x11vnc -users, fix -solid on gnome/kde, configure.ac pwd.h wait.h and utmpx.h

1 files changed, 99 insertions, 20 deletions

diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1
index a95106a..66bb57d 100644
--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
@@ -2,7 +2,7 @@
 .TH X11VNC "1" "February 2005" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.7.1pre, lastmod: 2005-02-05
+         version: 0.7.1pre, lastmod: 2005-02-08
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -58,11 +58,11 @@ environment variable to \fIdisp\fR.
 .IP
 Set the X authority file to be \fIfile\fR, equivalent to
 setting the XAUTHORITY environment variable to \fIfile\fR
-before startup.  See 
+before startup.  Same as \fB-xauth\fR file.  See 
 .IR Xsecurity (7)
-, 
+,
 .IR xauth (1)
-man pages.
+man pages for more info.
 .PP
 \fB-id\fR \fIwindowid\fR
 .IP
@@ -210,10 +210,17 @@ Note: if you are not redirecting stderr to a log file
 For use with "vncviewer -listen" reverse connections.
 If \fIstring\fR has the form "host" or "host:port"
 the connection is made once at startup.  Use commas
-for a list of host's and host:port's.  If \fIstring\fR
-contains "/" it is instead interpreted as a file to
-periodically check for new hosts.  The first line is
-read and then the file is truncated.
+for a list of host's and host:port's.
+.IP
+If \fIstring\fR contains "/" it is instead interpreted
+as a file to periodically check for new hosts.
+The first line is read and then the file is truncated.
+Be careful for this usage mode if x11vnc is running as
+root (e.g. via 
+.IR inetd (1)
+or 
+.IR gdm (1)
+).
 .PP
 \fB-vncconnect,\fR \fB-novncconnect\fR
 .IP
@@ -277,6 +284,17 @@ external command returns 0 the client is accepted,
 otherwise the client is rejected.  See below for an
 extension to accept a client view-only.
 .IP
+If x11vnc is running as root (say from 
+.IR inetd (1)
+or from
+display managers 
+.IR xdm (1)
+, 
+.IR gdm (1)
+, etc), think about the
+security implications carefully before supplying this
+option (likewise for the \fB-gone\fR option).
+.IP
 Environment: The RFB_CLIENT_IP environment variable will
 be set to the incoming client IP number and the port
 in RFB_CLIENT_PORT (or -1 if unavailable).  Similarly,
@@ -332,6 +350,61 @@ set to "gone" and the other RFB_* variables are as
 in \fB-accept.\fR  Unlike \fB-accept,\fR the command return code
 is not interpreted by x11vnc.  Example: \fB-gone\fR 'xlock &'
 .PP
+\fB-users\fR \fIlist\fR
+.IP
+If x11vnc is started as root (say from 
+.IR inetd (1)
+or
+from display managers 
+.IR xdm (1)
+, 
+.IR gdm (1)
+, etc), then as
+soon as possible after connections to the display are
+established try to switch to one of the users in the
+comma separated \fIlist\fR.  If x11vnc is not running as
+root this option is ignored.
+.IP
+Why use this option?  In general it is not needed
+since x11vnc is already connected to the display and
+can perform its primary functions.  It was added to
+make some of the *external* utility commands x11vnc
+occasionally runs work properly.  In particular under
+GNOME and KDE to implement the "\fB-solid\fR \fIcolor\fR" feature
+external commands (gconftool-2 and dcop) must be run as
+the user owning the desktop session.  This option also
+affects the userid used to run the processes for the
+\fB-accept\fR and \fB-gone\fR options.  It also affects the ability
+to read files for options such as \fB-connect,\fR \fB-allow,\fR and
+\fB-remap.\fR Note that the \fB-connect\fR file is also written to.
+.IP
+So be careful with this option since in many situations
+its use can decrease security.
+.IP
+The switch to a user will only take place if the display
+can still be opened as that user (this is primarily to
+try to guess the actual owner of the session). Example:
+"\fB-users\fR \fIfred,wilma,betty\fR".  Note that a malicious
+user "barney" by quickly using "xhost +" when
+logging in can get x11vnc to switch to user "fred".
+What happens next?
+.IP
+Under display managers it may be a long time before
+the switch succeeds (i.e. a user logs in).  To make
+it switch immediately regardless if the display can
+be reopened or not prefix the username with the +
+character. E.g. "\fB-users\fR \fI+bob\fR" or "\fB-users\fR \fI+nobody\fR".
+The latter is probably the only use of this option
+that increases security.  To switch to a user *before*
+connections to the display are made or any files opened
+use the "=" character: "\fB-users\fR \fI=username\fR".
+.IP
+The special user "guess" means to examine the utmpx
+database looking for a user attached to the display
+number and try him/her.  To limit the list of guesses,
+use: "\fB-users\fR \fIguess=bob,fred\fR".  Be especially careful
+using this mode.
+.PP
 \fB-noshm\fR
 .IP
 Do not use the MIT-SHM extension for the polling.
@@ -357,15 +430,22 @@ To improve performance, when VNC clients are connected
 try to change the desktop background to a solid color.
 The [color] is optional: the default color is "cyan4".
 For a different one specify the X color (rgb.txt name,
-e.g. "darkblue" or numerical "#RRGGBB"). Currently
-this option only works on GNOME, KDE, and classic X
-(i.e. with the background image on the root window).
-The "gconftool-2" and "dcop" external commands are
-run for GNOME and KDE respectively.  Other desktops
-won't work, e.g. XFCE (send us the corresponding
-commands if you find them).  If x11vnc guesses your
-desktop incorrectly, you can force it by prefixing
-color with "gnome:", "kde:", or "root:".
+e.g. "darkblue" or numerical "#RRGGBB").
+.IP
+Currently this option only works on GNOME, KDE, and
+classic X (i.e. with the background image on the root
+window).  The "gconftool-2" and "dcop" external
+commands are run for GNOME and KDE respectively.
+Other desktops won't work, e.g. XFCE (send us the
+corresponding commands if you find them).  If x11vnc
+is running as root (
+.IR inetd (1)
+or 
+.IR gdm (1)
+), the \fB-users\fR
+option may be needed for GNOME and KDE.  If x11vnc
+guesses your desktop incorrectly, you can force it by
+prefixing color with "gnome:", "kde:", or "root:".
 .PP
 \fB-blackout\fR \fIstring\fR
 .IP
@@ -930,8 +1010,7 @@ the gui to come back to you via your ssh redirected X
 display (e.g. localhost:10).
 .IP
 Examples: "x11vnc \fB-gui",\fR "x11vnc \fB-gui\fR localhost:10",
-"x11vnc \fB-gui\fR :10", "x11vnc \fB-gui\fR wait,:10",
-"x11vnc \fB-gui\fR <x11vnc-opts...>"
+"x11vnc \fB-gui\fR :10", "x11vnc \fB-gui\fR conn,host:10",
 .IP
 If you do not specify a gui X display in "gui-opts"
 then the DISPLAY environment variable and \fB-display\fR
@@ -1361,7 +1440,7 @@ noalwaysshared nevershared noalwaysshared dontdisconnect
 nodontdisconnect desktop noremote
 .IP
 aro=  display vncdisplay desktopname http_url auth
-rootshift scale_str scaled_x scaled_y scale_numer
+users rootshift scale_str scaled_x scaled_y scale_numer
 scale_denom scale_fac scaling_noblend scaling_nomult4
 scaling_pad scaling_interpolate inetd safer unsafe
 passwdfile using_shm logfile o rc norc h help V version