd -n -p 7265 -F 10 -S 4096 -n -s 5 -m artsmessage -l 3 -f
+
+    or you can leave some or all blank and kill/start them manually.
+
+    For convenience, a Windows port of ESD is provided in the util/esound
+    directory, and so this might work for a Local command:
+
+        esound\esd -promiscuous -as 5 -port 16001 -tcp -bind 127.0.0.1
+
+    NOTE: If you indicate "Remote Sound daemon: Kill at start." below,
+    then THERE WILL BE TWO SSH'S: THE FIRST ONE TO KILL THE DAEMON.
+    So you may need to supply TWO SSH PASSWORDS, unless you are using
+    something like ssh-agent(1), the Putty PW setting, etc.
+
+    You will also need to supply the remote and local sound ports for the
+    SSH redirs (even though in principle the could be guessed from the
+    daemon commands...)  For esd the default port is 16001, but you can
+    choose another one if you prefer.
+
+    For "Local Sound Port" you can also supply "host:port" instead of just
+    a numerical port to specify non-localhost connections, e.g. to another
+    machine.
+
+    For more info see: http://www.karlrunge.com/x11vnc/#faq-sound
+}
+	.snd.f.t insert end $msg
+
+	global sound_daemon_remote_port sound_daemon_local_port sound_daemon_local_cmd
+	if {$sound_daemon_remote_port == ""} {
+		set sound_daemon_remote_port 16001
+	}
+	if {$sound_daemon_local_port == ""} {
+		set sound_daemon_local_port 16001
+	}
+
+	if {$sound_daemon_local_cmd == ""} {
+		global is_windows
+		if {$is_windows} {
+			set sound_daemon_local_cmd {esound\esd -promiscuous -as 5 -port %PORT -tcp -bind 127.0.0.1}
+		} else {
+			set sound_daemon_local_cmd {esd -promiscuous -as 5 -port %PORT -tcp -bind 127.0.0.1}
+		}
+		regsub {%PORT} $sound_daemon_local_cmd $sound_daemon_local_port sound_daemon_local_cmd
+	}
+
+
+	frame .snd.remote
+	label .snd.remote.l -text "Remote Sound daemon cmd: "
+	entry .snd.remote.e -width 40 -textvariable sound_daemon_remote_cmd
+	pack .snd.remote.l -side left
+	pack .snd.remote.e -side left -expand 1 -fill x
+
+	frame .snd.local
+	label .snd.local.l -text "Local Sound daemon cmd:     "
+	entry .snd.local.e -width 40 -textvariable sound_daemon_local_cmd
+	pack .snd.local.l -side left
+	pack .snd.local.e -side left -expand 1 -fill x
+
+	frame .snd.rport
+	label .snd.rport.l -text "Remote Sound Port: "
+	entry .snd.rport.e -width 40 -textvariable sound_daemon_remote_port
+	pack .snd.rport.l -side left
+	pack .snd.rport.e -side left -expand 1 -fill x
+
+	frame .snd.lport
+	label .snd.lport.l -text "Local Sound Port:     "
+	entry .snd.lport.e -width 40 -textvariable sound_daemon_local_port
+	pack .snd.lport.l -side left
+	pack .snd.lport.e -side left -expand 1 -fill x
+
+
+	checkbutton .snd.sdk -anchor w -variable sound_daemon_kill -text \
+		"Remote Sound daemon: Kill at start."
+
+	checkbutton .snd.sdr -anchor w -variable sound_daemon_restart -text \
+		"Remote Sound daemon: Restart at end."
+
+	checkbutton .snd.sdsl -anchor w -variable sound_daemon_local_start -text \
+		"Local Sound daemon: Run at start."
+
+	checkbutton .snd.sdkl -anchor w -variable sound_daemon_local_kill -text \
+		"Local Sound daemon: Kill at end."
+
+	button .snd.guess -text "Help me decide ..." -command {}
+	.snd.guess configure -state disabled
+
+	global is_win9x 
+	if {$is_win9x} {
+		.snd.local.e configure -state disabled
+		.snd.local.l configure -state disabled
+		.snd.sdsl configure -state disabled
+		.snd.sdkl configure -state disabled
+	}
+
+	button .snd.done -text "Done" -command {destroy .snd; if {$use_sound} {set_ssh}}
+	bind .snd <Escape> {destroy .snd; if {$use_sound} {set_ssh}}
+
+	pack .snd.done .snd.guess .snd.sdkl .snd.sdsl .snd.sdr .snd.sdk .snd.lport .snd.rport \
+		.snd.local .snd.remote -side bottom -fill x
+	pack .snd.f -side bottom -fill both -expand 1
+
+	center_win .snd
+}
+
+# Share ideas.
+# 
+# Unix:
+# 
+# if type smbclient
+# first parse smbclient -L localhost -N
+# and/or      smbclient -L `hostname` -N
+# Get Sharenames and Servers and Domain.
+# 
+# loop over servers, doing smbclient -L server -N
+# pile this into a huge list, sep by disk and printers.
+# 
+# WinXP:
+# 
+# parse "NET VIEW" output similarly.
+# 
+# Have checkbox for each disk.  Set default root to /var/tmp/${USER}-mnts
+# Let them change that at once and have it populate. 
+# 
+# use   //hostname/share  /var/tmp/runge-mnts/hostname/share
+# 
+# 
+# Printers, hmmm.  Can't add to remote cups list...  I guess have the list
+# ready for CUPS dialog to suggest which SMB servers they want to redirect
+# to...
+
+proc get_hostname {} {
+	global is_windows is_win9x
+	set str ""
+	if {$is_windows} {
+		if {1} {
+			catch {set str [exec hostname]}
+			regsub -all {[\r]} $str "" str
+		} else {
+			catch {set str [exec net config]}
+			if [regexp -nocase {Computer name[ \t]+\\\\([^ \t]+)} $str mv str] {
+				;
+			} else {
+				set str ""
+			}
+		}
+	} else {
+		catch {set str [exec hostname]}
+	}
+	set str [string trim $str]
+	return $str
+}
+
+proc smb_list_windows {smbhost} {
+	global smb_local smb_local_hosts smb_this_host
+	global is_win9x
+	set dbg 0
+
+	set domain ""
+
+	if {$is_win9x} {
+		# exec net view ... doesn't work.
+		set smb_this_host "unknown"
+		return
+	}
+
+	set this_host [get_hostname]
+	set This_host [string toupper $this_host]
+	set smb_this_host $This_host
+
+	if {$smbhost == $smb_this_host} {
+		catch {set out0 [exec net view]}
+		regsub -all {[\r]} $out0 "" out0
+		foreach line [split $out0 "\n"] {
+			if [regexp -nocase {in workgroup ([^ \t]+)} $line mv wg] {
+				regsub -all {[.]} $wg "" wg
+				set domain $wg
+			} elseif [regexp {^\\\\([^ \t]+)[ \t]*(.*)} $line mv host comment] {
+				set smb_local($smbhost:server:$host) $comment
+			}
+		}
+	}
+
+	set out1 ""
+	set h "\\\\$smbhost"
+	catch {set out1 [exec net view $h]}
+	regsub -all {[\r]} $out1 "" out1
+
+	if {$dbg} {puts "SMBHOST: $smbhost"}
+
+	set mode ""
+	foreach line [split $out1 "\n"] {
+		if [regexp {^[ \t]*---} $line] {
+			continue
+		}
+		if [regexp -nocase {The command} $line] {
+			continue
+		}
+		if [regexp -nocase {Shared resources} $line] {
+			continue
+		}
+		if [regexp -nocase {^[ \t]*Share[ \t]*name} $line] {
+			set mode "shares"
+			continue
+		}
+		set line [string trim $line]
+		if {$line == ""} {
+			continue
+		}
+		if {$mode == "shares"} {
+			if [regexp {^([^ \t]+)[ \t]+([^ \t]+)[ \t]*(.*)$} $line mv name type comment] {
+				if {$dbg} {
+					puts "SHR: $name"
+					puts "---: $type"
+					puts "---: $comment"
+				}
+				if [regexp -nocase {^Disk$} $type] {
+					set smb_local($smbhost:disk:$name) $comment
+				} elseif [regexp -nocase {^Print} $type] {
+					set smb_local($smbhost:printer:$name) $comment
+				}
+			}
+		}
+	}
+
+	set smb_local($smbhost:domain) $domain
+}
+
+proc smb_list_unix {smbhost} {
+	global smb_local smb_local_hosts smb_this_host
+	set smbclient [in_path smbclient]
+	if {[in_path smbclient] == ""} {
+		return ""
+	}
+	set dbg 0
+
+	set this_host [get_hostname]
+	set This_host [string toupper $this_host]
+	set smb_this_host $This_host
+
+	set out1 ""
+	catch {set out1 [exec smbclient -N -L $smbhost 2>@ stdout]}
+
+	if {$dbg} {puts "SMBHOST: $smbhost"}
+	if {$smbhost == $this_host || $smbhost == $This_host} {
+		if {$out1 == ""} {
+			catch {set out1 [exec smbclient -N -L localhost 2>@ stdout]}
+		}
+	}
+
+	set domain ""
+	set mode ""
+	foreach line [split $out1 "\n"] {
+		if [regexp {^[ \t]*---} $line] {
+			continue
+		}
+		if [regexp {Anonymous login} $line] {
+			continue
+		}
+		if {$domain == "" && [regexp {Domain=\[([^\]]+)\]} $line mv domain]} {
+			if {$dbg} {puts "DOM: $domain"}
+			continue
+		}
+		if [regexp {^[ \t]*Sharename} $line] {
+			set mode "shares"
+			continue
+		}
+		if [regexp {^[ \t]*Server} $line] {
+			set mode "server"
+			continue
+		}
+		if [regexp {^[ \t]*Workgroup} $line] {
+			set mode "workgroup"
+			continue
+		}
+		set line [string trim $line]
+		if {$mode == "shares"} {
+			if [regexp {^([^ \t]+)[ \t]+([^ \t]+)[ \t]*(.*)$} $line mv name type comment] {
+				if {$dbg} {
+					puts "SHR: $name"
+					puts "---: $type"
+					puts "---: $comment"
+				}
+				if [regexp -nocase {^Disk$} $type] {
+					set smb_local($smbhost:disk:$name) $comment
+				} elseif [regexp -nocase {^Printer$} $type] {
+					set smb_local($smbhost:printer:$name) $comment
+				}
+			}
+		} elseif {$mode == "server"} {
+			if [regexp {^([^ \t]+)[ \t]*(.*)$} $line mv host comment] {
+				if {$dbg} {
+					puts "SVR: $host"
+					puts "---: $comment"
+				}
+				set smb_local($smbhost:server:$host) $comment
+			}
+		} elseif {$mode == "workgroup"} {
+			if [regexp {^([^ \t]+)[ \t]+(.*)$} $line mv work host] {
+				if {$dbg} {
+					puts "WRK: $work"
+					puts "---: $host"
+				}
+				if {$host != ""} {
+					set smb_local($smbhost:master:$work) $host
+				}
+			}
+		}
+	}
+
+	set smb_local($smbhost:domain) $domain
+}
+
+proc smb_list {} {
+	global is_windows smb_local smb_local_hosts
+	global smb_host_list
+
+	set smb_local(null) ""
+
+	if {! [info exists smb_host_list]} {
+		set smb_host_list ""
+	}
+	if [info exists smb_local] {
+		unset smb_local
+	}
+	if [info exists smb_local_hosts] {
+		unset smb_local_hosts
+	}
+			
+	set this_host [get_hostname]
+	set this_host [string toupper $this_host]
+	if {$is_windows} {
+		smb_list_windows $this_host
+	} else {
+		smb_list_unix $this_host
+	}
+	set did($this_host) 1 
+	set keys [array names smb_local]
+	foreach item [split $smb_host_list] {
+		if {$item != ""} {
+			set item [string toupper $item]
+			lappend keys "$this_host:server:$item"
+		}
+	}
+	foreach key $keys {
+		if [regexp "^$this_host:server:(.*)\$" $key mv host]  {
+			if {$host == ""} {
+				continue
+			}
+			set smb_local_hosts($host) 1
+			if {! [info exists did($host)]} {
+				if {$is_windows} {
+					smb_list_windows $host
+				} else {
+					smb_list_unix $host
+				}
+				set did($host) 1 
+			}
+		}
+	}
+}
+
+proc smb_check_selected {} {
+	global smbmount_exists smbmount_sumode
+	global smb_selected smb_selected_mnt smb_selected_cb smb_selected_en
+
+	set ok 0
+	if {$smbmount_exists && $smbmount_sumode != "dontknow"} {
+		set ok 1
+	}
+	set state disabled
+	if {$ok} {
+		set state normal
+	}
+
+	foreach cb [array names smb_selected_cb] {
+		catch {$cb configure -state $state}
+	}
+	foreach en [array names smb_selected_en] {
+		catch {$en configure -state $state}
+	}
+}
+
+proc make_share_widgets {w} {
+	
+	set share_label $w.f.hl
+	catch {$share_label configure -text "Share Name: PROBING ..."}
+	update
+
+	smb_list
+
+	set saw_f 0
+	foreach child [winfo children $w] {
+		if {$child == "$w.f"} {
+			set saw_f 1
+			continue
+		}
+		catch {destroy $child}
+	}
+
+	set w1 47
+	set w2 44
+
+	if {! $saw_f} {
+		set wf $w.f
+		frame $wf
+		label $wf.hl -width $w1 -text "Share Name:" -anchor w
+		label $wf.hr -width $w2 -text "  Mount Point:" -anchor w
+
+		pack $wf.hl $wf.hr -side left -expand 1
+		pack $wf -side top -fill x
+
+		.smbwiz.f.t window create end -window $w
+	}
+
+	global smb_local smb_local_hosts smb_this_host smb_selected smb_selected_mnt
+	global smb_selected_host smb_selected_name
+	global smb_selected_cb smb_selected_en
+	global smb_host_list
+	if [info exists smb_selected]      {array unset smb_selected }
+	if [info exists smb_selected_mnt]  {array unset smb_selected_mnt}
+	if [info exists smb_selected_cb]   {array unset smb_selected_cb}
+	if [info exists smb_selected_en]   {array unset smb_selected_en}
+	if [info exists smb_selected_host] {array unset smb_selected_host}
+	if [info exists smb_selected_name] {array unset smb_selected_name}
+
+	set hosts [list $smb_this_host]
+	lappend hosts [lsort [array names smb_local_hosts]]
+
+	set smb_host_list ""
+	set i 0
+
+	global smb_mount_prefix
+	set smb_mount_prefix "/var/tmp/%USER-mnts"
+
+	foreach host [lsort [array names smb_local_hosts]] {
+
+		if [info exists did($host)] {
+			continue
+		}
+		set did($host) 1
+
+		append smb_host_list "$host "
+
+		foreach key [lsort [array names smb_local]] {
+			if [regexp {^([^:]+):([^:]+):(.*)$} $key mv host2 type name] {
+				if {$host2 != $host}  {
+					continue
+				}
+				if {$type != "disk"} {
+					continue
+				}
+				set wf $w.f$i
+				frame $wf
+				checkbutton $wf.c -anchor w -width $w1 -variable smb_selected($i) \
+					-text "//$host/$name" -relief ridge 
+				if {! [info exists smb_selected($i)]} {
+					set smb_selected($i) 0
+				}
+
+				entry $wf.e -width $w2 -textvariable smb_selected_mnt($i)
+				set smb_selected_mnt($i) "$smb_mount_prefix/$host/$name"
+
+				set smb_selected_host($i) $host
+				set smb_selected_name($i) $name
+
+				set smb_selected_cb($wf.c) $i
+				set smb_selected_en($wf.e) $i
+				set comment $smb_local($key)
+
+				bind $wf.c <Enter> "$share_label configure -text {Share Name: $comment}"
+				bind $wf.c <Leave> "$share_label configure -text {Share Name:}"
+
+				$wf.c configure -state disabled
+				$wf.e configure -state disabled
+
+				pack $wf.c $wf.e -side left -expand 1
+				pack $wf -side top -fill x
+				incr i
+			}
+		}
+	}
+	if {$i == 0} {
+		global is_win9x
+		#.smbwiz.f.t insert end "\nNo SMB Share Hosts were found!\n"
+		$share_label configure -text {Share Name: No SMB Share Hosts were found!}
+		if {$is_win9x} {
+			.smbwiz.f.t insert end "\n(this feature does not work on Win9x you have have to enter them manually: //HOST/share /var/tmp/mymnt)\n"
+		}
+	} else {
+		$share_label configure -text "Share Name: Found $i SMB Shares"
+	}
+	smb_check_selected
+}
+
+proc smb_help_me_decide {} {
+	global is_windows
+	global smb_local smb_local_hosts smb_this_host smb_selected smb_selected_mnt
+	global smb_selected_host smb_selected_name
+	global smb_selected_cb smb_selected_en
+	global smb_host_list
+
+	catch {destroy .smbwiz}
+	toplevel .smbwiz
+	set title "SMB Filesystem Tunnelling -- Help Me Decide"
+	wm title .smbwiz $title
+	set id "  "
+
+	scroll_text .smbwiz.f 100 40
+
+	set msg {
+For now you will have to verify the following information manually.
+
+You can do this by either logging into the remote machine to find the info or asking the sysadmin for it.  
+
+}
+
+	if {! $is_windows} {
+		.smbwiz.f.t configure -font {Helvetica -12 bold}
+	}
+	.smbwiz.f.t insert end $msg
+
+	set w .smbwiz.f.t.f1
+	frame $w -bd 1 -relief ridge -cursor {top_left_arrow}
+
+	.smbwiz.f.t insert end "\n"
+
+	.smbwiz.f.t insert end "1) Indicate the existence of the 'smbmount' command on the remote system:\n"
+	.smbwiz.f.t insert end "\n$id"
+	global smbmount_exists
+	set smbmount_exists 0
+
+	checkbutton $w.smbmount_exists -pady 1 -anchor w -variable smbmount_exists \
+		-text "Yes, the 'smbmount' command exists on the remote system." \
+		-command smb_check_selected
+
+	pack $w.smbmount_exists
+	.smbwiz.f.t window create end -window $w
+
+	.smbwiz.f.t insert end "\n\n\n"
+
+	set w .smbwiz.f.t.f2
+	frame $w -bd 1 -relief ridge -cursor {top_left_arrow}
+
+	.smbwiz.f.t insert end "2) Indicate your authorization to run 'smbmount' on the remote system:\n"
+	.smbwiz.f.t insert end "\n$id"
+	global smbmount_sumode
+	set smbmount_sumode "dontknow"
+
+	radiobutton $w.dk -pady 1 -anchor w -variable smbmount_sumode -value dontknow \
+		-text "I do not know if I can mount SMB shares on the remote system via 'smbmount'" \
+		-command smb_check_selected
+	pack $w.dk -side top -fill x
+
+	radiobutton $w.su -pady 1 -anchor w -variable smbmount_sumode -value su \
+		-text "I know the Password to run commands as root on the remote system via 'su'" \
+		-command smb_check_selected
+	pack $w.su -side top -fill x
+
+	radiobutton $w.sudo -pady 1 -anchor w -variable smbmount_sumode -value sudo \
+		-text "I know the Password to run commands as root on the remote system via 'sudo'" \
+		-command smb_check_selected
+	pack $w.sudo -side top -fill x
+
+	radiobutton $w.ru -pady 1 -anchor w -variable smbmount_sumode -value none \
+		-text "I do not need to be root on the remote system to mount SMB shares via 'smbmount'" \
+		-command smb_check_selected
+	pack $w.ru -side top -fill x
+
+	.smbwiz.f.t window create end -window $w
+
+	global smb_wiz_done
+	set smb_wiz_done 0
+
+	button .smbwiz.done -text "Done" -command {set smb_wiz_done 1}
+	pack .smbwiz.done -side bottom -fill x 
+	pack .smbwiz.f -side top -fill both -expand 1
+
+	wm protocol .smbwiz WM_DELETE_WINDOW {set smb_wiz_done 1}
+	center_win .smbwiz
+
+	wm title .smbwiz "Searching for Local SMB shares..."
+	update
+	wm title .smbwiz $title
+
+	global smb_local smb_this_host
+	.smbwiz.f.t insert end "\n\n\n"
+
+	set w .smbwiz.f.t.f3
+	catch {destroy $w}
+	frame $w -bd 1 -relief ridge -cursor {top_left_arrow}
+
+	.smbwiz.f.t insert end "3) Select SMB shares to mount and their mount point on the remote system:\n"
+	.smbwiz.f.t insert end "\n${id}"
+
+	make_share_widgets $w
+
+	.smbwiz.f.t insert end "\n(%USER will be expanded to the username on the remote system and %HOME the home directory)\n"
+
+	.smbwiz.f.t insert end "\n\n\n"
+
+	.smbwiz.f.t insert end "You can change the list of Local SMB hosts to probe and the mount point prefix here:\n"
+	.smbwiz.f.t insert end "\n$id"
+	set w .smbwiz.f.t.f4
+	frame $w -bd 1 -relief ridge -cursor {top_left_arrow}
+	set wf .smbwiz.f.t.f4.f
+	frame $wf
+	label $wf.l -text "SMB Hosts:  "  -anchor w
+	entry $wf.e -textvariable smb_host_list -width 60
+	button $wf.b -text "Apply" -command {make_share_widgets .smbwiz.f.t.f3}
+	bind $wf.e <Return> "$wf.b invoke"
+	pack $wf.l $wf.e $wf.b -side left
+	pack $wf
+	pack $w
+
+	.smbwiz.f.t window create end -window $w
+
+	.smbwiz.f.t insert end "\n$id"
+
+	set w .smbwiz.f.t.f5
+	frame $w -bd 1 -relief ridge -cursor {top_left_arrow}
+	set wf .smbwiz.f.t.f5.f
+	frame $wf
+	label $wf.l -text "Mount Prefix:"  -anchor w
+	entry $wf.e -textvariable smb_mount_prefix -width 60
+	button $wf.b -text "Apply" -command {apply_mount_point_prefix .smbwiz.f.t.f5.f.e}
+	bind $wf.e <Return> "$wf.b invoke"
+	pack $wf.l $wf.e $wf.b -side left
+	pack $wf
+	pack $w
+
+	.smbwiz.f.t window create end -window $w
+
+	.smbwiz.f.t insert end "\n\n\n"
+
+	.smbwiz.f.t see 1.0
+	.smbwiz.f.t configure -state disabled
+	update
+
+	vwait smb_wiz_done
+	catch {destroy .smbwiz}
+
+	if {! $smbmount_exists || $smbmount_sumode == "dontknow"} {
+		tk_messageBox -type ok -icon warning -message "Sorry we couldn't help out!\n'smbmount' info on the remote system is required for SMB mounting" -title "SMB mounting -- aborting"
+		catch {raise .oa}
+		return
+	}
+	global smb_su_mode
+	set smb_su_mode $smbmount_sumode
+
+	set max 0
+	foreach en [array names smb_selected_en] {
+		set i $smb_selected_en($en)
+		set host $smb_selected_host($i)
+		set name $smb_selected_name($i)
+
+		set len [string length "//$host/$name"]
+		if {$len > $max} {
+			set max $len
+		}
+	}
+
+	set max [expr $max + 8]
+
+	set strs ""
+	foreach en [array names smb_selected_en] {
+		set i $smb_selected_en($en)
+		if {! $smb_selected($i)} {
+			continue
+		}
+		set host $smb_selected_host($i)
+		set name $smb_selected_name($i)
+		set mnt $smb_selected_mnt($i)
+
+		set share "//$host/$name"
+		set share [format "%-${max}s" $share]
+		
+		lappend strs "$share $mnt"
+	}
+	set text ""
+	foreach str [lsort $strs] {
+		append text "$str\n"
+	}
+
+	global smb_mount_list
+	set smb_mount_list $text
+
+	smb_dialog
+}
+
+proc apply_mount_point_prefix {w} {
+	global smb_selected_host smb_selected_name
+	global smb_selected_en smb_selected_mnt
+
+	set prefix ""
+	catch {set prefix [$w get]}
+	if {$prefix == ""} {
+		mesg "No mount prefix."
+		bell
+		return
+	}
+
+	foreach en [array names smb_selected_en] {
+		set i $smb_selected_en($en)
+		set host $smb_selected_host($i)
+		set name $smb_selected_name($i)
+		set smb_selected_mnt($i) "$prefix/$host/$name"
+	}
+}
+
+proc smb_dialog {} {
+	catch {destroy .smb}
+	toplevel .smb
+	wm title .smb "SMB Filesystem Tunnelling"
+	global smb_su_mode smb_mount_list
+	global use_smbmnt
+
+	global help_font
+
+	scroll_text .smb.f
+
+	set msg {
+    Windows/Samba Filesystem mounting requires SSH be used to set up the SMB
+    service port redirection.  This will be either of the "Use SSH instead"
+    or "Use SSH and SSL" modes under "Options".  Pure SSL tunnelling will
+    not work.
+
+    This method requires a working Samba software setup on the remote
+    side of the connection (VNC server) and existing Samba or Windows file
+    server(s) on the local side (VNC viewer).
+
+    The smbmount(8) program MUST be installed on the remote side.
+    This evidently limits the mounting to Linux systems.  Let us know
+    of similar utilities on other Unixes.  Mounting onto remote Windows
+    machines is currently not supported (our SSH mode only works to Unix).
+
+    Depending on how smbmount is configured you may be able to run it
+    as a regular user, or it may require running under su(1) or sudo(8)
+    (root password or user password required, respectively).  You select
+    which one you want via the checkbuttons below.
+
+    In addition to a possible su(1) or sudo(8) password, you may ALSO
+    need to supply passwords to mount each SMB share. This is an SMB passwd.
+    If it has no password just hit enter after the "Password:" prompt.
+
+    The passwords are supplied when the 1st SSH connection starts up;
+    be prepared to respond to them.
+
+    NOTE: USE OF SMB TUNNELLING MODE WILL REQUIRE TWO SSH'S, AND SO YOU
+    MAY NEED TO SUPPLY TWO LOGIN PASSWORDS UNLESS YOU ARE USING SOMETHING
+    LIKE ssh-agent(1) or the Putty PW setting.
+    %WIN
+
+    To indicate the Windows/Samba shares to mount enter them one per line
+    in either one of the forms:
+
+      //machine1/share   ~/Desktop/my-mount1
+      //machine2/fubar   /var/tmp/my-foobar2  192.168.100.53:3456
+      1139  //machine3/baz  /var/tmp/baz      [...]
+
+    The first part is the standard SMB host and share name //hostname/dir
+    (note this share is on the local viewer-side not on the remote end).
+    A leading '#' will cause the entire line to be skipped.
+
+    The second part, e.g. /var/tmp/my-foobar2, is the directory to mount
+    the share on the remote (VNC Server) side.  You must be able to
+    write to this directory.  It will be created if it does not exist.
+    A leading character ~ will be expanded to $HOME.  So will the string
+    %HOME.  The string %USER will get expanded to the remote username.
+
+    An optional part like 192.168.100.53:3456 is used to specify the real
+    hostname or IP address, and possible non-standard port, on the local
+    side if for some reason the //hostname is not sufficient.
+
+    An optional leading numerical value, 1139 in the above example, indicates
+    which port to use on the Remote side to SSH redirect to the local side.
+    Otherwise a random one is tried (a unique one is needed for each SMB
+    server:port combination).  A fixed one is preferred: choose a free
+    remote port.
+
+    The standard SMB ports are 445 and 139.  139 is used by this application.
+
+    Sometimes "localhost" will not work on Windows machines for a share
+    hostname, and you will have to specify a different network interface
+    (e.g. the machine's IP address).  If you use the literal string "IP"
+    it will be attempted to replace it with the numerical IP address, e.g.:
+
+      //machine1/share   ~/Desktop/my-mount1   IP
+
+    VERY IMPORTANT: Before terminating the VNC Connection, make sure no
+    applications are using any of the SMB shares (or shells are cd-ed
+    into the share).  This way the shares will be automatically umounted.
+    Otherwise you will need to log in again, stop processes from using
+    the share, become root and umount the shares manually ("smbumount
+    /path/to/share", etc.)
+
+    For more info see: http://www.karlrunge.com/x11vnc/#faq-smb-shares
+}
+
+	set msg2 {
+    To speed up moving to the next step, iconify the first SSH console
+    when you are done entering passwords, etc. and then click on the
+    main panel 'VNC Server' label.
+}
+
+	global is_windows
+	if {! $is_windows} {
+		regsub { *%WIN} $msg "" msg
+	} else {
+		set msg2 [string trim $msg2]
+		regsub { *%WIN} $msg "    $msg2" msg
+	}
+	.smb.f.t insert end $msg
+
+	frame .smb.r
+	label .smb.r.l -text "smbmount(8) auth mode:" -relief ridge
+	radiobutton .smb.r.none -text "None" -variable smb_su_mode -value "none"
+	radiobutton .smb.r.su   -text "su(1)" -variable smb_su_mode -value "su"
+	radiobutton .smb.r.sudo -text "sudo(8)" -variable smb_su_mode -value "sudo"
+
+	pack .smb.r.l .smb.r.none .smb.r.sudo .smb.r.su -side left -fill x
+
+	label .smb.info -text "Supply the mounts (one per line) below:" -anchor w -relief ridge
+
+	eval text .smb.mnts -width 80 -height 5 $help_font
+	.smb.mnts insert end $smb_mount_list
+
+	#apply_bg .smb.mnts
+
+	button .smb.guess -text "Help me decide ..." -command {destroy .smb; smb_help_me_decide}
+	#.smb.guess configure -state disabled
+
+	button .smb.done -text "Done" -command {if {$use_smbmnt} {set_ssh; set smb_mount_list [.smb.mnts get 1.0 end]}; destroy .smb}
+	bind .smb <Escape> {if {$use_smbmnt} {set_ssh; set smb_mount_list [.smb.mnts get 1.0 end]}; destroy .smb}
+
+	pack .smb.done .smb.guess .smb.mnts .smb.info .smb.r -side bottom -fill x
+	pack .smb.f -side top -fill both -expand 1
+
+	center_win .smb
+}
+
+proc help_advanced_opts {} {
+	catch {destroy .ah}
+	toplevel .ah
+
+	scroll_text_dismiss .ah.f
+
+	center_win .ah
+
+	wm title .ah "Advanced Opts Help"
+
+	set msg {
+    These Advanced settings are experimental options that may require extra
+    software installed on the VNC server-side (the remote server machine)
+    and/or on the VNC client-side (where this gui is running).
+
+    The Service redirection options, CUPS, ESD/ARTSD, and SMB will require
+    that you use SSH for tunneling so that the -R port redirection will
+    be enabled for each service.  I.e. "Use SSH instead" or "Use SSH and SSL"
+
+    These options may also require additional configuration to get them
+    to work properly.  Please submit bug reports if it appears it should
+    be working for your setup but is not.
+
+    Brief descriptions:
+
+         CUPS Print tunnelling: redirect localhost:6631 (say) on the VNC
+         server to your local CUPS server.
+
+         ESD/ARTSD Audio tunnelling: redirect localhost:16001 (say) on
+         the VNC server to your local ESD, etc. sound server.
+
+         SMB mount tunnelling: redirect localhost:1139 (say) on the VNC
+         server and through that mount SMB file shares from your local
+         server.  The remote machine must be Linux.
+
+         Change vncviewer: specify a non-bundled VNC Viewer (e.g.
+         UltraVNC or RealVNC) to run instead of the bundled TightVNC Viewer.
+
+         Extra Redirs: specify additional -L port:host:port and 
+         -R port:host:port cmdline options for SSH to enable additional
+         services.
+
+         Port Knocking: for "closed port" services, first "knock" on the
+         firewall ports in a certain way to open the door for SSH or SSL.
+	
+    About the CheckButtons:
+
+         Ahem, Well...., a klunky UI: you have to toggle the CheckButton
+         to pull up the Dialog box a 2nd, etc. time... your settings will
+         still be there.
+}
+
+	.ah.f.t insert end $msg
+	#raise .ah
+}
+
+proc set_viewer_path {} {
+	global change_vncviewer_path
+	set change_vncviewer_path [tk_getOpenFile]
+	catch {raise .chviewer}
+	update
+}
+
+proc change_vncviewer_dialog {} {
+	global change_vncviewer change_vncviewer_path vncviewer_realvnc4
+	
+	catch {destroy .chviewer}
+	toplevel .chviewer
+	wm title .chviewer "Change VNC Viewer"
+
+	global help_font
+	eval text .chviewer.t -width 90 -height 16 $help_font
+	apply_bg .chviewer.t
+
+	set msg {
+    To use your own VNC Viewer (i.e. one installed by you, not included in this
+    package), e.g. UltraVNC or RealVNC, type in the program name, or browse for
+    the full path to it.  You can put command line arguments after the program.
+
+    Note that due to incompatibilities with respect to command line options
+    there may be issues, especially if many command line options are supplied.
+    You can specify your own command line options below if you like (and try to
+    avoid setting any others in this GUI).
+
+    If the path to the program name has any spaces it in, please surround it with
+    double quotes, e.g. "C:\Program Files\My Vnc Viewer\VNCVIEWER.EXE"
+
+    Since the command line options differ between them greatly, if you know it
+    is of the RealVNC 4.x flavor, indicate so on the check box.
+}
+	.chviewer.t insert end $msg
+
+	frame .chviewer.path
+	label .chviewer.path.l -text "VNC Viewer:"
+	entry .chviewer.path.e -width 40 -textvariable change_vncviewer_path
+	button .chviewer.path.b -text "Browse..." -command set_viewer_path
+	checkbutton .chviewer.path.r -anchor w -variable vncviewer_realvnc4 -text \
+		"RealVNC 4.x"
+
+	pack .chviewer.path.l -side left
+	pack .chviewer.path.e -side left -expand 1 -fill x
+	pack .chviewer.path.b -side left
+	pack .chviewer.path.r -side left
+
+	button .chviewer.done -text "Done" -command {destroy .chviewer; catch {raise .oa}}
+	bind .chviewer <Escape> {destroy .chviewer; catch {raise .oa}}
+
+	pack .chviewer.t .chviewer.path .chviewer.done -side top -fill x
+
+	center_win .chviewer
+	wm resizable .chviewer 1 0
+
+	focus .chviewer.path.e 
+}
+
+proc port_redir_dialog {} {
+	global additional_port_redirs additional_port_redirs_list
+	
+	catch {destroy .redirs}
+	toplevel .redirs
+	wm title .redirs "Additional Port Redirections"
+
+	global help_font
+	eval text .redirs.t -width 80 -height 35 $help_font
+	apply_bg .redirs.t
+
+	set msg {
+    Specify any additional SSH port redirections you desire for the
+    connection.  Put as many as you want separated by spaces.  These only
+    apply to SSH and SSH+SSL connections, they do not apply to Pure SSL
+    connections.
+
+    -L port1:host:port2  will listen on port1 on the local machine (where
+                         you are sitting) and redirect them to port2 on
+                         "host".  "host" is relative to the remote side
+                         (VNC Server).  Use "localhost" for the remote
+                         machine itself.
+
+    -R port1:host:port2  will listen on port1 on the remote machine
+                         (where the VNC server is running) and redirect
+                         them to port2 on "host".  "host" is relative
+                         to the local side (where you are sitting).
+                         Use "localhost" for this machine.
+
+    Perhaps you want a redir to a web server inside an intranet:
+
+        -L 8001:web-int:80
+
+    Or to redir a remote port to your local SSH daemon:
+
+        -R 5022:localhost:22
+
+    etc.  There are many interesting possibilities.
+
+    Sometimes, especially for Windows Shares, you cannot do a -R redir to
+    localhost, but need to supply the IP address of the network interface
+    (e.g. by default the Shares do not listen on localhost:139).  As a
+    convenience you can do something like -R 1139:IP:139 (for any port
+    numbers) and the IP will be attempted to be expanded.  If this fails
+    for some reason you will have to use the actual numerical IP address.
+}
+	.redirs.t insert end $msg
+
+	frame .redirs.path
+	label .redirs.path.l -text "Port Redirs:"
+	entry .redirs.path.e -width 40 -textvariable additional_port_redirs_list
+
+	pack .redirs.path.l -side left
+	pack .redirs.path.e -side left -expand 1 -fill x
+
+	button .redirs.done -text "Done" -command {destroy .redirs}
+	bind .redirs <Escape> {destroy .redirs}
+
+	pack .redirs.t .redirs.path .redirs.done -side top -fill x
+
+	center_win .redirs
+	wm resizable .redirs 1 0
+
+	focus .redirs.path.e
+}
+
+proc find_netcat {} {
+	global env is_windows
+
+	set nc ""
+
+	if {! $is_windows} {
+		set nc [in_path "netcat"]
+		if {$nc == ""} {
+			set nc [in_path "nc"]
+		}
+	} else {
+		set try "netcat.exe"
+		if [file exists $try] {
+			set nc $try
+		}
+	}
+	return $nc
+}
+
+proc pk_expand {cmd host} {
+	global tcl_platform
+	set secs [clock seconds]
+	set msecs [clock clicks -milliseconds]
+	set user $tcl_platform(user)
+	if [regexp {%IP} $cmd] {
+		set ip [guess_ip]
+		if {$ip == ""} {
+			set ip "unknown"
+		}
+		regsub -all {%IP} $cmd $ip cmd
+	}
+	if [regexp {%NAT} $cmd] {
+		set ip [guess_nat_ip]
+		regsub -all {%NAT} $cmd $ip cmd
+	}
+	regsub -all {%HOST} $cmd $host cmd
+	regsub -all {%USER} $cmd $user cmd
+	regsub -all {%SECS} $cmd $secs cmd
+	regsub -all {%MSECS} $cmd $msecs cmd
+
+	return $cmd
+}
+
+proc backtick_expand {str} {
+	set str0 $str
+	set collect ""
+	set count 0
+	while {[regexp {^(.*)`([^`]+)`(.*)$} $str mv p1 cmd p2]} {
+		set out [eval exec $cmd]
+		set str "$p1$out$p2"
+		incr count
+		if {$count > 10}  {
+			break
+		}
+	}
+	return $str
+}
+
+proc read_from_pad {file} {
+	set fh ""
+	if {[catch {set fh [open $file "r"]}] != 0} {
+		return "FAIL"
+	}
+
+	set accum ""
+	set match ""
+	while {[gets $fh line] > -1} {
+		if [regexp {^[ \t]*#} $line] {
+			append accum "$line\n"
+		} elseif [regexp {^[ \t]*$} $line] {
+			append accum "$line\n"
+		} elseif {$match == ""} {
+			set match $line
+			append accum "# $line\n"
+		} else {
+			append accum "$line\n"
+		}
+	}
+
+	close $fh
+
+	if {$match == ""} {
+		return "FAIL"
+	}
+	
+	if {[catch {set fh [open $file "w"]}] != 0} {
+		return "FAIL"
+	}
+
+	puts -nonewline $fh $accum
+
+	return $match
+}
+
+proc do_port_knock {hp} {
+	global use_port_knocking port_knocking_list
+	global is_windows
+
+	if {! $use_port_knocking} {
+		return
+	}
+	if {$port_knocking_list == ""} {
+		return
+	}
+
+	set default_delay 0
+
+	set host [string trim $hp]
+	regsub {^.*@} $host "" host
+	regsub {:.*$} $host "" host
+	set host0 [string trim $host]
+
+	if {$host0 == ""} {
+		bell
+		mesg "No host: $hp"
+		return
+	}
+	if [regexp {PAD=([^\n]+)} $port_knocking_list mv padfile] {
+		set tlist [read_from_pad $padfile] 
+		set tlist [string trim $tlist]
+		if {$tlist == "" || $tlist == "FAIL"} {
+			tk_messageBox -type ok -icon error \
+				-message "Failed to read entry from $padfile" \
+				-title "Error: Padfile $padfile"
+			return
+		}
+		regsub -all {PAD=([^\n]+)} $port_knocking_list $tlist list
+	} else {
+		set list $port_knocking_list
+	}
+
+	set spl ",\n\r"
+	if [regexp {CMD=}   $list] {set spl "\n\r"}
+	if [regexp {CMDX=}  $list] {set spl "\n\r"}
+	if [regexp {SEND=}  $list] {set spl "\n\r"}
+	if [regexp {SENDX=} $list] {set spl "\n\r"}
+
+	set i 0
+	set pi 0
+
+	foreach line [split $list $spl] {
+		set line [string trim $line]
+		set line0 $line
+
+		if {$line == ""} {
+			continue
+		}
+		if [regexp {^#} $line] {
+			continue
+		}
+		if [regexp {^sleep[ \t][ \t]*([0-9][0-9]*)} $line mv sl] {
+			mesg "sleep: $sl"
+			after $sl
+			continue
+		}
+		if [regexp {^delay[ \t][ \t]*([0-9][0-9]*)} $line mv sl] {
+			mesg "delay: $sl"
+			set default_delay $sl
+			continue
+		}
+
+		if [regexp {^CMD=(.*)} $line mv cmd] {
+			mesg "CMD: $cmd"
+			eval exec $cmd
+			continue
+		}
+		if [regexp {^CMDX=(.*)} $line mv cmd] {
+			set cmd [pk_expand $cmd $host0]
+			mesg "CMDX: $cmd"
+			eval exec $cmd
+			continue
+		}
+	
+		if [regexp {`} $line] {
+			#set line [backtick_expand $line]
+		}
+
+		set snd ""
+		if [regexp {^(.*)SEND=(.*)$} $line mv line snd]  {
+			set line [string trim $line]
+			set snd [string trim $snd]
+			regsub -all {%NEWLINE} $snd "\n" snd
+		} elseif [regexp {^(.*)SENDX=(.*)$} $line mv line snd]  {
+			set line [string trim $line]
+			set snd [string trim $snd]
+			set snd [pk_expand $snd $host0]
+			regsub -all {%NEWLINE} $snd "\n" snd
+		}
+
+		set udp 0
+		if [regexp -nocase {/udp} $line] {
+			set udp 1
+			regsub -all -nocase {/udp} $line "" line
+			set line [string trim $line]
+		}
+		regsub -all -nocase {/tcp} $line "" line
+		set line [string trim $line]
+
+		set delay 0
+		if [regexp {^(.*)[ \t][ \t]*([0-9][0-9]*)$} $line mv first delay] {
+			set line [string trim $first]
+		}
+
+		if {[regexp {^(.*):(.*)$} $line mv host port]} {
+			;
+		} else {
+			set host $host0
+			set port $line
+		}
+		set host [string trim $host]
+		set port [string trim $port]
+
+		if {$host == ""} {
+			set host $host0
+		}
+
+		if {$port == ""} {
+			bell
+			mesg "No port: $line0"
+			continue
+		}
+
+		set nc ""
+		if {$udp || $snd != ""} {
+			set nc [find_netcat]
+			if {$nc == ""} {
+				bell
+				mesg "UDP: netcat(1) not found"
+				after 1000
+				continue
+			}
+		}
+
+		if {$snd != ""} {
+			global env
+			set pfile "payload$pi.txt" 
+			if {! $is_windows} {
+				set pfile "$env(HOME)/.$pfile"
+			}
+			set pfiles($pi) $pfile
+			incr pi
+			set fh [open $pfile "w"]
+			puts -nonewline $fh "$snd"
+			close $fh
+
+			mesg "SEND: $host $port"
+			if {$is_windows} {
+				if {$udp} {
+					catch {exec $nc -d -u -w 1 "$host" "$port" < $pfile &}
+				} else {
+					catch {exec $nc -d    -w 1 "$host" "$port" < $pfile &}
+				}
+			} else {
+				if {$udp} {
+					catch {exec $nc    -u -w 1 "$host" "$port" < $pfile &}
+				} else {
+					catch {exec $nc       -w 1 "$host" "$port" < $pfile &}
+				}
+			}
+			catch {after 50; file delete $pfile}
+			
+		} elseif {$udp} {
+			mesg "UDP: $host $port"
+			if {! $is_windows} {
+				catch {exec echo a | $nc -u -w 1 "$host" "$port" &}
+			} else {
+				set fh [open "nc_in.txt" "w"]
+				puts $fh "a"
+				close $fh
+				catch {exec $nc -d -u -w 1 "$host" "$port" < "nc_in.txt" &}
+			}
+		} else {
+			mesg "TCP: $host $port"
+			set s ""
+			set emess ""
+			set rc [catch {set s [socket -async $host $port]} emess]
+			if {$rc != 0} {
+				tk_messageBox -type ok -icon error -message $emess -title "Error: socket -async $host $port"
+			}
+			set socks($i) $s
+			# seems we have to close it immediately to avoid multiple SYN's.
+			# does not help on Win9x.
+			catch {after 30; close $s};
+			incr i
+		}
+
+		if {$delay == 0} {
+			if {$default_delay > 0} {
+				after $default_delay
+			}
+		} elseif {$delay > 0} {
+			after $delay
+		}
+	}
+
+	if {0} {
+		for {set j 0} {$j < $i} {incr j} {
+			set $s $socks($j)
+			if {$s != ""} {
+				catch {close $s}	
+			}
+		}
+	}
+	for {set j 0} {$j < $pi} {incr j} {
+		set f $pfiles($j)
+		if {$f != ""} {
+			if [file exists $f] {
+				after 100
+			}
+			catch {file delete $f}	
+		}
+	}
+	if {$is_windows} {
+		catch {file delete "nc_in.txt"}
+	}
+}
+
+proc port_knocking_dialog {} {
+	catch {destroy .pk}
+	toplevel .pk
+	wm title .pk "Port Knocking"
+	global use_port_knocking port_knocking_list
+
+	global help_font
+
+	scroll_text .pk.f 85
+
+	set msg {
+    Port Knocking is where a network connection to a service is not provided
+    to just any client, but rather only to those that immediately prior to
+    connecting send a more or less secret pattern of connections to other
+    ports on the firewall.
+
+    Somewhat like "knocking" on the door with the correct sequence before it
+    being opened (but not necessarily letting you in yet).  It is also possible
+    to have a single encrypted packet (e.g. UDP) payload communicate with the
+    firewall instead of knocking on a sequence of ports.
+
+    Only after the correct sequence of ports is observed by the firewall does
+    it allow the IP address of the client to attempt to connect to the service.
+
+    So, for example, instead of allowing any host on the internet to connect
+    to your SSH service and then try to login with a username and password, the
+    client first must "tickle" your firewall with the correct sequence of ports.
+    Only then will it be allowed to connect to your SSH service at all.
+
+    This does not replace the authentication and security of SSH, it merely
+    puts another layer of protection around it. E.g., suppose an exploit for
+    SSH was discovered, you would most likely have more time to fix/patch
+    the problem than if any client could directly connect to your SSH server.
+
+    For more information http://www.portknocking.org/ and
+    http://www.linuxjournal.com/article/6811
+
+    Tip: if you just want to use the Port Knocking for an SSH shell and not
+    for a VNC tunnel, then specify something like "user@hostname cmd=SHELL"
+    (or "user@hostname cmd=PUTTY" on Windows) in the VNC Server entry box
+    on the main panel.  This will do everything short of starting the viewer.
+    A shortcut for this is Ctrl-S.
+    
+    In the text area below put in the pattern of "knocks" needed for this
+    connection.  You can separate the knocks by commas or put them one per line.
+    Whitespace is trimmed.
+
+    Each "knock" is of this form:
+
+           [host:]port[/udp] [delay]
+
+    In the simplest form just a numerical port, e.g. 5433, is supplied.
+
+    The packet is sent to the same host that the VNC (or SSH) connection will
+    be made to.  If you want it to go to a different host or IP use the [host:]
+    prefix.  It can be either a hostname or numerical IP.
+
+    TCP is assumed by default.
+
+    If you need to send a UDP packet, the netcat (aka "nc") program must be
+    installed on Unix (tcl/tk does not support udp connections).  Indicate this
+    with "/udp" following the port number (you can also use "/tcp", but since
+    it is the default it is not necessary).  For convenience a Windows netcat
+    binary is supplied.
+
+    Because an external program must be launched for each packet udp knocking will
+    be somewhat slower and less reliable.  ICMP (ping) is currently not supported.
+
+    The last field is the number of milliseconds to delay before continuing.
+
+    Examples:
+
+           5433,12321,1661
+
+           fw.example.com:5433, 12321/udp 3000,1661 2000
+
+           fw.example.com:5433
+           12321/udp 3000
+           1661 2000
+
+
+    Alternate actions:  If the string in the text field contains anywhere the
+    strings "CMD=", "CMDX=", or "SEND=", then splitting on commas is not done:
+    it is only split on lines.
+
+    Then, if a line begins CMD=... the string after the = is run as an
+    external command.  The command could be anything you want, e.g. it could
+    be a port-knocking client that does the knocking, perhaps encrypting the
+    "knocks" pattern somehow or using a Single Packet Authorization method such
+    as http://www.cipherdyne.com/fwknop/
+
+    Extra quotes (sometimes "'foo bar'") may be needed to preserve spaces in
+    command line arguments because the tcl/tk eval(n) command is used.  You
+    can also use {...} for quoting strings with spaces.
+
+    If a line begins CMDX=... then before the command is run the following
+    tokens are expanded to strings:
+
+      %IP       Current machine's IP address (NAT may make this not useful).
+      %NAT      Try to get effective IP by contacting http://www.whatismyip.com
+      %HOST     The remote host of the connection.
+      %USER     The current user.
+      %SECS     The current time in seconds (platform dependent).
+      %MSECS    Platform dependent time having at least millisecond granularity.
+
+   Lines not matching CMD= or CMDX= are treated as normal port knocks but with
+   one exception.  If a line ends in SEND=... (i.e. after the [host:]port,
+   etc., part) then the string after the = is sent as a payload for the tcp
+   or udp connection to [host:]port.  netcat is used for these SEND cases
+   (and must be available on Unix).  If newlines (\n) are needed in the
+   SEND string, use %NEWLINE.  Sending binary data is not yet supported;
+   use CMD= with your own program.
+
+   Examples:
+
+      CMD=port_knock_client -pass wombat33
+      CMDX=port_knock_client -pass wombat33 -host %HOST -src %NAT
+
+      fw.example.com:5433/udp SEND=ASDLFKSJDF
+
+   More tricks:
+
+      To temporarily "comment out" a knock, insert a leading "#" character.
+
+      Use "sleep N" to insert a raw sleep for N milliseconds (e.g. between
+      CMD=... items or at the very end of the knocks to wait).
+
+      If a knock entry matches "delay N" the default delay is set to
+      N milliseconds.
+
+   One Time Pads:
+
+      If the text contains a (presumably single) line of the form:
+
+           PAD=/path/to/a/one/time/pad/file
+
+      then that file is opened and the first non-blank line not beginning
+      with "#" is used as the knock pattern.  The pad file is rewritten
+      with that line starting with a "#" (so it will be skipped next time).
+
+      The PAD=... string is replaced with the read-in knock pattern line.
+      So, if needed, one can preface the PAD=... with "delay N" to set the
+      default delay, and one can also put a "sleep N" after the PAD=...
+      line to indicate a final sleep.  One can also surround the PAD=
+      line with other knock and CMD= CMDX= lines, but that usage sounds
+      a bit rare.  Example:
+
+           delay 1000
+           PAD=C:\My Pads\work-pad1.txt
+           sleep 4000
+}
+	.pk.f.t insert end $msg
+
+	label .pk.info -text "Supply port knocking pattern:" -anchor w -relief ridge
+
+	eval text .pk.rule -width 80 -height 5 $help_font
+	.pk.rule insert end $port_knocking_list
+	#apply_bg .pk.rule
+
+	button .pk.done -text "Done" -command {if {$use_port_knocking} {set port_knocking_list [.pk.rule get 1.0 end]}; destroy .pk}
+	bind .pk <Escape> {if {$use_port_knocking} {set port_knocking_list [.pk.rule get 1.0 end]}; destroy .pk}
+
+	pack .pk.done .pk.rule .pk.info -side bottom -fill x
+	pack .pk.f -side top -fill both -expand 1
+
+	center_win .pk
+}
+
+
+proc set_advanced_options {} {
+	global env
+	global use_cups use_sound use_smbmnt
+	global change_vncviewer
+	global use_port_knocking port_knocking_list
+
+	catch {destroy .o}
+	catch {destroy .oa}
+	toplevel .oa
+	wm title .oa "Advanced options"
+
+	set i 1
+
+	checkbutton .oa.b$i -anchor w -variable use_cups -text \
+		"Enable CUPS Print tunnelling" \
+		-command {if {$use_cups} {cups_dialog}}
+	incr i
+
+	checkbutton .oa.b$i -anchor w -variable use_sound -text \
+		"Enable ESD/ARTSD Audio tunnelling" \
+		-command {if {$use_sound} {sound_dialog}}
+	incr i
+
+	checkbutton .oa.b$i -anchor w -variable use_smbmnt -text \
+		"Enable SMB mount tunnelling" \
+		-command {if {$use_smbmnt} {smb_dialog}}
+	incr i
+
+
+	checkbutton .oa.b$i -anchor w -variable change_vncviewer -text \
+		"Change VNC Viewer" \
+		-command {if {$change_vncviewer} {change_vncviewer_dialog}}
+	incr i
+
+	checkbutton .oa.b$i -anchor w -variable additional_port_redirs -text \
+		"Additional Port Redirs" \
+		-command {if {$additional_port_redirs} {port_redir_dialog}}
+	incr i
+
+	checkbutton .oa.b$i -anchor w -variable use_port_knocking -text \
+		"Port Knocking" \
+		-command {if {$use_port_knocking} {port_knocking_dialog}}
+	incr i
+
+	for {set j 1} {$j < $i} {incr j} {
+		pack .oa.b$j -side top -fill x
+	}
+
+	frame .oa.b
+	button .oa.b.done -text "Done" -command {destroy .oa}
+	bind .oa <Escape> {destroy .oa}
+	button .oa.b.help -text "Help" -command help_advanced_opts
+
+	pack .oa.b.help .oa.b.done -fill x -expand 1 -side left
+
+	pack .oa.b -side top -fill x 
+
+	center_win .oa
+	wm resizable .oa 1 0
+	focus .oa
+}
+
+proc in_path {cmd} {
+	global env
+	set p $env(PATH)
+	foreach dir [split $p ":"] {
+		set try "$dir/$cmd"
+		if [file exists $try] {
+			return "$try"
+		}
+	}
+	return ""
+}
+
+proc ssh_agent_restart {} {
+	global env 
+
+	set got_ssh_agent 0
+	set got_ssh_add 0
+	set got_ssh_agent2 0
+	set got_ssh_add2 0
+
+	if [in_path "ssh-agent"]  {set got_ssh_agent 1}
+	if [in_path "ssh-agent2"] {set got_ssh_agent2 1}
+	if [in_path "ssh-add"]    {set got_ssh_add 1}
+	if [in_path "ssh-add2"]   {set got_ssh_add2 1}
+
+	set ssh_agent ""
+	set ssh_add ""
+	if {[info exists env(USER)] && $env(USER) == "runge"} {
+		if {$got_ssh_agent2} {
+			set ssh_agent "ssh-agent2"
+		}
+		if {$got_ssh_add2} {
+			set ssh_add "ssh-add2"
+		}
+	}
+	if {$ssh_agent == "" && $got_ssh_agent} {
+		set ssh_agent "ssh-agent"
+	}
+	if {$ssh_add == "" && $got_ssh_add} {
+		set ssh_add "ssh-add"
+	}
+	if {$ssh_agent == ""} {
+		bell
+		mesg "could not find ssh-agent in PATH"
+		return
+	}
+	if {$ssh_add == ""} {
+		bell
+		mesg "could not find ssh-add in PATH"
+		return
+	}
+	set tmp $env(HOME)/.vnc-sa[pid]
+	set fh ""
+	catch {set fh [open $tmp "w"]}
+	if {$fh == ""} {
+		bell
+		mesg "could not open tmp file $tmp"
+		return
+	}
+
+	puts $fh "#!/bin/sh"
+	puts $fh "eval `$ssh_agent -s`"
+	puts $fh "$ssh_add"
+	puts $fh "SSL_VNC_GUI_CHILD=\"\"" 
+	puts $fh "export SSL_VNC_GUI_CHILD" 
+
+	global buck_zero
+	set cmd $buck_zero
+	
+	if [info exists env(SSL_VNC_GUI_CMD)] {
+		set cmd $env(SSL_VNC_GUI_CMD) 
+	}
+	#puts $fh "$cmd </dev/null 1>/dev/null 2>/dev/null &"
+	puts $fh "nohup $cmd &"
+	puts $fh "sleep 1"
+	puts $fh "#rm -f $tmp"
+	close $fh
+
+	wm withdraw .
+	catch {wm withdraw .o}
+	catch {wm withdraw .oa}
+
+	exec xterm -geometry +200+200 -title "Restarting with ssh-agent/ssh-add" -e sh $tmp &
+	after 10000
+	destroy .
+	exit
+}
+
+proc putty_pw_entry {mode} {
+	if {$mode == "check"} {
+		global use_sshssl use_ssh
+		if {$use_sshssl || $use_ssh} {
+			putty_pw_entry enable
+		} else {
+			putty_pw_entry disable
+		}
+		return
+	}
+	if {$mode == "disable"} {
+		catch {.o.pw.l configure -state disabled}
+		catch {.o.pw.e configure -state disabled}
+	} else {
+		catch {.o.pw.l configure -state normal}
+		catch {.o.pw.e configure -state normal}
+	}
+}
+
+proc set_options {} {
+	global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
+	global use_nojpeg use_raise_on_beep use_compresslevel use_quality
+	global compresslevel_text quality_text
+	global env is_windows 
+
+	catch {destroy .o}
+	toplevel .o
+	wm title .o "Set SSL VNC Viewer options"
+
+	set i 1
+
+	checkbutton .o.b$i -anchor w -variable use_ssh -text \
+		"Use SSH instead" \
+		-command {if {$use_ssh} {set use_sshssl 0}; putty_pw_entry check}
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_sshssl -text \
+		"Use SSH and SSL" \
+		-command {if {$use_sshssl} {set use_ssh 0}; putty_pw_entry check}
+	set iss $i
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_viewonly -text \
+		"View Only"
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_fullscreen -text \
+		"Fullscreen"
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_raise_on_beep -text \
+		"Raise On Beep"
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_bgr233 -text \
+		"Use 8bit color (-bgr233)"
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_alpha -text \
+		"Cursor alphablending (32bpp required)"
+	set ia $i
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_grab -text \
+		"Use XGrabServer"
+	set ix $i
+	incr i
+
+	checkbutton .o.b$i -anchor w -variable use_nojpeg -text \
+		"Do not use JPEG (-nojpeg)"
+	incr i
+
+	menubutton .o.b$i -anchor w -menu .o.b$i.m -textvariable compresslevel_text
+	set compresslevel_text "Compress Level: $use_compresslevel"
+
+	menu .o.b$i.m -tearoff 0
+	for {set j -1} {$j < 10} {incr j} {
+		set v $j
+		set l $j
+		if {$j == -1} {
+			set v "default"
+			set l "default"
+		}
+		.o.b$i.m add radiobutton -variable use_compresslevel \
+			-value $v -label $l -command \
+			{set compresslevel_text "Compress Level: $use_compresslevel"}
+	}
+	incr i
+
+	menubutton .o.b$i -anchor w -menu .o.b$i.m -textvariable quality_text
+	set quality_text "Quality: $use_quality"
+
+	menu .o.b$i.m -tearoff 0
+	for {set j -1} {$j < 10} {incr j} {
+		set v $j
+		set l $j
+		if {$j == -1} {
+			set v "default"
+			set l "default"
+		}
+		.o.b$i.m add radiobutton -variable use_quality \
+			-value $v -label $l -command \
+			{set quality_text "Quality: $use_quality"}
+	}
+	incr i
+
+	for {set j 1} {$j < $i} {incr j} {
+		pack .o.b$j -side top -fill x
+	}
+
+	if {$is_windows} {
+		.o.b$ia configure -state disabled
+		.o.b$ix configure -state disabled
+	}
+
+	if {$is_windows} {
+		frame .o.pw	
+		label .o.pw.l -text "Putty PW:"
+		entry .o.pw.e -width 10 -show * -textvariable putty_pw
+		pack .o.pw.l -side left
+		pack .o.pw.e -side left -expand 1 -fill x
+		pack .o.pw -side top -fill x 
+		putty_pw_entry check
+	} else {
+		button .o.sa -text "Use ssh-agent" -command ssh_agent_restart
+		pack .o.sa -side top -fill x 
+	}
+
+	button .o.s_prof -text "Save Profile ..." -command {save_profile; raise .o}
+	button .o.l_prof -text " Load Profile ..." -command {load_profile; raise .o}
+	button .o.advanced -text "Advanced ..." -command set_advanced_options
+	button .o.clear -text "Clear Options" -command set_defaults
+	pack .o.s_prof -side top -fill x 
+	pack .o.l_prof -side top -fill x 
+	pack .o.clear -side top -fill x 
+	pack .o.advanced -side top -fill x 
+
+	frame .o.b
+	button .o.b.done -text "Done" -command {destroy .o}
+	bind .o <Escape> {destroy .o}
+	button .o.b.help -text "Help" -command help_opts
+
+	pack .o.b.help .o.b.done -fill x -expand 1 -side left
+
+	pack .o.b -side top -fill x 
+
+	center_win .o
+	wm resizable .o 1 0
+	focus .o
+}
+
+set is_windows 0
+set help_font "-font fixed"
+if { [regexp -nocase {Windows} $tcl_platform(os)]} {
+	cd util
+	set help_font ""
+	set is_windows 1
+}
+
+if {[regexp -nocase {Windows.9} $tcl_platform(os)]} {
+	set is_win9x 1
+} else {
+	set is_win9x 0
+}
+
+set putty_pw ""
+
+
+wm title . "SSL VNC Viewer"
+wm resizable . 1 0
+
+set_defaults
+set skip_pre 0
+
+set vncdisplay ""
+
+label .l -text "SSL TightVNC Viewer" -relief ridge
+frame .f
+label .f.l -text "VNC Server:" -relief ridge
+entry .f.e -width 40 -textvariable vncdisplay
+pack .f.l -side left 
+pack .f.e -side left -expand 1 -fill x
+bind .f.e <Return> launch
+
+frame .b
+button .b.help  -text "Help" -command help
+button .b.certs -text "Certs ..." -command getcerts
+button .b.opts  -text "Options ..." -command set_options
+button .b.conn  -text "Connect" -command launch
+button .b.exit  -text "Exit" -command {destroy .; exit}
+
+
+pack .b.certs .b.opts .b.conn .b.help .b.exit -side left -expand 1 -fill x
+
+pack .l .f .b -side top -fill x
+if {![info exists env(SSL_VNC_GUI_CHILD)] || $env(SSL_VNC_GUI_CHILD) == ""} {
+	center_win .
+}
+focus .f.e
+#raise .
+
+global system_button_face
+set system_button_face ""
+foreach item [.b.help configure -bg] {
+	set system_button_face $item
+}
+
+global env
+if {[info exists env(SSL_VNC_GUI_CMD)]} {
+	set env(SSL_VNC_GUI_CHILD) 1
+	bind . <Control-n> "exec $env(SSL_VNC_GUI_CMD) &"
+}
+bind . <Control-q> "destroy .; exit"
+bind . <Shift-Escape> "destroy .; exit"
+bind . <Control-s> "launch_shell_only"
+
+global entered_gui_top
+set entered_gui_top 0
+bind . <Enter> {set entered_gui_top 1}
+
+
+#smb_help_me_decide
+update
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_vncviewer
new file mode 100755
index 0000000..1d7d1a7
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_vncviewer
@@ -0,0 +1,530 @@
+#!/bin/sh
+#
+# ssl_vncviewer:  wrapper for vncviewer to use an stunnel SSL tunnel
+#                 or an SSH tunnel.
+#
+# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+#
+# You must have stunnel(8) installed on the system and in your PATH
+# (however, see the -ssh option below, in which case you will need ssh(1)
+# installed)  Note: stunnel is usually installed in an "sbin" subdirectory.
+#
+# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..." 
+# already running as the VNC server on the remote machine.
+# (or use stunnel on the server side for any other VNC server)
+#
+#
+# Usage: ssl_vncviewer [cert-args] host:display <vncviewer-args>
+#
+# e.g.:  ssl_vncviewer snoopy:0
+#        ssl_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
+#
+# [cert-args] can be:
+#
+#	-verify /path/to/cacert.pem		
+#	-mycert /path/to/mycert.pem		
+#	-proxy  host:port
+#
+# -verify specifies a CA cert PEM file (or a self-signed one) for
+#         authenticating the VNC server.
+#
+# -mycert specifies this client's cert+key PEM file for the VNC server to
+#	  authenticate this client. 
+#
+# -proxy  try host:port as a Web proxy to use the CONNECT method
+#         to reach the VNC server (e.g. your firewall requires a proxy).
+#         For the "double proxy" case use -proxy host1:port1,host2:port2
+#
+#    See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
+#    certificates with VNC.
+#
+# A few other args (not related to SSL and certs):
+#
+# -ssh    Use ssh instead of stunnel SSL.  ssh(1) must be installed and you
+#         must be able to log into the remote machine via ssh.
+#
+#         In this case "host:display" may be of the form "user@host:display"
+#         where "user@host" is used for the ssh login (see ssh(1) manpage).
+#
+#         If -proxy is supplied it can be of the forms: "gwhost" "gwhost:port"
+#         "user@gwhost" or "user@gwhost:port".  "gwhost" is an incoming ssh 
+#         gateway machine (the VNC server is not running there), an ssh -L
+#         redir is used to "host" in "host:display" from "gwhost". Any "user@"
+#         part must be in the -proxy string (not in "host:display").
+#
+#         Under -proxy use "gwhost:port" if connecting to any ssh port
+#         other than the default (22).  (even for the non-gateway case,
+#         -proxy must be used to specify a non-standard ssh port)
+#
+#         Examples:
+#
+#         ssl_vncviewer -ssh bob@bobs-home.net:0
+#         ssl_vncviewer -ssh -sshcmd 'x11vnc -localhost' bob@bobs-home.net:0
+#
+#         ssl_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0
+#         ssl_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0
+#
+# -sshcmd cmd   Run "cmd" via ssh instead of the default "sleep 15"
+#               e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900'
+#
+# -sshargs "args"  pass "args" to the ssh process, e.g. -L/-R port redirs.
+#
+# -sshssl Tunnel the SSL connection thru a SSH connection.  The tunnel as
+#         under -ssh is set up and the SSL connection goes thru it.  Use
+#         this if you want to have and end-to-end SSL connection but must
+#         go thru a SSH gateway host (e.g. not the vnc server).  Or use
+#         this if you need to tunnel additional services via -R and -L 
+#         (see -sshargs above).
+#
+#         ssl_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
+#
+#
+# -alpha  turn on cursor alphablending hack if you are using the
+#         enhanced tightvnc vncviewer.
+#
+# -grab   turn on XGrabServer hack if you are using the enhanced tightvnc
+#         vncviewer (e.g. for fullscreen mode in some windowmanagers like
+#         fvwm that do not otherwise work in fullscreen mode)
+#
+#
+# set VNCVIEWERCMD to whatever vncviewer command you want to use.
+#
+VNCIPCMD=${VNCVIEWERCMD:-vncip}
+VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
+#
+# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
+#
+
+
+PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
+
+if [ "X$STUNNEL" = "X" ]; then
+	type stunnel4 > /dev/null 2>&1
+	if [ $? = 0 ]; then
+		STUNNEL=stunnel4
+	else
+		STUNNEL=stunnel
+	fi
+fi
+
+help() {
+	tail +2 "$0" | sed -e '/^$/ q'
+}
+
+gotalpha=""
+use_ssh=""
+use_sshssl=""
+ssh_sleep=15
+ssh_cmd="sleep $ssh_sleep"
+if [ "X$SSL_VNCVIEWER_SSH_CMD" != "X" ]; then
+	ssh_cmd="$SSL_VNCVIEWER_SSH_CMD"
+fi
+ssh_args=""
+
+# grab our cmdline options:
+while [ "X$1" != "X" ]
+do
+    case $1 in 
+	"-verify")	shift; verify="$1"
+                ;;
+	"-mycert")	shift; mycert="$1"
+                ;;
+	"-proxy")	shift; proxy="$1"
+                ;;
+	"-ssh")		use_ssh=1
+                ;;
+	"-sshssl")	use_ssh=1
+			use_sshssl=1
+                ;;
+	"-sshcmd")	shift; ssh_cmd="$1"
+                ;;
+	"-sshargs")	shift; ssh_args="$1"
+                ;;
+	"-alpha")	gotalpha=1
+                ;;
+	"-grab")	VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
+                ;;
+	"-h"*)	help; exit 0
+                ;;
+	"--h"*)	help; exit 0
+                ;;
+	*)	break
+                ;;
+    esac
+    shift
+done
+
+if [ "X$gotalpha" != "X1" ]; then
+	NO_ALPHABLEND=1
+	export NO_ALPHABLEND
+fi
+
+orig="$1"
+shift
+
+if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then
+	if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then
+		echo "-mycert and -verify cannot be used in -ssh mode" 
+		exit 1
+	fi
+fi
+
+# play around with host:display port:
+if echo "$orig" | grep ':' > /dev/null; then
+	:
+else
+	orig="$orig:0"
+fi
+
+host=`echo "$orig" | awk -F: '{print $1}'`
+disp=`echo "$orig" | awk -F: '{print $2}'`
+if [ "X$host" = "X" ]; then
+	host=localhost
+fi
+if [ $disp -lt 200 ]; then
+	port=`expr $disp + 5900`
+else
+	port=$disp
+fi
+
+# try to find an open listening port via netstat(1):
+inuse=""
+if uname | grep Linux > /dev/null; then
+	inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'`
+elif uname | grep SunOS > /dev/null; then
+	inuse=`netstat -an -f inet -P tcp | grep LISTEN | awk '{print $1}' | sed 's/^.*\.//'`
+# add others...
+fi
+
+date_sec=`date +%S`
+
+findfree() {
+	try0=$1
+	try=$try0
+	use0=""
+
+	while [ $try -lt 6000 ]
+	do
+		if [ "X$inuse" = "X" ]; then
+			break
+		fi
+		if echo "$inuse" | grep -w $try > /dev/null; then
+			:
+		else
+			use0=$try
+			break
+		fi
+		try=`expr $try + 1`
+	done
+	if [ "X$use0" = "X" ]; then
+		use0=`expr $date_sec + $try0`
+	fi
+
+	echo $use0
+}
+
+use=`findfree 5930`
+
+if [ $use -ge 5900 ]; then
+	N=`expr $use - 5900`
+else
+	N=$use
+fi
+
+if echo "$0" | grep vncip > /dev/null; then
+	VNCVIEWERCMD="$VNCIPCMD"
+fi
+
+if [ "X$use_ssh" = "X1" ]; then
+	ssh_port="22"
+	ssh_host="$host"
+	vnc_host="localhost"
+	ssh=${SSH:-"ssh -x"}
+	if [ "X$proxy" != "X" ]; then
+		ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
+		if [ "X$ssh_port" = "X" ]; then
+			ssh_port="22"
+		fi
+		ssh_host=`echo "$proxy" | awk -F: '{print $1}'`
+		vnc_host="$host"
+	fi
+	echo ""
+	echo "Running ssh:"
+	sz=`echo "$ssh_cmd" | wc -c`
+	if [ "$sz" -gt 200 ]; then
+		info="..."
+	else
+		info="$ssh_cmd"
+	fi
+
+	C=""
+	if [ "X$SSL_VNCVIEWER_USE_C" != "X" ]; then
+		C="-C"
+	fi
+	# the -t option actually speeds up typing response via VNC!!
+	if [ "X$SSL_VNCVIEWER_SSH_ONLY" != "X" ]; then
+		echo "$ssh -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
+		echo ""
+		$ssh -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
+		exit $?
+	elif [ "X$SSL_VNCVIEWER_NO_F" != "X" ]; then
+		echo "$ssh -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+		echo ""
+		$ssh -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+	else
+		echo "$ssh -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+		echo ""
+		$ssh -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+	fi
+	if [ "$?" != "0" ]; then
+		echo ""
+		echo "ssh to $ssh_host failed."
+		exit 1
+	fi
+	echo ""
+	if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
+		sleep 1
+	else
+		# let any command get started a bit.
+		sleep 5
+	fi
+	echo ""
+	#reset
+	stty sane
+	if [ "X$use_sshssl" = "X" ]; then
+		echo "Running viewer:"
+		echo $VNCVIEWERCMD "$@" localhost:$N
+		echo ""
+		$VNCVIEWERCMD "$@" localhost:$N
+
+		exit $?
+	else
+		use2=`findfree 5960`
+		host0=$host
+		port0=$port
+		host=localhost
+		port=$use
+		use=$use2
+		N=`expr $use - 5900`
+		proxy=""
+	fi
+fi
+
+# create the stunnel config file:
+if [ "X$verify" != "X" ]; then
+	if [ -d $verify ]; then
+		verify="CApath = $verify"
+	else
+		verify="CAfile = $verify"
+	fi
+	verify="$verify
+verify = 2"
+fi
+if [ "X$mycert" != "X" ]; then
+	cert="cert = $mycert"
+fi
+
+mytmp() {
+	tf=$1
+	rm -rf "$tf" || exit 1
+	if [ -d "$tf" ]; then
+		echo "tmp file $tf still exists as a directory."
+		exit 1
+	elif [ -L "$tf" ]; then
+		echo "tmp file $tf still exists as a symlink."
+		exit 1
+	elif [ -f "$tf" ]; then
+		echo "tmp file $tf still exists."
+		exit 1
+	fi
+	touch "$tf" || exit 1
+	chmod 600 "$tf" || exit 1
+}
+
+if echo "$RANDOM" | grep '[^0-9]' > /dev/null; then
+	RANDOM=`date +%S`
+fi
+
+pcode() {
+	tf=$1
+	SSL_VNC_PROXY=$proxy; export SSL_VNC_PROXY
+	SSL_VNC_DEST="$host:$port"; export SSL_VNC_DEST
+	cod='#!/usr/bin/perl
+
+# A hack to glue stunnel to a Web proxy for client connections.
+
+use IO::Socket::INET;
+
+my ($first, $second) = split(/,/, $ENV{SSL_VNC_PROXY});
+my ($proxy_host, $proxy_port) = split(/:/, $first);
+my $connect = $ENV{SSL_VNC_DEST};
+
+print STDERR "\nperl script for web proxing:\n";
+print STDERR "proxy_host:       $proxy_host\n";
+print STDERR "proxy_port:       $proxy_port\n";
+print STDERR "proxy_connect:    $connect\n";
+
+my $sock = IO::Socket::INET->new(
+	PeerAddr => $proxy_host,
+	PeerPort => $proxy_port,
+	Proto => "tcp");
+
+if (! $sock) {
+	unlink($0);
+	die "perl proxy: $!\n";
+}
+
+my $con = "";
+if ($second ne "") {
+	$con = "CONNECT $second HTTP/1.1\r\n";
+	$con   .= "Host: $second\r\n\r\n";
+} else {
+	$con = "CONNECT $connect HTTP/1.1\r\n";
+	$con   .= "Host: $connect\r\n\r\n";
+}
+
+print STDERR "proxy_request1:\n$con";
+print $sock $con;
+
+unlink($0);
+
+my $rep = "";
+while ($rep !~ /\r\n\r\n/) {
+	my $c = getc($sock);
+	print STDERR $c;
+	$rep .= $c;
+}
+if ($rep !~ m,HTTP/.* 200,) {
+	die "proxy error: $rep\n";
+}
+
+if ($second ne "") {
+	$con = "CONNECT $connect HTTP/1.1\r\n";
+	$con   .= "Host: $connect\r\n\r\n";
+	print STDERR "proxy_request2:\n$con";
+
+	print $sock $con;
+
+	$rep = "";
+	while ($rep !~ /\r\n\r\n/) {
+		my $c = getc($sock);
+		print STDERR $c;
+		$rep .= $c;
+	}
+	if ($rep !~ m,HTTP/.* 200,) {
+		die "proxy error: $rep\n";
+	}
+}
+
+if (fork) {
+	print STDERR "parent\[$$]  STDIN -> socket\n\n";
+	xfer(STDIN, $sock);
+} else {
+	print STDERR "child \[$$]  socket -> STDOUT\n\n";
+	xfer($sock, STDOUT);
+}
+exit;
+
+sub xfer {
+	my($in, $out) = @_;
+	$RIN = $WIN = $EIN = "";
+	$ROUT = "";
+	vec($RIN, fileno($in), 1) = 1;
+	vec($WIN, fileno($in), 1) = 1;
+	$EIN = $RIN | $WIN;
+
+	while (1) {
+		my $nf = 0;
+		while (! $nf) {
+			$nf = select($ROUT=$RIN, undef, undef, undef);
+		}
+		my $len = sysread($in, $buf, 8192);
+		if (! defined($len)) {
+			next if $! =~ /^Interrupted/;
+			print STDERR "perl proxy\[$$]: $!\n";
+			last;
+		} elsif ($len == 0) {
+			print STDERR "perl proxy\[$$]: Input is EOF.\n";
+			last;
+		}
+		my $offset = 0;
+		my $quit = 0;
+		while ($len) {
+			my $written = syswrite($out, $buf, $len, $offset);
+			if (! defined $written) {
+				print STDERR "perl proxy\[$$]: Output is EOF. $!\n";
+				$quit = 1;
+				last;
+			}
+			$len -= $written;
+			$offset += $written;
+		}
+		last if $quit;
+	}
+	close($in);
+	close($out);
+}
+'
+	echo "$cod" > $tf
+	chmod 700 $tf
+}
+
+ptmp=""
+if [ "X$proxy" != "X" ]; then
+	ptmp="/tmp/ssl_vncviewer${RANDOM}.$$.pl"
+	mytmp "$ptmp"
+	pcode "$ptmp"
+	connect="exec = $ptmp"
+else
+	connect="connect = $host:$port"
+fi
+
+
+##debug = 7
+tmp=/tmp/ssl_vncviewer${RANDOM}.$$
+mytmp "$tmp"
+
+cat > "$tmp" <<END
+foreground = yes
+pid =
+client = yes
+debug = 6
+$STUNNEL_EXTRA_OPTS
+$verify
+$cert
+
+[vnc_stunnel]
+accept = localhost:$use
+$connect
+END
+
+echo ""
+echo "Using this stunnel configuration:"
+echo ""
+cat "$tmp" | uniq
+echo ""
+sleep 1
+
+echo ""
+echo "Running: stunnel"
+echo "$STUNNEL $tmp"
+$STUNNEL "$tmp" < /dev/tty > /dev/tty &
+pid=$!
+echo ""
+
+# pause here to let the user supply a possible passphrase for the
+# mycert key:
+if [ "X$mycert" != "X" ]; then
+	sleep 4
+fi
+sleep 2
+rm -f "$tmp"
+
+echo ""
+echo "Running viewer:"
+echo $VNCVIEWERCMD "$@" localhost:$N
+echo ""
+$VNCVIEWERCMD "$@" localhost:$N
+
+kill $pid
+sleep 1
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf
new file mode 100644
index 0000000..8e5dd50
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf
@@ -0,0 +1,34 @@
+#
+# Example SSL stunnel SERVER configuration file.  (e.g. for your VNC
+# server on this same machine.)
+#
+# To use this file you may need to edit it.  Then you will need
+# to manually start up stunnel using it.
+# (e.g. /path/to/stunnel stunnel-server.conf)
+#
+# This is just an example and is not used by the tools in this package.
+# It is here in case you wanted to see how to add SSL support to any
+# VNC server you have.
+#
+RNDbytes = 2048
+RNDfile = bananarand.bin
+RNDoverwrite = yes
+#
+# Remote client certs could go here:
+#  CApath = /path/to/.../crt-dir
+#  CAfile = /path/to/.../foo.crt
+#  verify = 2
+# My server cert could go here:
+#  cert = /path/to/.../my.pem
+#
+[vnc]
+#
+# Set to local listening port number (e.g. 5901 for vnc display 1):
+# so the remote viewers would connect to: yourmachine:1
+#
+accept = 5901
+#
+# Set to localhost:port to connect to VNC server on this same machine:
+# (E.g. you run WinVNC on :0, preferably listening on localhost).
+#
+connect = localhost:5900
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/build.unix b/x11vnc/misc/enhanced_tightvnc_viewer/build.unix
new file mode 100755
index 0000000..9a0fc3d
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/build.unix
@@ -0,0 +1,244 @@
+#!/bin/sh
+
+# Add useful directories to PATH:
+#
+PATH=$PATH:/usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/opt/SUNWspro/bin:/usr/sfw/bin:/usr/ccs/bin
+export PATH
+
+# Check location:
+#
+thisdir=`dirname "$0"`
+if [ ! -d ./bin -o ! -d src/patches ]; then
+	echo "You must run this script from: $thisdir"
+	exit 1
+fi
+
+# Try to find osname.arch
+#
+name=$UNAME
+if [ "X$name" = "X" ]; then
+	name=`uname -sm | sed -e 's/ /./'`
+fi
+if [ "X$name" = "X" ]; then
+	echo "cannot determine platform: os.arch, e.g. Linux.i686"
+	echo "set \$UNAME manually and retry."
+	exit 1
+fi
+
+# Work out main destination:
+#
+dest=./bin/$name
+if [ -d $dest ]; then
+	printf "$dest exists.  overwrite it? [y]/n "
+	read x
+	if [ "X$x" = "Xn" ]; then
+		exit
+	fi
+	rm -rf $dest
+fi
+mkdir -p $dest || exit 1
+
+# Create a tmp dir for this build:
+#
+tmp=./src/tmp/$name.$$
+if [ "X$TMPDIR" != "X" ]; then
+	tmp="$TMPDIR/$tmp"
+fi
+mkdir -p $tmp || exit 1
+
+# Try to find some static archives of various libraries:
+#
+libs="$tmp/libs"
+mkdir -p $libs || exit 1
+#for liba in libz.a libjpeg.a libssl.a libcrypto.a
+for liba in libz.a libjpeg.a
+do
+	for dir in /usr/lib /lib /usr/local/lib /usr/pkg/lib /usr/sfw/lib /usr/openwin/lib
+	do
+		if [ "$name" = "Linux.x86_64" -o "$name" = "Linux.ppc64" ] ; then
+			dir64=`echo "$dir" | sed -e 's,lib,lib64,'`
+		fi
+		try="$dir/$liba"
+		if [ -f $try ]; then
+			cp -p "$try" $libs
+		fi
+	done
+done
+echo "Found these static archive libraries, will try to use them..."
+ls -ld $libs
+ls -l $libs
+echo
+
+have_gcc=""
+if type gcc > /dev/null; then
+	have_gcc=1
+fi
+have_cc=""
+if type cc > /dev/null; then
+	have_cc=1
+fi
+
+if [ "X$have_cc" = "X" ]; then
+	if [ "X$have_gcc" = "X1" ]; then
+		cat > $tmp/cc <<END
+#!/bin/sh
+gcc "\$@"
+END
+		chmod 755 $tmp/cc
+		PATH=$PATH:`pwd`/$tmp
+		type cc
+		type gcc
+	fi
+fi
+
+if [ `uname` = "SunOS" ]; then
+	LDFLAGS_OS="$LDFLAGS_OS -L/usr/sfw/lib -R/usr/sfw/lib"
+	CPPFLAGS_OS="$CPPFLAGS_OS -I /usr/sfw/include"
+elif uname | grep -i bsd > /dev/null; then
+	LDFLAGS_OS="$LDFLAGS_OS -L/usr/local/lib -L/usr/pkg/lib"
+	CPPFLAGS_OS="$CPPFLAGS_OS -I /usr/local/include -I /usr/pkg/include"
+fi
+
+# Do tightvnc viewer:
+#
+tight_src=`ls -td ./src/vnc_unixsrc* | head -1`
+if [ ! -d $tight_src ]; then
+	echo "could not locate tight vnc viewer source"
+	exit 1
+fi
+
+cp -pR "$tight_src" "$tmp/vnc_unixsrc" || exit 1
+
+echo "applying tight vnc patches:"
+start=`pwd`
+cd $tmp;
+failed=0
+for patch in ../../patches/tight*
+do
+	if [ ! -f "$patch" ]; then
+		continue
+	fi
+	patch -p0 < $patch
+	if [ $? != 0 ]; then
+		failed=`expr $failed + 1`
+	fi
+done
+cd "$start"
+if [ $failed != 0 ]; then
+	ball=src/zips/vnc_unixsrc_vncviewer.patched.tar
+	echo "patches failed, trying to use backup tarball:"
+	ls -l $ball
+	sleep 2
+	cat $ball | (cd $tmp; tar -xvf -)
+fi
+echo
+
+
+cd $tmp/vnc_unixsrc
+xmkmf
+make Makefiles
+mv vncviewer/Makefile vncviewer/Makefile.orig
+sed -e "s,EXTRA_LDOPTIONS =,EXTRA_LDOPTIONS = -L$start/$libs $LDFLAGS_OS," \
+    -e "s,CCOPTIONS =,CCOPTIONS = $CPPFLAGS_OS," \
+	vncviewer/Makefile.orig > vncviewer/Makefile
+
+if [ `uname` = "SunOS" ]; then
+	for d in vncviewer libvncauth vncconnect vncpasswd
+	do
+		mv $d/Makefile $d/Makefile.orig
+		sed -e "s,CCOPTIONS =.*\$,CCOPTIONS = $CPPFLAGS_OS," \
+			$d/Makefile.orig > $d/Makefile
+	done
+fi
+
+make depend
+echo $PATH
+make all
+ls -l vncviewer/vncviewer
+cd "$start"
+src=$tmp/vnc_unixsrc/vncviewer/vncviewer
+sync
+sleep 2
+sync
+strip $src
+sync
+sleep 2
+sync
+wc  $src
+sum $src
+sleep 2
+echo cp -p $src $dest/vncviewer
+cp -p $src $dest/vncviewer || exit 1
+sleep 1
+cp -p $src $dest/vncviewer || exit 1
+ls -l $src $dest/vncviewer
+$dest/vncviewer -h
+ldd $dest/vncviewer
+echo ""
+
+# Do stunnel:
+#
+stunnel_src=`ls -td ./src/stunnel* | head -1`
+if [ ! -d $stunnel_src ]; then
+	echo "could not locate stunnel source"
+	exit 1
+fi
+
+cp -pR "$stunnel_src" "$tmp/stunnel" || exit 1
+
+echo "applying stunnel patches:"
+start=`pwd`
+cd $tmp;
+failed=0
+for patch in ../../patches/stunnel*
+do
+	if [ ! -f "$patch" ]; then
+		continue
+	fi
+	patch -p0 < $patch
+	if [ $? != 0 ]; then
+		failed=`expr $failed + 1`
+	fi
+done
+cd "$start"
+if [ $failed != 0 ]; then
+	ball=src/zips/stunnel.patched.tar
+	echo "patches failed, trying to use backup tarball:"
+	ls -l $ball
+	sleep 2
+	cat $ball | (cd $tmp; tar -xvf -)
+fi
+echo
+
+
+cd $tmp/stunnel
+if [ `uname` = "SunOS" ]; then
+	cp configure configure.orig
+	sed -e "s,/var/ssl,/var/ssl /usr/sfw," configure.orig > configure
+fi
+env LDFLAGS="-L$start/$libs $LDFLAGS_OS" CPPFLAGS="$CPPFLAGS_OS" ./configure --disable-libwrap
+make
+ls -l src/stunnel
+cd "$start"
+src=$tmp/stunnel/src/stunnel
+sync
+sleep 2
+sync
+strip $src
+sync
+sleep 2
+sync
+wc  $src
+sum $src
+sleep 2
+echo cp -p $src $dest/stunnel
+cp -p $src $dest/stunnel || exit 1
+sleep 1
+cp -p $src $dest/stunnel || exit 1
+ls -l $src $dest/stunnel
+$dest/stunnel -help
+ldd $dest/stunnel
+echo ""
+
+$dest/vncviewer -h
+ldd $dest/vncviewer
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/filelist.txt b/x11vnc/misc/enhanced_tightvnc_viewer/filelist.txt
new file mode 100644
index 0000000..ab5e95e
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/filelist.txt
@@ -0,0 +1,280 @@
+3277703    4 drwxr-xr-x   6 runge    runge        4096 Sep 13 21:28 .
+3277704    4 drwxr-xr-x   7 runge    runge        4096 Aug  2 10:05 ./src
+3277781    4 drwxr-xr-x   2 runge    runge        4096 Aug  2 10:09 ./src/zips
+3277782  484 -rw-r--r--   1 runge    runge      488512 Jul 25 15:09 ./src/zips/stunnel-4.14.tar.gz
+3277783  212 -rw-r--r--   1 runge    runge      209149 Jul 25 15:10 ./src/zips/tightvnc-1.3dev7_x86_viewer.zip
+3277784 2136 -rw-r--r--   1 runge    runge     2182134 Jul 25 15:11 ./src/zips/tightvnc-1.3dev7_unixsrc.tar.gz
+3277792    4 -rw-r--r--   1 runge    runge         753 Aug  2 10:09 ./src/zips/README
+3277786  364 -rw-r--r--   1 runge    runge      368640 Jul 27 19:06 ./src/zips/vnc_unixsrc_vncviewer.patched.tar
+3277787 1996 -rw-r--r--   1 runge    runge     2037760 Jul 31 23:42 ./src/zips/stunnel.patched.tar
+2982849    4 drwxr-xr-x   2 runge    runge        4096 Sep 10 14:37 ./src/patches
+2982852    4 -rw-r--r--   1 runge    runge        3750 Feb  5  2005 ./src/patches/tight-vncviewer-alphahack.patch
+2982854    4 -rw-r--r--   1 runge    runge        1143 Jul 25 15:25 ./src/patches/tight-vncviewer-fullscreen.patch
+2982865    8 -rw-r--r--   1 runge    runge        7633 Jul 27 19:01 ./src/patches/tight-vncviewer-newfbsize.patch
+2982955    4 -rwxr-xr-x   1 runge    runge        1529 Sep 10 12:07 ./src/patches/_bundle
+2982877    4 -rwxr-xr-x   1 runge    runge          78 Jul 27 14:41 ./src/patches/_getpatches
+2983012    4 -rw-r--r--   1 runge    runge        4072 Jul 31 22:59 ./src/patches/stunnel-maxconn.patch
+2982878    4 -rwxr-xr-x   1 runge    runge         117 Jul 27 19:06 ./src/patches/_vncpatchapplied
+2982880    4 -rw-r--r--   1 runge    runge         223 Aug 24 10:11 ./src/patches/README
+2982850    4 drwxr-xr-x   8 runge    runge        4096 Jul 25 15:21 ./src/vnc_unixsrc
+2982885    4 -rw-r--r--   1 runge    runge         356 Apr 30  2002 ./src/vnc_unixsrc/Imakefile
+2982886   20 -rw-r--r--   1 runge    runge       18000 Jun 11  2000 ./src/vnc_unixsrc/LICENCE.TXT
+2982887   12 -rw-r--r--   1 runge    runge        8341 Jul  4  2005 ./src/vnc_unixsrc/README
+2982888   12 -rw-r--r--   1 runge    runge        9682 Jul  4  2005 ./src/vnc_unixsrc/tightvnc.spec
+2982889    4 -rw-r--r--   1 runge    runge         486 Aug 30  2002 ./src/vnc_unixsrc/vnc-xclients.patch
+2982890    4 -rwxr-xr-x   1 runge    runge        2042 Mar 19  2002 ./src/vnc_unixsrc/vncinstall
+2982891   16 -rwxr-xr-x   1 runge    runge       15239 Jul  4  2005 ./src/vnc_unixsrc/vncserver
+2982892    4 -rwxr-xr-x   1 runge    runge        1726 Aug 30  2002 ./src/vnc_unixsrc/vncserver.init
+2982893    4 -rw-r--r--   1 runge    runge        3070 Aug  7  2002 ./src/vnc_unixsrc/vncserver.man
+4359127    4 drwxr-xr-x   2 runge    runge        4096 Jul 27 16:25 ./src/vnc_unixsrc/classes
+2851413    4 drwxr-xr-x   2 runge    runge        4096 Jul  5  2005 ./src/vnc_unixsrc/include
+2851414   44 -rw-r--r--   1 runge    runge       43296 May 27  2004 ./src/vnc_unixsrc/include/rfbproto.h
+2851415    4 -rw-r--r--   1 runge    runge        1166 Jun 11  2000 ./src/vnc_unixsrc/include/vncauth.h
+2851416    4 drwxr-xr-x   2 runge    runge        4096 Jul  5  2005 ./src/vnc_unixsrc/libvncauth
+2851417    4 -rw-r--r--   1 runge    runge         199 Apr 30  2002 ./src/vnc_unixsrc/libvncauth/Imakefile
+2851418   16 -rw-r--r--   1 runge    runge       15487 Jun 11  2000 ./src/vnc_unixsrc/libvncauth/d3des.c
+2851419    4 -rw-r--r--   1 runge    runge        1618 Jun 11  2000 ./src/vnc_unixsrc/libvncauth/d3des.h
+2851420    8 -rw-r--r--   1 runge    runge        5879 Mar  1  2003 ./src/vnc_unixsrc/libvncauth/vncauth.c
+2851421    4 drwxr-xr-x   2 runge    runge        4096 Jul  5  2005 ./src/vnc_unixsrc/vncconnect
+2851422    4 -rw-r--r--   1 runge    runge         163 Apr 30  2002 ./src/vnc_unixsrc/vncconnect/Imakefile
+2851423    4 -rw-r--r--   1 runge    runge        1167 Nov 10  2000 ./src/vnc_unixsrc/vncconnect/vncconnect.c
+2851424    4 -rw-r--r--   1 runge    runge        1083 Feb  5  2003 ./src/vnc_unixsrc/vncconnect/vncconnect.man
+2851425    4 drwxr-xr-x   2 runge    runge        4096 Jul  5  2005 ./src/vnc_unixsrc/vncpasswd
+2851426    4 -rw-r--r--   1 runge    runge         256 Apr 30  2002 ./src/vnc_unixsrc/vncpasswd/Imakefile
+2851427    8 -rw-r--r--   1 runge    runge        7681 Mar  1  2003 ./src/vnc_unixsrc/vncpasswd/vncpasswd.c
+2851428    4 -rw-r--r--   1 runge    runge        3222 Mar  1  2003 ./src/vnc_unixsrc/vncpasswd/vncpasswd.man
+2851429    4 drwxr-xr-x   2 runge    runge        4096 Aug  3 19:10 ./src/vnc_unixsrc/vncviewer
+2851430    4 -rw-r--r--   1 runge    runge        1057 Mar 12  2003 ./src/vnc_unixsrc/vncviewer/Imakefile
+2851431   16 -rw-r--r--   1 runge    runge       12375 Jul  4  2005 ./src/vnc_unixsrc/vncviewer/README
+2851432    4 -rw-r--r--   1 runge    runge        3198 Feb  7  2003 ./src/vnc_unixsrc/vncviewer/Vncviewer
+2851433   16 -rw-r--r--   1 runge    runge       14159 Jul  4  2005 ./src/vnc_unixsrc/vncviewer/argsresources.c
+2851434    8 -rw-r--r--   1 runge    runge        5362 Apr  1  2003 ./src/vnc_unixsrc/vncviewer/caps.c
+2851435    4 -rw-r--r--   1 runge    runge        2074 Apr  1  2003 ./src/vnc_unixsrc/vncviewer/caps.h
+2851436   16 -rw-r--r--   1 runge    runge       15568 Apr 30  2002 ./src/vnc_unixsrc/vncviewer/colour.c
+2851437    4 -rw-r--r--   1 runge    runge        2295 Jun 11  2000 ./src/vnc_unixsrc/vncviewer/corre.c
+2851438   16 -rw-r--r--   1 runge    runge       14504 Jan 15  2003 ./src/vnc_unixsrc/vncviewer/cursor.c
+2851439   12 -rw-r--r--   1 runge    runge       11832 May 28  2004 ./src/vnc_unixsrc/vncviewer/desktop.c
+2851440    4 -rw-r--r--   1 runge    runge        2621 Oct 26  2000 ./src/vnc_unixsrc/vncviewer/dialogs.c
+2851441   12 -rw-r--r--   1 runge    runge       11671 Oct  9  2003 ./src/vnc_unixsrc/vncviewer/fullscreen.c
+2851442    4 -rw-r--r--   1 runge    runge        3639 Jun 11  2000 ./src/vnc_unixsrc/vncviewer/hextile.c
+2851443    8 -rw-r--r--   1 runge    runge        7463 Jan 16  2001 ./src/vnc_unixsrc/vncviewer/listen.c
+2851444   12 -rw-r--r--   1 runge    runge        9120 Jan 15  2003 ./src/vnc_unixsrc/vncviewer/misc.c
+2851445    4 -rw-r--r--   1 runge    runge        2749 Jun 11  2000 ./src/vnc_unixsrc/vncviewer/popup.c
+2851446   40 -rw-r--r--   1 runge    runge       38923 Mar 11  2004 ./src/vnc_unixsrc/vncviewer/rfbproto.c
+2851447    4 -rw-r--r--   1 runge    runge        2411 Jun 11  2000 ./src/vnc_unixsrc/vncviewer/rre.c
+2851448   12 -rw-r--r--   1 runge    runge        9985 Mar  3  2004 ./src/vnc_unixsrc/vncviewer/selection.c
+2851449    4 -rw-r--r--   1 runge    runge        2439 Jun 11  2000 ./src/vnc_unixsrc/vncviewer/shm.c
+2851450   12 -rw-r--r--   1 runge    runge        9253 Jan 14  2001 ./src/vnc_unixsrc/vncviewer/sockets.c
+2851451   16 -rw-r--r--   1 runge    runge       16069 Apr 30  2002 ./src/vnc_unixsrc/vncviewer/tight.c
+2851452    8 -rw-r--r--   1 runge    runge        6695 Jul 31  2003 ./src/vnc_unixsrc/vncviewer/tunnel.c
+2851453    4 -rw-r--r--   1 runge    runge        4040 Jan 13  2004 ./src/vnc_unixsrc/vncviewer/vncviewer.c
+2851454    8 -rw-r--r--   1 runge    runge        7236 Mar 11  2004 ./src/vnc_unixsrc/vncviewer/vncviewer.h
+2851455   16 -rw-r--r--   1 runge    runge       14478 Mar 11  2004 ./src/vnc_unixsrc/vncviewer/vncviewer.man
+2851456    8 -rw-r--r--   1 runge    runge        4437 Jan 16  2001 ./src/vnc_unixsrc/vncviewer/zlib.c
+2982894   36 -rw-r--r--   1 runge    runge       34369 Jul  5  2005 ./src/vnc_unixsrc/WhatsNew
+2982895   84 -rw-r--r--   1 runge    runge       80366 Jul  5  2005 ./src/vnc_unixsrc/ChangeLog
+2670933    4 drwxr-xr-x   6 runge    runge        4096 Aug  2 09:03 ./src/stunnel-4.14
+3621575    4 drwxr-xr-x   2 runge    runge        4096 Nov  2  2005 ./src/stunnel-4.14/auto
+3621576   44 -rwxr-xr-x   1 runge    runge       43609 Aug 10  2004 ./src/stunnel-4.14/auto/config.guess
+3621577   32 -rwxr-xr-x   1 runge    runge       31160 Aug 10  2004 ./src/stunnel-4.14/auto/config.sub
+3621578   16 -rwxr-xr-x   1 runge    runge       13866 Aug 10  2004 ./src/stunnel-4.14/auto/depcomp
+3621579    8 -rwxr-xr-x   1 runge    runge        7122 Aug 10  2004 ./src/stunnel-4.14/auto/install-sh
+3621580  184 -rw-r--r--   1 runge    runge      184019 Aug 10  2004 ./src/stunnel-4.14/auto/ltmain.sh
+3621581   12 -rwxr-xr-x   1 runge    runge       10266 Aug 10  2004 ./src/stunnel-4.14/auto/missing
+3621582    4 -rwxr-xr-x   1 runge    runge        1988 Aug 10  2004 ./src/stunnel-4.14/auto/mkinstalldirs
+5456722    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 22:47 ./src/stunnel-4.14/src
+5456723    4 -rw-r--r--   1 runge    runge        1594 Oct 15  2005 ./src/stunnel-4.14/src/Makefile.am
+5456724   20 -rw-r--r--   1 runge    runge       19314 Oct 25  2005 ./src/stunnel-4.14/src/Makefile.in
+5456725    4 -rwxr-xr-x   1 runge    runge        2954 Apr 20  2005 ./src/stunnel-4.14/src/stunnel3.in
+5456727    4 -rw-r--r--   1 runge    runge        2376 Dec 31  2004 ./src/stunnel-4.14/src/env.c
+5456728    8 -rw-r--r--   1 runge    runge        7878 Oct 21  2005 ./src/stunnel-4.14/src/common.h
+5456775   12 -rw-r--r--   1 runge    runge       10893 Oct 27  2005 ./src/stunnel-4.14/src/prototypes.h
+5456776   40 -rw-r--r--   1 runge    runge       36917 Oct 24  2005 ./src/stunnel-4.14/src/client.c
+5456777   12 -rw-r--r--   1 runge    runge        9827 Sep 28  2005 ./src/stunnel-4.14/src/log.c
+5456778   44 -rw-r--r--   1 runge    runge       43728 Oct 20  2005 ./src/stunnel-4.14/src/options.c
+5456779   12 -rw-r--r--   1 runge    runge        9137 Apr 11  2005 ./src/stunnel-4.14/src/protocol.c
+5456780   20 -rw-r--r--   1 runge    runge       19335 Oct 30  2005 ./src/stunnel-4.14/src/network.c
+5456781   16 -rw-r--r--   1 runge    runge       12947 Feb 28  2005 ./src/stunnel-4.14/src/resolver.c
+5456782   28 -rw-r--r--   1 runge    runge       25216 Oct 27  2005 ./src/stunnel-4.14/src/ssl.c
+5456783   12 -rw-r--r--   1 runge    runge        9935 Oct 19  2005 ./src/stunnel-4.14/src/sthreads.c
+5456784   16 -rw-r--r--   1 runge    runge       14074 Nov  2  2005 ./src/stunnel-4.14/src/stunnel.c
+5456785   12 -rw-r--r--   1 runge    runge        8254 Jun 13  2005 ./src/stunnel-4.14/src/pty.c
+5456786   32 -rw-r--r--   1 runge    runge       28682 Sep 29  2005 ./src/stunnel-4.14/src/gui.c
+5456787    4 -rw-r--r--   1 runge    runge         227 Nov  5  2002 ./src/stunnel-4.14/src/resources.h
+5456788    4 -rw-r--r--   1 runge    runge        1441 Oct 21  2005 ./src/stunnel-4.14/src/resources.rc
+5456789    8 -rw-r--r--   1 runge    runge        4710 Jul 18  2002 ./src/stunnel-4.14/src/stunnel.ico
+5456791    4 -rw-r--r--   1 runge    runge          76 Jul 18  2002 ./src/stunnel-4.14/src/make.bat
+5456792    4 -rw-r--r--   1 runge    runge        1001 Oct 15  2005 ./src/stunnel-4.14/src/Makefile.w32
+3670989    4 drwxr-xr-x   2 runge    runge        4096 Nov  2  2005 ./src/stunnel-4.14/tools
+3670990    4 -rw-r--r--   1 runge    runge        1448 Sep 14  2005 ./src/stunnel-4.14/tools/Makefile.am
+3670991   12 -rw-r--r--   1 runge    runge       12178 Oct 25  2005 ./src/stunnel-4.14/tools/Makefile.in
+3670992    4 -rw-r--r--   1 runge    runge        1436 Sep 22  2005 ./src/stunnel-4.14/tools/stunnel.conf-sample.in
+3670993    4 -rw-r--r--   1 runge    runge         966 Oct 25  2005 ./src/stunnel-4.14/tools/stunnel.init.in
+3670994    4 -rw-r--r--   1 runge    runge        1121 Jul 18  2002 ./src/stunnel-4.14/tools/ca.html
+3670995    4 -rwxr-xr-x   1 runge    runge        1793 Jul 18  2002 ./src/stunnel-4.14/tools/ca.pl
+3670996    4 -rw-r--r--   1 runge    runge         409 Jul 18  2002 ./src/stunnel-4.14/tools/importCA.html
+3670997    4 -rwxr-xr-x   1 runge    runge         105 Jul 18  2002 ./src/stunnel-4.14/tools/importCA.sh
+3670998    4 -rwxr-xr-x   1 runge    runge         223 Apr 23  2004 ./src/stunnel-4.14/tools/script.sh
+3670999    4 -rw-r--r--   1 runge    runge        2618 Oct 21  2005 ./src/stunnel-4.14/tools/stunnel.spec
+3671000    4 -rw-r--r--   1 runge    runge        2989 Jul  6  2005 ./src/stunnel-4.14/tools/stunnel.mak
+3671001    4 -rw-r--r--   1 runge    runge        1175 Sep  1  2002 ./src/stunnel-4.14/tools/stunnel.cnf
+3671002    4 -rw-r--r--   1 runge    runge        3285 Oct 21  2005 ./src/stunnel-4.14/tools/stunnel.nsi
+3671003    4 -rw-r--r--   1 runge    runge        1148 Sep 22  2005 ./src/stunnel-4.14/tools/stunnel.conf
+2670934    4 -rw-r--r--   1 runge    runge         725 Aug 12  2002 ./src/stunnel-4.14/README
+2670935   12 -rw-r--r--   1 runge    runge        8824 Oct 25  2005 ./src/stunnel-4.14/configure.ac
+2670936  240 -rw-r--r--   1 runge    runge      239347 Oct 25  2005 ./src/stunnel-4.14/aclocal.m4
+2670937    4 -rw-r--r--   1 runge    runge        1273 Sep 14  2005 ./src/stunnel-4.14/Makefile.am
+2670938   24 -rw-r--r--   1 runge    runge       20876 Oct 25  2005 ./src/stunnel-4.14/Makefile.in
+2670939  768 -rwxr-xr-x   1 runge    runge      780103 Oct 25  2005 ./src/stunnel-4.14/configure
+2670940    4 -rw-r--r--   1 runge    runge          99 Aug 12  2002 ./src/stunnel-4.14/AUTHORS
+2670941    4 -rw-r--r--   1 runge    runge         788 Sep 13  2002 ./src/stunnel-4.14/COPYING
+2670942   28 -rw-r--r--   1 runge    runge       25682 Nov  2  2005 ./src/stunnel-4.14/ChangeLog
+2670943    4 -rw-r--r--   1 runge    runge        1066 Aug 10  2002 ./src/stunnel-4.14/INSTALL
+2670944    4 -rw-r--r--   1 runge    runge         955 Aug 12  2002 ./src/stunnel-4.14/NEWS
+2670945    4 -rw-r--r--   1 runge    runge        1461 Jul 27  2005 ./src/stunnel-4.14/TODO
+2670946    4 -rw-r--r--   1 runge    runge         222 Jul 18  2002 ./src/stunnel-4.14/PORTS
+2670947    4 -rw-r--r--   1 runge    runge         270 Aug  9  2004 ./src/stunnel-4.14/BUGS
+2671491   20 -rw-r--r--   1 runge    runge       17982 Jul 18  2002 ./src/stunnel-4.14/COPYRIGHT.GPL
+2671492    4 -rw-r--r--   1 runge    runge         199 Jul 18  2002 ./src/stunnel-4.14/CREDITS
+2671493    4 -rw-r--r--   1 runge    runge         687 Jul 21  2005 ./src/stunnel-4.14/INSTALL.W32
+5653462    4 drwxr-xr-x   4 runge    runge        4096 Jul 30 17:46 ./src/stunnel-4.14/doc
+5653463    4 -rw-r--r--   1 runge    runge        1009 Jan 15  2005 ./src/stunnel-4.14/doc/Makefile.am
+5653464   12 -rw-r--r--   1 runge    runge       12152 Oct 25  2005 ./src/stunnel-4.14/doc/Makefile.in
+5653465   16 -rw-r--r--   1 runge    runge       16341 Sep 29  2005 ./src/stunnel-4.14/doc/stunnel.pod
+5653466   20 -rw-r--r--   1 runge    runge       18829 Sep 29  2005 ./src/stunnel-4.14/doc/stunnel.pl.pod
+5653467   20 -rw-r--r--   1 runge    runge       17798 Dec 25  2004 ./src/stunnel-4.14/doc/stunnel.fr.pod
+5653468   24 -rw-r--r--   1 runge    runge       23885 Sep 29  2005 ./src/stunnel-4.14/doc/stunnel.8
+5653469   28 -rw-r--r--   1 runge    runge       26536 Sep 29  2005 ./src/stunnel-4.14/doc/stunnel.pl.8
+5653470   28 -rw-r--r--   1 runge    runge       24864 Jan 15  2005 ./src/stunnel-4.14/doc/stunnel.fr.8
+5653471   28 -rw-r--r--   1 runge    runge       26128 Sep 29  2005 ./src/stunnel-4.14/doc/stunnel.html
+5653472   32 -rw-r--r--   1 runge    runge       28753 Sep 29  2005 ./src/stunnel-4.14/doc/stunnel.pl.html
+5653473   28 -rw-r--r--   1 runge    runge       27205 Jan 15  2005 ./src/stunnel-4.14/doc/stunnel.fr.html
+4342742    4 drwxr-xr-x   2 runge    runge        4096 Jul 18  2002 ./src/stunnel-4.14/doc/en
+4342743   12 -rw-r--r--   1 runge    runge        8414 Jul 18  2002 ./src/stunnel-4.14/doc/en/VNC_StunnelHOWTO.html
+4342744    4 -rw-r--r--   1 runge    runge        4045 Jul 18  2002 ./src/stunnel-4.14/doc/en/transproxy.txt
+4342745    4 drwxr-xr-x   2 runge    runge        4096 Jul 18  2002 ./src/stunnel-4.14/doc/pl
+4342746   36 -rw-r--r--   1 runge    runge       36360 Jul 18  2002 ./src/stunnel-4.14/doc/pl/tworzenie_certyfikatow.html
+4342747    8 -rw-r--r--   1 runge    runge        5068 Jul 18  2002 ./src/stunnel-4.14/doc/pl/faq.stunnel-2.html
+3653836    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:44 ./src/tmp
+3277788    4 -rw-r--r--   1 runge    runge         301 Aug  2 10:05 ./src/README
+2851457    4 drwxr-xr-x  12 runge    runge        4096 Aug 29 16:32 ./bin
+2261930    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:00 ./bin/Linux.i686
+2261967  196 -rwxr-xr-x   1 runge    runge      193076 Jul 31 22:59 ./bin/Linux.i686/vncviewer
+2261999   80 -rwxr-xr-x   1 runge    runge       77148 Jul 31 23:00 ./bin/Linux.i686/stunnel
+5538622    4 drwxr-xr-x   2 runge    runge        4096 Sep 12 21:24 ./bin/util
+5538759   12 -rwxr-xr-x   1 runge    runge       12148 Sep 12 21:24 ./bin/util/ssl_vncviewer
+5538760  136 -rwxr-xr-x   1 runge    runge      132853 Sep 12 21:17 ./bin/util/ssl_tightvncviewer.tcl
+5538641    4 -rw-r--r--   1 runge    runge         981 Aug  4 09:27 ./bin/util/stunnel-server.conf
+2851794    4 -rwxr-xr-x   1 runge    runge        3581 Jul 31 23:00 ./bin/ssl_tightvncviewer
+2851592    4 -rwxr-xr-x   1 runge    runge        3752 Jul 31 23:01 ./bin/tightvncviewer
+2425590    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:30 ./bin/Linux.alpha
+2425595  100 -rwxr-xr-x   1 runge    runge       97504 Jul 31 23:30 ./bin/Linux.alpha/stunnel
+2425596  272 -rwxr-xr-x   1 runge    runge      274312 Jul 31 23:24 ./bin/Linux.alpha/vncviewer
+3883808    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:24 ./bin/Linux.x86_64
+3883809   84 -rwxr-xr-x   1 runge    runge       77896 Jul 31 23:24 ./bin/Linux.x86_64/stunnel
+3883810  112 -rwxr-xr-x   1 runge    runge      109656 Jul 31 23:23 ./bin/Linux.x86_64/vncviewer
+3883811    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:27 ./bin/FreeBSD.i386
+3883812   68 -rwxr-xr-x   1 runge    runge       64660 Jul 31 23:27 ./bin/FreeBSD.i386/stunnel
+3883813  180 -rwxr-xr-x   1 runge    runge      176796 Jul 31 23:24 ./bin/FreeBSD.i386/vncviewer
+3687167    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:27 ./bin/OpenBSD.i386
+3687164   76 -rwxr-xr-x   1 runge    runge       72260 Jul 31 23:27 ./bin/OpenBSD.i386/stunnel
+3687165  180 -rwxr-xr-x   1 runge    runge      179036 Jul 31 23:24 ./bin/OpenBSD.i386/vncviewer
+4359128    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:27 ./bin/NetBSD.i386
+4359129   72 -rwxr-xr-x   1 runge    runge       69064 Jul 31 23:27 ./bin/NetBSD.i386/stunnel
+4359130  176 -rwxr-xr-x   1 runge    runge      172624 Jul 31 23:24 ./bin/NetBSD.i386/vncviewer
+2851458    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:25 ./bin/Linux.ppc64
+2851459   76 -rwxr-xr-x   1 runge    runge       72856 Jul 31 23:25 ./bin/Linux.ppc64/stunnel
+2851460  196 -rwxr-xr-x   1 runge    runge      196112 Jul 31 23:24 ./bin/Linux.ppc64/vncviewer
+3064794    4 drwxr-xr-x   2 runge    runge        4096 Jul 31 23:47 ./bin/SunOS.sun4u
+3064795  108 -rwxr-xr-x   1 runge    runge      106260 Jul 31 23:45 ./bin/SunOS.sun4u/vncviewer
+3064796   76 -rwxr-xr-x   1 runge    runge       71748 Jul 31 23:47 ./bin/SunOS.sun4u/stunnel
+2851711    4 -rwxr-xr-x   1 runge    runge        1310 Aug 29 16:29 ./bin/ssl_vnc_gui
+2851793    4 -rwxr-xr-x   1 runge    runge         640 Jul 31 17:22 ./bin/.linkin
+3293942    4 drwxr-xr-x   2 runge    runge        4096 Aug  1 22:14 ./bin/profiles
+3277791    8 -rwxr-xr-x   1 runge    runge        4814 Jul 30 17:54 ./build.unix
+3277785   20 -rw-r--r--   1 runge    runge       18043 Aug  1  2001 ./COPYING
+3277827    8 -rw-r--r--   1 runge    runge        7222 Sep 10 16:04 ./README
+5063553    4 drwxr-xr-x   3 runge    runge        4096 Jul 27 16:32 ./man
+5063554    4 drwxr-xr-x   2 runge    runge        4096 Jul 27 16:33 ./man/man1
+5063556   16 -rw-r--r--   1 runge    runge       14478 Jul 27 16:32 ./man/man1/vncviewer.1
+5063557   24 -rw-r--r--   1 runge    runge       23885 Jul 27 16:33 ./man/man1/stunnel.1
+5538624    4 drwxr-xr-x   4 runge    runge        4096 Sep  6 16:30 ./Windows
+5538633 2312 -rw-r--r--   1 runge    runge     2361922 Sep 12 22:27 ./Windows/ssl_tightvncviewer.exe
+5538576    4 -rw-r--r--   1 runge    runge        2149 Aug  2 09:42 ./Windows/README.txt
+3293943    4 drwxr-xr-x   2 runge    runge        4096 Aug  1 22:14 ./Windows/profiles
+4621136    4 drwxr-xr-x   5 runge    runge        4096 Sep  6 16:30 ./Windows/util
+5096237    4 drwxr-xr-x   2 runge    runge        4096 Sep  2 16:06 ./Windows/util/esound
+5096238  148 -rw-rw-rw-   1 runge    runge      146432 Jun 26  2004 ./Windows/util/esound/cygaudiofile.dll
+5096239   60 -rw-rw-rw-   1 runge    runge       53270 Feb 19  2003 ./Windows/util/esound/cygesd.dll
+5096241 1132 -rw-rw-rw-   1 runge    runge     1153417 May 26  2004 ./Windows/util/esound/cygwin1.dll
+5096242   68 -rw-r--r--   1 runge    runge       65385 Feb 19  2003 ./Windows/util/esound/esd.exe
+5096248   24 -rw-r--r--   1 runge    runge       21282 Feb 19  2003 ./Windows/util/esound/esdcat.exe
+5096249   32 -rw-r--r--   1 runge    runge       32330 Feb 19  2003 ./Windows/util/esound/esdctl.exe
+5096251   24 -rw-r--r--   1 runge    runge       21428 Feb 19  2003 ./Windows/util/esound/esdfilt.exe
+5096252   24 -rw-r--r--   1 runge    runge       22643 Feb 19  2003 ./Windows/util/esound/esdloop.exe
+5096253   24 -rw-r--r--   1 runge    runge       21264 Feb 19  2003 ./Windows/util/esound/esdmon.exe
+5096254   28 -rw-r--r--   1 runge    runge       24835 Feb 19  2003 ./Windows/util/esound/esdplay.exe
+5096255   24 -rw-r--r--   1 runge    runge       21288 Feb 19  2003 ./Windows/util/esound/esdrec.exe
+5096256   28 -rw-r--r--   1 runge    runge       25151 Feb 19  2003 ./Windows/util/esound/esdsample.exe
+5096258    4 -rw-r--r--   1 runge    runge          51 Sep  2 16:05 ./Windows/util/esound/example.bat
+4621144 1132 -rwxr-xr-x   1 runge    runge     1153024 Mar 23  2005 ./Windows/util/openssl.exe
+5538626 1548 -rwxr-xr-x   1 runge    runge     1578787 Mar 23  2005 ./Windows/util/libeay32.dll
+5538629  624 -rwxr-xr-x   1 runge    runge      632226 Mar 23  2005 ./Windows/util/libssl32.dll
+4621310  128 -rw-r--r--   1 runge    runge      126976 Sep  4 10:56 ./Windows/util/pageant.exe
+4621311  164 -rw-r--r--   1 runge    runge      163840 Sep  4 10:57 ./Windows/util/puttygen.exe
+5538631   76 -rwxr-xr-x   1 runge    runge       73728 Feb 26  2006 ./Windows/util/stunnel.exe
+5538625  360 -rwxr-xr-x   1 runge    runge      364544 Jul  5  2005 ./Windows/util/vncviewer.exe
+4621143  260 -rw-r--r--   1 runge    runge      262144 Sep  2 21:19 ./Windows/util/plink.exe
+3293944    4 drwxr-xr-x   8 runge    runge        4096 Sep  5 20:57 ./Windows/util/info
+3293945    4 drwxr-xr-x   2 runge    runge        4096 Aug  2 09:40 ./Windows/util/info/vncviewer
+5538627   20 -rw-r--r--   1 runge    runge       18340 Jul  6  2005 ./Windows/util/info/vncviewer/LICENCE.txt
+5538628    4 -rw-r--r--   1 runge    runge        1238 Jul  6  2005 ./Windows/util/info/vncviewer/README.txt
+3294015    4 -rw-r--r--   1 runge    runge          24 Aug  2 09:39 ./Windows/util/info/vncviewer/location.url
+3294016    4 -rw-r--r--   1 runge    runge          38 Aug  2 09:39 ./Windows/util/info/vncviewer/download.url
+3293947    4 drwxr-xr-x   2 runge    runge        4096 Aug  2 09:38 ./Windows/util/info/stunnel
+3293948    4 -rw-r--r--   1 runge    runge          99 Aug 12  2002 ./Windows/util/info/stunnel/AUTHORS
+3293949    4 -rw-r--r--   1 runge    runge         788 Sep 13  2002 ./Windows/util/info/stunnel/COPYING
+3293950   20 -rw-r--r--   1 runge    runge       17982 Jul 18  2002 ./Windows/util/info/stunnel/COPYRIGHT.GPL
+3293951    4 -rw-r--r--   1 runge    runge         199 Jul 18  2002 ./Windows/util/info/stunnel/CREDITS
+3293952    4 -rw-r--r--   1 runge    runge         687 Jul 21  2005 ./Windows/util/info/stunnel/INSTALL.W32
+3293953    4 -rw-r--r--   1 runge    runge         725 Aug 12  2002 ./Windows/util/info/stunnel/README
+3293954   28 -rw-r--r--   1 runge    runge       25682 Nov  2  2005 ./Windows/util/info/stunnel/ChangeLog
+3293955    4 -rw-r--r--   1 runge    runge        1066 Aug 10  2002 ./Windows/util/info/stunnel/INSTALL
+3293956    4 -rw-r--r--   1 runge    runge         955 Aug 12  2002 ./Windows/util/info/stunnel/NEWS
+3293958    4 -rw-r--r--   1 runge    runge         222 Jul 18  2002 ./Windows/util/info/stunnel/PORTS
+3293959    4 -rw-r--r--   1 runge    runge        1461 Jul 27  2005 ./Windows/util/info/stunnel/TODO
+3293960   28 -rw-r--r--   1 runge    runge       26128 Sep 29  2005 ./Windows/util/info/stunnel/stunnel.html
+3293969   16 -rw-r--r--   1 runge    runge       14638 Aug  2 09:37 ./Windows/util/info/stunnel/download.html
+3294011    4 -rw-r--r--   1 runge    runge          47 Aug  2 09:15 ./Windows/util/info/stunnel/download.url
+3294012   24 -rw-r--r--   1 runge    runge       21815 Aug  2 09:13 ./Windows/util/info/stunnel/location.html
+3294013    4 -rw-r--r--   1 runge    runge          46 Aug  2 09:13 ./Windows/util/info/stunnel/location.url
+3293961    4 drwxr-xr-x   2 runge    runge        4096 Aug  2 09:37 ./Windows/util/info/openssl
+3293965    4 -rw-r--r--   1 runge    runge          47 Aug  2 09:15 ./Windows/util/info/openssl/download.url
+3293963    4 -rw-r--r--   1 runge    runge          46 Aug  2 09:13 ./Windows/util/info/openssl/location.url
+3293964    4 -rw-r--r--   1 runge    runge        3489 Nov 28  2005 ./Windows/util/info/openssl/COPYRIGHT.SSLeay
+3293967   16 -rw-r--r--   1 runge    runge       14638 Aug  2 09:37 ./Windows/util/info/openssl/download.html
+3293962   24 -rw-r--r--   1 runge    runge       21815 Aug  2 09:13 ./Windows/util/info/openssl/location.html
+2261824    4 drwxr-xr-x   2 runge    runge        4096 Aug  2 09:36 ./Windows/util/info/plink
+3293966    4 -rw-r--r--   1 runge    runge        3549 Aug  2 09:35 ./Windows/util/info/plink/licence.html
+3293968    4 -rw-r--r--   1 runge    runge          65 Aug  2 09:35 ./Windows/util/info/plink/licence.url
+2261825   28 -rw-r--r--   1 runge    runge       24744 Aug  2 09:35 ./Windows/util/info/plink/download.html
+2261826    4 -rw-r--r--   1 runge    runge          66 Aug  2 09:35 ./Windows/util/info/plink/download.url
+2229126    4 drwxr-xr-x   2 runge    runge        4096 Sep  3 12:09 ./Windows/util/info/esound
+2229127   20 -rw-r--r--   1 runge    runge       17992 Sep  3 12:09 ./Windows/util/info/esound/COPYING
+2229128    4 -rw-r--r--   1 runge    runge          40 Sep  3 12:07 ./Windows/util/info/esound/download.url
+2229129   28 -rw-r--r--   1 runge    runge       25265 Sep  3 12:09 ./Windows/util/info/esound/COPYING.LIB
+2229130    4 -rw-r--r--   1 runge    runge        2153 Sep  3 12:09 ./Windows/util/info/esound/AUTHORS
+2229131    4 -rw-r--r--   1 runge    runge        1936 Sep  3 12:09 ./Windows/util/info/esound/README
+2229132    4 -rw-r--r--   1 runge    runge         178 Sep  3 12:09 ./Windows/util/info/esound/MAINTAINERS
+3113803    4 drwxr-xr-x   2 runge    runge        4096 Sep  5 20:58 ./Windows/util/info/netcat
+3113804    8 -rw-r--r--   1 runge    runge        6833 Dec 27  2004 ./Windows/util/info/netcat/readme.txt
+3113805   20 -rw-r--r--   1 runge    runge       18009 Dec 27  2004 ./Windows/util/info/netcat/license.txt
+3064790    4 drwxr-xr-x   2 runge    runge        4096 Aug  2 09:40 ./Windows/util/w98
+4621137  120 -rw-r--r--   1 runge    runge      118524 Feb 26  1997 ./Windows/util/w98/kill.exe
+4621138  116 -rw-r--r--   1 runge    runge      114240 Feb 26  1997 ./Windows/util/w98/tlist.exe
+3064797   24 -rw-r--r--   1 runge    runge       24576 Apr 30  1998 ./Windows/util/w98/README.DOC
+3064799    4 -rw-r--r--   1 runge    runge          75 Aug  2 08:56 ./Windows/util/w98/location.url
+4621140    4 -rw-r--r--   1 runge    runge         981 Aug  4 09:27 ./Windows/util/stunnel-server.conf
+4621142    4 -rw-r--r--   1 runge    runge        1173 Aug  4 09:27 ./Windows/util/stunnel-client.conf
+4621312   64 -rw-r--r--   1 runge    runge       61440 Dec 29  2004 ./Windows/util/netcat.exe
+5538607  416 -rw-r--r--   1 runge    runge      421888 Sep  6 14:14 ./Windows/util/putty.exe
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/README b/x11vnc/misc/enhanced_tightvnc_viewer/src/README
new file mode 100644
index 0000000..6630db9
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/README
@@ -0,0 +1,7 @@
+
+In this directory we have source zip/tgz files in zip/, the patches
+we created in patches/, a temporary build dir (used by build.unix)
+in tmp/, and unpacked sources in vnc_unixsrc/ and stunnel-4.14/ (used
+by the build.unix script).
+
+See the README in the directory one level up for more information.
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/README b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/README
new file mode 100644
index 0000000..9451e7e
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/README
@@ -0,0 +1,6 @@
+All of the patch files and scripts in this directory are
+
+  Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com>
+
+and are licensed by the GPL.  See the README and COPYING files two
+directories up for more information.
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
new file mode 100755
index 0000000..c2eec84
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+rm -rf ./src/tmp/* || exit 1
+vers=1.0.3
+
+cd .. || exit 1
+
+if [ -f enhanced_tightvnc_viewer-$vers.zip ]; then
+	mv enhanced_tightvnc_viewer-$vers.zip enhanced_tightvnc_viewer-$vers.zip~
+fi
+rm -f enhanced_tightvnc_viewer_all-$vers.zip
+rm -f enhanced_tightvnc_viewer-$vers.zip
+zip -9 -r enhanced_tightvnc_viewer_all-$vers.zip enhanced_tightvnc_viewer
+zip -9 -r enhanced_tightvnc_viewer-$vers.zip enhanced_tightvnc_viewer -x '*.zip' '*.tar.gz'
+tar cvf - --exclude='*.zip' --exclude='*.tar.gz' enhanced_tightvnc_viewer | gzip -9 >  enhanced_tightvnc_viewer-$vers.tar.gz
+tar cvf - --exclude='*.zip' --exclude='*.tar.gz' --exclude='*.dll' --exclude='*.exe' --exclude enhanced_tightvnc_viewer/Windows/util enhanced_tightvnc_viewer | gzip -9 >  enhanced_tightvnc_viewer_no_windows-$vers.tar.gz
+
+ls -l enhanced_tightvnc_viewer*-$vers.*
+
+###########################################
+
+rm -rf enhanced_tightvnc_viewer_windows_only-${vers}*
+
+cp -pR enhanced_tightvnc_viewer enhanced_tightvnc_viewer_windows_only-$vers
+rm -rf enhanced_tightvnc_viewer_windows_only-$vers/{src,bin,man}/*
+rm -rf enhanced_tightvnc_viewer_windows_only-$vers/bin/.linkin
+cp -p enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl  enhanced_tightvnc_viewer_windows_only-$vers/Windows/util
+
+rm -f enhanced_tightvnc_viewer_windows_only-$vers.zip
+zip -9 -r enhanced_tightvnc_viewer_windows_only-$vers.zip enhanced_tightvnc_viewer_windows_only-$vers
+
+ls -l enhanced_tightvnc_viewer_windows_only-$vers.zip
+rm -rf enhanced_tightvnc_viewer_windows_only-${vers}
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches
new file mode 100755
index 0000000..8fa3645
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cp -p /dist/src/apps/VNC/tight_vnc_1.3dev5/tight-vncviewer*patch .
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_vncpatchapplied b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_vncpatchapplied
new file mode 100755
index 0000000..0ff1931
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_vncpatchapplied
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+make clean
+rm -f *.o
+cd ../..
+tar -cvf ../../zips/vnc_unixsrc_vncviewer.patched.tar vnc_unixsrc/vncviewer
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.patch b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.patch
new file mode 100644
index 0000000..7067a7c
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.patch
@@ -0,0 +1,124 @@
+diff -Naur stunnel.orig/src/client.c stunnel/src/client.c
+--- stunnel.orig/src/client.c	2005-10-24 14:00:56.000000000 -0400
++++ stunnel/src/client.c	2006-07-31 21:51:37.000000000 -0400
+@@ -126,6 +126,10 @@
+     s_log(LOG_DEBUG, "%s finished (%d left)", c->opt->servname,
+         --num_clients);
+     leave_critical_section(CRIT_CLIENTS);
++    if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
++            s_log(LOG_NOTICE, "client() finished: exceeded maxconn");
++	    exit(0);
++    }
+ #endif
+     free(c);
+ #ifdef DEBUG_STACK_SIZE
+diff -Naur stunnel.orig/src/network.c stunnel/src/network.c
+--- stunnel.orig/src/network.c	2005-10-30 16:35:42.000000000 -0500
++++ stunnel/src/network.c	2006-07-31 21:53:49.000000000 -0400
+@@ -329,6 +329,10 @@
+         /* no logging is possible in a signal handler */
+ #ifdef USE_FORK
+         num_clients--; /* one client less */
++        if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
++                s_log(LOG_NOTICE, "sigchld_handler() finished: exceeded maxconn");
++                exit(0);
++        }
+ #endif /* USE_FORK */
+     }
+ #else /* __sgi */
+@@ -375,6 +379,10 @@
+     if((pid=wait(&status))>0) {
+         num_clients--; /* one client less */
+ #endif
++        if (num_clients <= 0 && options.maxconn > 0 && num_conn >= options.maxconn) {
++                s_log(LOG_NOTICE, "client_status() finished: exceeded maxconn");
++                exit(0);
++        }
+ #ifdef WIFSIGNALED
+         if(WIFSIGNALED(status)) {
+             s_log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
+diff -Naur stunnel.orig/src/options.c stunnel/src/options.c
+--- stunnel.orig/src/options.c	2005-10-20 03:12:07.000000000 -0400
++++ stunnel/src/options.c	2006-07-31 22:49:57.000000000 -0400
+@@ -665,6 +665,24 @@
+         break;
+     }
+ 
++    /* maxconn */
++    switch(cmd) {
++    case CMD_INIT:
++        options.maxconn=0;
++        break;
++    case CMD_EXEC:
++        if(strcasecmp(opt, "maxconn"))
++            break;
++        options.maxconn=atoi(arg);
++            return NULL; /* OK */
++    case CMD_DEFAULT:
++        log_raw("%-15s = 0", "maxconn");
++        break;
++    case CMD_HELP:
++        log_raw("%-15s = maximum number of accepted connections", "maxconn");
++        break;
++    }
++
+     if(cmd==CMD_EXEC)
+         return option_not_found;
+     return NULL; /* OK */
+diff -Naur stunnel.orig/src/prototypes.h stunnel/src/prototypes.h
+--- stunnel.orig/src/prototypes.h	2005-10-27 05:41:28.000000000 -0400
++++ stunnel/src/prototypes.h	2006-07-31 22:49:36.000000000 -0400
+@@ -44,6 +44,7 @@
+ /**************************************** Prototypes for stunnel.c */
+ 
+ extern int num_clients;
++extern int num_conn;
+ 
+ void main_initialize(char *, char *);
+ void main_execute(void);
+@@ -113,6 +114,7 @@
+     long session_timeout;
+     int verify_level;
+     int verify_use_only_my;
++    int maxconn;
+     long ssl_options;
+ 
+         /* some global data for stunnel.c */
+diff -Naur stunnel.orig/src/stunnel.c stunnel/src/stunnel.c
+--- stunnel.orig/src/stunnel.c	2005-11-02 15:18:42.000000000 -0500
++++ stunnel/src/stunnel.c	2006-07-31 21:40:04.000000000 -0400
+@@ -53,6 +53,7 @@
+ #endif
+ 
+ int num_clients=0; /* Current number of clients */
++int num_conn=0;    /* Total number of connections */
+ 
+     /* Functions */
+ 
+@@ -138,6 +139,7 @@
+     }
+ 
+     num_clients=0;
++    num_conn=0;
+ 
+     /* bind local ports */
+     for(opt=local_options.next; opt; opt=opt->next) {
+@@ -222,6 +224,18 @@
+                 return; /* error */
+         }
+     }
++    num_conn++;
++fprintf(stderr, "num_conn: %d\n", num_conn);
++    if (options.maxconn > 0 && num_conn > options.maxconn) {
++        s_log(LOG_WARNING, "Connection rejected: exceeded maxconn (%d>%d)",
++            num_conn, options.maxconn);
++        closesocket(s);
++	if (num_clients == 0) {
++            s_log(LOG_WARNING, "Finished via maxconn.");
++            exit(0);
++	}
++        return;
++    }
+     s_ntop(from_address, &addr);
+     s_log(LOG_DEBUG, "%s accepted FD=%d from %s",
+         opt->servname, s, from_address);
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-fullscreen.patch b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-fullscreen.patch
new file mode 100644
index 0000000..97494ee
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-fullscreen.patch
@@ -0,0 +1,42 @@
+--- vnc_unixsrc.orig/vncviewer/fullscreen.c	2003-10-09 05:23:49.000000000 -0400
++++ vnc_unixsrc/vncviewer/fullscreen.c	2004-12-26 21:21:44.000000000 -0500
+@@ -173,9 +173,15 @@
+   XtVaSetValues(popup, XtNoverrideRedirect, True, NULL);
+ 
+   /* Try to get the input focus. */
+-
++ 
++#if 0
+   XSetInputFocus(dpy, DefaultRootWindow(dpy), RevertToPointerRoot,
+ 		 CurrentTime);
++#else
++  XSetInputFocus(dpy, PointerRoot, RevertToPointerRoot,
++                 CurrentTime);
++#endif
++
+ 
+   /* Optionally, grab the keyboard. */
+ 
+@@ -184,6 +190,10 @@
+ 		     GrabModeAsync, CurrentTime) != GrabSuccess) {
+     fprintf(stderr, "XtGrabKeyboard() failed.\n");
+   }
++if (getenv("VNCVIEWER_GRAB_SERVER") != NULL) { /* runge bot of FullScreenOn */
++        fprintf(stderr, "calling XGrabServer(dpy)\n");
++        XGrabServer(dpy);       
++}
+ }
+ 
+ 
+@@ -210,6 +220,11 @@
+ 
+   appData.fullScreen = False;
+ 
++if (getenv("VNCVIEWER_GRAB_SERVER") != NULL) { /* runge top of FullScreenOff */
++        fprintf(stderr, "calling XUngrabServer(dpy)\n");
++        XUngrabServer(dpy);     
++}
++
+   if (appData.grabKeyboard)
+     XtUngrabKeyboard(desktop, CurrentTime);
+ 
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-newfbsize.patch b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-newfbsize.patch
new file mode 100644
index 0000000..d9eb114
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-newfbsize.patch
@@ -0,0 +1,285 @@
+--- vnc_unixsrc.orig/vncviewer/desktop.c	2004-05-28 13:29:29.000000000 -0400
++++ vnc_unixsrc/vncviewer/desktop.c	2006-07-27 11:30:01.000000000 -0400
+@@ -50,6 +50,30 @@
+   },
+ };
+ 
++void create_image() {
++  image = NULL;
++
++#ifdef MITSHM
++  if (appData.useShm) {
++    image = CreateShmImage();
++    if (!image)
++      appData.useShm = False;
++  }
++#endif
++
++  if (!image) {
++    image = XCreateImage(dpy, vis, visdepth, ZPixmap, 0, NULL,
++			 si.framebufferWidth, si.framebufferHeight,
++			 BitmapPad(dpy), 0);
++
++    image->data = malloc(image->bytes_per_line * image->height);
++    if (!image->data) {
++      fprintf(stderr,"malloc failed\n");
++      exit(1);
++    }
++  }
++}
++
+ 
+ /*
+  * DesktopInitBeforeRealization creates the "desktop" widget and the viewport
+@@ -82,30 +106,9 @@
+   for (i = 0; i < 256; i++)
+     modifierPressed[i] = False;
+ 
+-  image = NULL;
+-
+-#ifdef MITSHM
+-  if (appData.useShm) {
+-    image = CreateShmImage();
+-    if (!image)
+-      appData.useShm = False;
+-  }
+-#endif
+-
+-  if (!image) {
+-    image = XCreateImage(dpy, vis, visdepth, ZPixmap, 0, NULL,
+-			 si.framebufferWidth, si.framebufferHeight,
+-			 BitmapPad(dpy), 0);
+-
+-    image->data = malloc(image->bytes_per_line * image->height);
+-    if (!image->data) {
+-      fprintf(stderr,"malloc failed\n");
+-      exit(1);
+-    }
+-  }
++  create_image();
+ }
+ 
+-
+ /*
+  * DesktopInitAfterRealization does things which require the X windows to
+  * exist.  It creates some GCs and sets the dot cursor.
+@@ -460,3 +463,69 @@
+     break;
+   }
+ }
++
++static void reset_image(void) {
++	if (UsingShm()) {
++		ShmCleanup();
++	} else {
++		if (image && image->data) {
++			free(image->data);
++			XDestroyImage(image);
++			image = NULL;
++		}
++	}
++	create_image();
++	XFlush(dpy);
++}
++
++void ReDoDesktop(void) {
++	int w, h, x, y, dw, dh;
++
++	if (appData.fullScreen) {
++		if (image && image->data) {
++			int len;
++			int h = image->height;
++			int w = image->width;
++			len = image->bytes_per_line * image->height;
++			/* black out window first: */
++			memset(image->data, 0, len);
++  			XPutImage(dpy, XtWindow(desktop), gc, image, 0, 0, 0, 0, w, h);
++			XFlush(dpy);
++		}
++		XtResizeWidget(desktop, si.framebufferWidth, si.framebufferHeight, 0);
++		XSync(dpy, False);
++		usleep(100*1000);
++		FullScreenOn();
++		XSync(dpy, False);
++		usleep(100*1000);
++		reset_image();
++		return;
++	}
++
++	dw = appData.wmDecorationWidth;
++	dh = appData.wmDecorationHeight;
++
++	w = si.framebufferWidth;
++	h = si.framebufferHeight;
++
++	if (w + dw >= dpyWidth) {
++		w = dpyWidth - dw;
++	}
++	if (h + dh >= dpyHeight) {
++		h = dpyHeight - dh;
++	}
++
++	XtVaSetValues(toplevel, XtNmaxWidth, w, XtNmaxHeight, h, NULL);
++
++	XtVaSetValues(desktop, XtNwidth, si.framebufferWidth,
++	    XtNheight, si.framebufferHeight, NULL);
++
++	x = (dpyWidth  - w - dw)/2;
++	y = (dpyHeight - h - dh)/2;
++
++	XtResizeWidget(desktop, si.framebufferWidth, si.framebufferHeight, 0);
++
++	XtConfigureWidget(toplevel, x + dw, y + dh, w, h, 0);
++
++	reset_image();
++}
+--- vnc_unixsrc.orig/vncviewer/fullscreen.c	2003-10-09 05:23:49.000000000 -0400
++++ vnc_unixsrc/vncviewer/fullscreen.c	2006-07-27 14:36:06.000000000 -0400
+@@ -85,10 +85,13 @@
+   Dimension oldViewportWidth, oldViewportHeight, clipWidth, clipHeight;
+   Position viewportX, viewportY;
+ 
++  Bool fsAlready = appData.fullScreen, toobig = False;
++
+   appData.fullScreen = True;
+ 
+   if (si.framebufferWidth > dpyWidth || si.framebufferHeight > dpyHeight) {
+ 
++    toobig = True;
+     XtVaSetValues(viewport, XtNforceBars, True, NULL);
+     XtVaGetValues(viewport, XtNwidth, &oldViewportWidth,
+ 		  XtNheight, &oldViewportHeight, NULL);
+@@ -129,6 +132,7 @@
+      reparenting our window to the root.  The window manager will get a
+      ReparentNotify and hopefully clean up its frame window. */
+ 
++if (! fsAlready) {
+   XtVaSetValues(toplevel, XtNoverrideRedirect, True, NULL);
+ 
+   XReparentWindow(dpy, XtWindow(toplevel), DefaultRootWindow(dpy), 0, 0);
+@@ -164,10 +168,22 @@
+ 
+   XtManageChild(viewport);
+ 
+-  /* Now we can set "toplevel" to its proper size. */
++} else {
++	XSync(dpy, False);
++}
+ 
++  /* Now we can set "toplevel" to its proper size. */
+   XtResizeWidget(toplevel, toplevelWidth, toplevelHeight, 0);
+ 
++if (fsAlready) {
++  XtResizeWidget(viewport, viewportWidth, viewportHeight, 0);
++  if (! toobig) {
++	XtVaSetValues(viewport, XtNforceBars, False, NULL);
++  }
++  XMoveWindow(dpy, XtWindow(viewport), viewportX, viewportY);
++  XSync(dpy, False);
++}
++
+   /* Set the popup to overrideRedirect too */
+ 
+   XtVaSetValues(popup, XtNoverrideRedirect, True, NULL);
+--- vnc_unixsrc.orig/vncviewer/rfbproto.c	2004-03-11 13:14:39.000000000 -0500
++++ vnc_unixsrc/vncviewer/rfbproto.c	2006-07-25 21:51:20.000000000 -0400
+@@ -177,6 +177,9 @@
+ 	  sig_rfbEncodingPointerPos, "Pointer position update");
+   CapsAdd(encodingCaps, rfbEncodingLastRect, rfbTightVncVendor,
+ 	  sig_rfbEncodingLastRect, "LastRect protocol extension");
++
++  CapsAdd(encodingCaps, rfbEncodingNewFBSize, rfbTightVncVendor,
++	  sig_rfbEncodingNewFBSize, "New FB size protocol extension");
+ }
+ 
+ 
+@@ -729,6 +732,7 @@
+   Bool requestCompressLevel = False;
+   Bool requestQualityLevel = False;
+   Bool requestLastRectEncoding = False;
++  Bool requestNewFBSizeEncoding = True;
+ 
+   spf.type = rfbSetPixelFormat;
+   spf.format = myFormat;
+@@ -806,6 +810,10 @@
+     if (se->nEncodings < MAX_ENCODINGS && requestLastRectEncoding) {
+       encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect);
+     }
++
++    if (se->nEncodings < MAX_ENCODINGS && requestNewFBSizeEncoding) {
++      encs[se->nEncodings++] = Swap32IfLE(rfbEncodingNewFBSize);
++    }
+   }
+   else {
+     if (SameMachine(rfbsock)) {
+@@ -849,6 +857,7 @@
+     }
+ 
+     encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect);
++    encs[se->nEncodings++] = Swap32IfLE(rfbEncodingNewFBSize);
+   }
+ 
+   len = sz_rfbSetEncodingsMsg + se->nEncodings * 4;
+@@ -1038,6 +1047,16 @@
+ 	}
+ 	continue;
+       }
++      if (rect.encoding == rfbEncodingNewFBSize) {
++	  fprintf(stderr,"New Size: %dx%d at (%d, %d)\n",
++		  rect.r.w, rect.r.h, rect.r.x, rect.r.y);
++	si.framebufferWidth = rect.r.w;
++	si.framebufferHeight = rect.r.h;
++        fprintf(stderr, "si: %d %d\n", si.framebufferWidth, si.framebufferHeight);
++	ReDoDesktop();
++
++	continue;
++      }
+ 
+       if ((rect.r.x + rect.r.w > si.framebufferWidth) ||
+ 	  (rect.r.y + rect.r.h > si.framebufferHeight))
+--- vnc_unixsrc.orig/vncviewer/shm.c	2000-06-11 08:00:53.000000000 -0400
++++ vnc_unixsrc/vncviewer/shm.c	2006-07-26 23:30:42.000000000 -0400
+@@ -41,6 +41,10 @@
+   }
+ }
+ 
++Bool UsingShm() {
++	return needShmCleanup;
++}
++
+ static int
+ ShmCreationXErrorHandler(Display *dpy, XErrorEvent *error)
+ {
+--- vnc_unixsrc.orig/vncviewer/vncviewer.h	2004-03-11 13:14:40.000000000 -0500
++++ vnc_unixsrc/vncviewer/vncviewer.h	2006-07-26 23:31:25.000000000 -0400
+@@ -162,6 +162,8 @@
+ extern void CopyDataToScreen(char *buf, int x, int y, int width, int height);
+ extern void SynchroniseScreen();
+ 
++extern void ReDoDesktop();
++
+ /* dialogs.c */
+ 
+ extern void ServerDialogDone(Widget w, XEvent *event, String *params,
+@@ -243,6 +245,7 @@
+ 
+ extern XImage *CreateShmImage();
+ extern void ShmCleanup();
++extern Bool UsingShm();
+ 
+ /* sockets.c */
+ 
+--- vnc_unixsrc.orig/vncviewer/vncviewer.c	2004-01-13 09:22:05.000000000 -0500
++++ vnc_unixsrc/vncviewer/vncviewer.c	2006-07-27 19:00:25.000000000 -0400
+@@ -57,6 +57,11 @@
+     }
+   }
+ 
++  if (argc > 1 && strstr(argv[1], "-h") == argv[1]) {
++  	usage();
++	return 0;
++  }
++
+   /* Call the main Xt initialisation function.  It parses command-line options,
+      generating appropriate resource specs, and makes a connection to the X
+      display. */
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/zips/README b/x11vnc/misc/enhanced_tightvnc_viewer/src/zips/README
new file mode 100644
index 0000000..776d4bf
--- /dev/null
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/zips/README
@@ -0,0 +1,15 @@
+This is where we keep the 3rd party source zip and tar.gz files used
+to build this package.
+
+www.stunnel.org source       488512 Jul 25 15:09 stunnel-4.14.tar.gz
+www.tightvnc.com source     2182134 Jul 25 15:11 tightvnc-1.3dev7_unixsrc.tar.gz
+www.tightvnc.com windows
+  standalone viewer binary:  209149 Jul 25 15:10 tightvnc-1.3dev7_x86_viewer.zip
+
+To save space they may not be included in the package you downloaded.
+The should be included in the "enhanced_tightvnc_viewer_all-<version>.zip" file.
+Go to the websites indicated above or contact me if you cannot find them.
+
+The stunnel.patched.tar vnc_unixsrc_vncviewer.patched.tar
+files are tarballs of the original sources above with patches applied
+(used by build.unix script when patching fails).