diff options
-rw-r--r-- | x11vnc/misc/enhanced_tightvnc_viewer/README | 24 | ||||
-rwxr-xr-x | x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl | 301 |
2 files changed, 240 insertions, 85 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/README b/x11vnc/misc/enhanced_tightvnc_viewer/README index ff3dc39..0946d89 100644 --- a/x11vnc/misc/enhanced_tightvnc_viewer/README +++ b/x11vnc/misc/enhanced_tightvnc_viewer/README @@ -64,6 +64,8 @@ The enhanced TightVNC viewer features are: - xgrabserver support for fullscreen mode, for old window managers (-grab option, Unix only). + - Create or Import SSL Certificates and Private Keys. + - Automatic Service tunnelling via SSH for CUPS and SMB Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting. @@ -72,9 +74,14 @@ The enhanced TightVNC viewer features are: a hook is also provided to run any port knocking client before a connecting. + - You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, + with the front-end if you like. + + - Sets up any additional SSH port redirections that you want. + Your package should have included binaries for many OS's: Linux, Solaris, -FreeBSD, etc. See the subdirectories of +FreeBSD, etc. Unpack your archive and see the subdirectories of ./bin @@ -100,7 +107,8 @@ README is in) and like this: The programs: ------------ -The wrapper scripts: +Unpack your archive, and you will see "bin", "Windows", "src" directories +and other files. The wrapper scripts: ./bin/ssl_tightvncviewer ./bin/tightvncviewer @@ -133,7 +141,7 @@ assuming $HOME/bin is in your $PATH: "install" this package on Unix. -On Windows run: +On Windows unpack your archive and run: Windows/ssl_tightvncviewer.exe @@ -141,6 +149,9 @@ On Windows run: Examples: -------- +The following assume you are in the toplevel directory of the +archive you unpacked. + Use enhanced TightVNC unix viewer to connect to x11vnc via SSL: ./bin/ssl_tightvncviewer far-away.east:0 @@ -213,12 +224,16 @@ See also: Windows: ------- + Unpack the zip archive somewhere. + A wrapper to create a STUNNEL tunnel and then launch the Windows TightVNC viewer is provided in: Windows/ssl_tightvncviewer.exe - Just launch it and fill in the remote VNC display. + Just launch it (Start ... Run) and fill in the remote VNC + display then click "Connect". You can make a shortcut if + you prefer. Click the Help buttons for more info. There is also a Windows/README.txt file. @@ -226,3 +241,4 @@ Windows: On Windows you may need to terminate the STUNNEL process from the System Tray if the tool cannot terminate it by itself. Just right-click on the STUNNEL icon. + diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl index 39c50fd..aec420c 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl @@ -841,9 +841,32 @@ proc contag {} { set str "-$str-$concount" } +proc make_plink {} { + catch {destroy .plink} + toplevel .plink + #wm geometry .plink +700+500 + wm geometry .plink -40-40 + wm title .plink "plink SSH status?" + set wd 37 + label .plink.l1 -anchor w -text "Login via plink/ssh to the remote server" -width $wd + label .plink.l2 -anchor w -text "(supply username and password as needed)." -width $wd + label .plink.l3 -anchor w -text "" -width $wd + label .plink.l4 -anchor w -text "After ssh is set up, AND if the connection" -width $wd + label .plink.l5 -anchor w -text "success is not autodetected, please click" -width $wd + label .plink.l6 -anchor w -text "one of these buttons:" -width $wd + global plink_status + button .plink.fail -text "Failed" -command {destroy .plink; set plink_status no} + button .plink.ok -text "Success" -command {destroy .plink; set plink_status yes} + pack .plink.l1 .plink.l2 .plink.l3 .plink.l4 .plink.l5 .plink.l6 .plink.fail .plink.ok -side top -fill x + + #wm deiconify .plink + update +} + proc launch_windows_ssh {hp file n} { global is_win9x global use_sshssl use_ssh putty_pw + global port_knocking_list set hpnew [get_ssh_hp $hp] set proxy [get_ssh_proxy $hp] @@ -865,7 +888,10 @@ proc launch_windows_ssh {hp file n} { } } - if {$vnc_disp < 200} { + set vnc_port 5900 + if {![regexp {^[0-9][0-9]*$} $vnc_disp]} { + ; + } elseif {$vnc_disp < 200} { set vnc_port [expr $vnc_disp + 5900] } else { set vnc_port $vnc_disp @@ -901,6 +927,9 @@ proc launch_windows_ssh {hp file n} { set pwd [pwd] regsub -all {/} $pwd "\\" pwd } + if {! [regexp {^[0-9][0-9]*$} $n]} { + set n 0 + } set use [expr $n + 5900] @@ -1042,6 +1071,9 @@ proc launch_windows_ssh {hp file n} { set plink_str "putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" } else { set plink_str "start \"putty $ssh_host\" putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" + if [regexp {FINISH} $port_knocking_list] { + regsub {start} $plink_str "start /wait" plink_str + } } } else { set plink_str "plink.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" @@ -1066,7 +1098,7 @@ proc launch_windows_ssh {hp file n} { catch {destroy .o} catch {destroy .oa} - if { ![do_port_knock $ssh_host]} { + if { ![do_port_knock $ssh_host start]} { catch {file delete $file} if {$file_cmd != ""} { catch {file delete $file_cmd} @@ -1092,7 +1124,6 @@ proc launch_windows_ssh {hp file n} { } if {$file_pre != ""} { - exec $com /c $file_pre & set sl 0 if {$use_smbmnt} { global smb_su_mode @@ -1111,17 +1142,30 @@ proc launch_windows_ssh {hp file n} { set sl [expr $sl + 5] set st [clock seconds] set dt 0 - global entered_gui_top + global entered_gui_top button_gui_top set entered_gui_top 0 + set button_gui_top 0 + + catch {wm geometry . "-40-40"} + catch {wm withdraw .; update; wm deiconify .; raise .; update} + mesg "Click on *This* Label when done with 1st SSH 0/$sl" + after 600 + + exec $com /c $file_pre & + + catch {lower .; update; raise .; update} while {$dt < $sl} { after 100 set dt [clock seconds] set dt [expr $dt - $st] - mesg "Click or Enter when done with 1st SSH $dt/$sl" + mesg "Click on *This* Label when done with 1st SSH $dt/$sl" update update idletasks - if {$entered_gui_top != 0 && $dt >= 3} { + if {$dt <= 1} { + set button_gui_top 0 + } + if {$button_gui_top != 0 && $dt >= 3} { mesg "Running 2nd SSH now ..." after 1000 break @@ -1130,34 +1174,31 @@ proc launch_windows_ssh {hp file n} { mesg "Running 2nd SSH ..." } + if {! $do_shell} { + make_plink + } wm withdraw . update - exec $com /c $file & + if {$do_shell && [regexp {FINISH} $port_knocking_list]} { + catch {exec $com /c $file} + } else { + exec $com /c $file & + } after 1000 } if {$do_shell} { wm deiconify . + update + if {[regexp {FINISH} $port_knocking_list]} { + do_port_knock $ssh_host finish + } return 1 } - - catch {destroy .plink} - toplevel .plink - wm title .plink "plink SSH status?" - set wd 37 - label .plink.l1 -anchor w -text "Login via plink/ssh to the remote server" -width $wd - label .plink.l2 -anchor w -text "(supply username and password as needed)." -width $wd - label .plink.l3 -anchor w -text "" -width $wd - label .plink.l4 -anchor w -text "After ssh is set up, AND if the connection" -width $wd - label .plink.l5 -anchor w -text "success is not autodetected, please click" -width $wd - label .plink.l6 -anchor w -text "one of these buttons:" -width $wd + if {$is_win9x} { + make_plink + } global plink_status - button .plink.fail -text "Failed" -command {destroy .plink; set plink_status no} - button .plink.ok -text "Success" -command {destroy .plink; set plink_status yes} - pack .plink.l1 .plink.l2 .plink.l3 .plink.l4 .plink.l5 .plink.l6 .plink.fail .plink.ok -side top -fill x - - wm geometry .plink +700+500 - wm deiconify .plink set plink_status "" set waited 0 set cnt 0 @@ -1176,14 +1217,13 @@ proc launch_windows_ssh {hp file n} { } if {$waited == 0} { - wm deiconify .plink + #wm deiconify .plink } set waited [expr "$waited + 500"] incr cnt if {$cnt >= 12} { set cnt 0 - #catch {wm deiconify .plink} } } if {$plink_status == ""} { @@ -1213,6 +1253,10 @@ proc launch_windows_ssh {hp file n} { wm deiconify . mesg "Disconnected from $hp" } + update + if [regexp {FINISH} $port_knocking_list] { + do_port_knock $ssh_host finish + } if {$file != ""} { catch {file delete $file} @@ -1360,7 +1404,7 @@ proc do_unix_pre {tag proxy hp pk_hp} { set c "$c -sshargs '$smb_redir_0'" } - if {! [do_port_knock $pk_hp]} { + if {! [do_port_knock $pk_hp start]} { return } set did_port_knock 1 @@ -1410,6 +1454,7 @@ proc launch_unix {hp} { global smb_redir_0 smb_mounts global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start + global port_knocking_list set cmd "" @@ -1505,14 +1550,24 @@ proc launch_unix {hp} { set pk_hp $hp } if {! $did_port_knock} { - if {! [do_port_knock $pk_hp]} { + if {! [do_port_knock $pk_hp start]} { return } set did_port_knock 1 } - exec xterm -geometry $geometry -title "SHELL to $hp" \ - -e sh -c "$cmd" & + if {[regexp {FINISH} $port_knocking_list]} { + wm withdraw . + update + exec xterm -geometry $geometry \ + -title "SHELL to $hp" -e sh -c "$cmd" + wm deiconify . + update + do_port_knock $pk_hp finish + } else { + exec xterm -geometry $geometry \ + -title "SHELL to $hp" -e sh -c "$cmd" & + } set env(SSL_VNCVIEWER_SSH_CMD) "" set env(SSL_VNCVIEWER_SSH_ONLY) "" set env(SSL_VNCVIEWER_USE_C) "" @@ -1598,7 +1653,6 @@ proc launch_unix {hp} { catch {destroy .o} catch {destroy .oa} - wm withdraw . update if {$sound_daemon_local_start && $sound_daemon_local_cmd != ""} { @@ -1612,12 +1666,15 @@ proc launch_unix {hp} { set pk_hp $hp } if {! $did_port_knock} { - if {! [do_port_knock $pk_hp]} { + if {! [do_port_knock $pk_hp start]} { wm deiconify . + update return } set did_port_knock 1 } + wm withdraw . + update set geometry [xterm_center_geometry] set xrm1 "*.srinterCommand:true" @@ -1647,6 +1704,9 @@ proc launch_unix {hp} { } wm deiconify . mesg "Disconnected from $hp" + if {[regexp {FINISH} $port_knocking_list]} { + do_port_knock $pk_hp finish + } } proc kill_stunnel {pids} { @@ -1886,12 +1946,22 @@ proc launch {{hp ""}} { set list [split $hp ":"] set host [lindex $list 0] set disp [lindex $list 1] + set disp [string trim $disp] + regsub { .*$} $disp "" disp + if {$disp == ""} { + set disp 0 + } set port [expr "$disp + 5900"] } set list [split $hp ":"] set host [lindex $list 0] set disp [lindex $list 1] + set disp [string trim $disp] + regsub { .*$} $disp "" disp + if {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} { + set disp 0 + } set port [expr "$disp + 5900"] if {$debug} { @@ -1936,6 +2006,12 @@ proc launch {{hp ""}} { puts $fh "verify = 2" } + if {$n == ""} { + set n 10 + } + if {$n2 == ""} { + set n2 11 + } puts $fh "\[vnc$n\]" set port2 [expr "$n + 5900"] puts $fh "accept = localhost:$port2" @@ -1952,7 +2028,7 @@ proc launch {{hp ""}} { close $fh if {! $did_port_knock} { - if {! [do_port_knock $host]} { + if {! [do_port_knock $host start]} { set fail 1 } set did_port_knock 1 @@ -1997,6 +2073,11 @@ proc launch {{hp ""}} { } mesg "Disconnected from $hp." + global port_knocking_list + if [regexp {FINISH} $port_knocking_list] { + do_port_knock $host finish + } + if {[llength $pids_new] > 0} { set plist [join $pids_new ", "] global terminate_pids @@ -2018,7 +2099,8 @@ proc launch {{hp ""}} { } } -proc get_idir {str} { +proc get_idir_certs {str} { + global is_windows env set idir "" if {$str != ""} { if [file isdirectory $str] { @@ -2028,16 +2110,23 @@ proc get_idir {str} { } } if {$idir == ""} { - global env - if [info exists env(HOME)] { - set t "$env(HOME)/.vnc/certs" + if {$is_windows} { + set t [file dirname [pwd]] + set t "$t/certs" if [file isdirectory $t] { set idir $t } } + if {$idir == ""} { + if [info exists env(HOME)] { + set t "$env(HOME)/.vnc/certs" + if [file isdirectory $t] { + set idir $t + } + } + } } if {$idir == ""} { - global is_windows if {$is_windows} { set idir [get_profiles_dir] } @@ -2050,7 +2139,7 @@ proc get_idir {str} { proc set_mycert {} { global mycert - set idir [get_idir $mycert] + set idir [get_idir_certs $mycert] set t "" if {$idir != ""} { set t [tk_getOpenFile -initialdir $idir] @@ -2105,7 +2194,7 @@ proc show_svcert {} { proc set_svcert {} { global svcert crtdir - set idir [get_idir $svcert] + set idir [get_idir_certs $svcert] set t "" if {$idir != ""} { set t [tk_getOpenFile -initialdir $idir] @@ -2122,7 +2211,7 @@ proc set_svcert {} { proc set_crtdir {} { global svcert crtdir - set idir [get_idir $crtdir] + set idir [get_idir_certs $crtdir] set t "" if {$idir != ""} { set t [tk_chooseDirectory -initialdir $idir] @@ -2140,7 +2229,7 @@ proc set_crtdir {} { proc set_createcert_file {} { global ccert if {[info exists ccert(FILE)]} { - set idir [get_idir $ccert(FILE)] + set idir [get_idir_certs $ccert(FILE)] } if {$idir != ""} { set t [tk_getSaveFile -defaultextension ".pem" -initialdir $idir] @@ -2591,14 +2680,8 @@ proc create_cert {} { set tcert(DAYS) "Days until expiration:" if {$ccert(FILE) == ""} { - global is_windows - if {$is_windows} { - set pdir [get_profiles_dir] - set ccert(FILE) "$pdir/vnccert.pem" - } else { - set idir [get_idir ""] - set ccert(FILE) "$idir/vnccert.pem" - } + set idir [get_idir_certs ""] + set ccert(FILE) "$idir/vnccert.pem" } button .ccrt.cancel -text "Cancel" -command {destroy .ccrt; catch {raise .c}} @@ -2671,7 +2754,7 @@ proc import_browse {} { set idir "" if {$import_file != ""} { - set idir [get_idir $import_file] + set idir [get_idir_certs $import_file] } if {$idir != ""} { set t [tk_getOpenFile -initialdir $idir] @@ -2690,15 +2773,10 @@ proc import_save_browse {} { set idir "" if {$import_save_file != ""} { - set idir [get_idir $import_save_file] + set idir [get_idir_certs $import_save_file] } if {$idir == ""} { - global is_windows - if {$is_windows} { - set idir [get_profiles_dir] - } else { - set idir [get_idir ""] - } + set idir [get_idir_certs ""] } if {$idir != ""} { set t [tk_getSaveFile -defaultextension ".crt" -initialdir $idir] @@ -3132,6 +3210,7 @@ proc save_profile {} { set host $h regsub {[ ].*$} $p "" p regsub {^.*:} $p "" p + regsub { .*$} $p "" p if {$p == ""} { set p 0 } @@ -3737,6 +3816,9 @@ set cmd(6) { fi + echo + #FINMSG + echo echo "--vnc-helper-exiting--" echo rm -f $0 @@ -3781,9 +3863,8 @@ set cmd(6) { } } - global use_smbmnt smb_su_mode + global use_smbmnt smb_su_mode smb_mounts if {$use_smbmnt} { - global smb_mounts if {$smb_mounts != ""} { set smbm $smb_mounts regsub -all {%USER} $smbm "__USER__" smbm @@ -3827,6 +3908,24 @@ set cmd(6) { } } + if {$mode == "pre"} { + set dopre 0 + if {$use_smbmnt && $smb_mounts != ""} { + set dopre 1 + } + if {$use_sound && $sound_daemon_kill} { + set dopre 1 + } + if {$dopre} { + global is_windows + if {$is_windows} { + regsub {#FINMSG} $cmdall {echo "Now Go Click on the Label to Start the 2nd SSH"} cmdall + } else { + regsub {#FINMSG} $cmdall {echo "Finished with the 1st SSH tasks, the 2nd SSH should start shortly..."} cmdall + } + } + } + if {"$orig" == "$cmdall"} { return "" } else { @@ -5147,7 +5246,7 @@ proc read_from_pad {file} { return $match } -proc do_port_knock {hp} { +proc do_port_knock {hp mode} { global use_port_knocking port_knocking_list global is_windows @@ -5157,6 +5256,19 @@ proc do_port_knock {hp} { if {$port_knocking_list == ""} { return 1 } + set list $port_knocking_list + + if {$mode == "finish"} { + if {! [regexp {FINISH} $list]} { + return 1 + } else { + regsub {^.*FINISH} $list "" list + } + } elseif {$mode == "start"} { + if {[regexp {FINISH} $list]} { + regsub {FINISH.*$} $list "" list + } + } set default_delay 0 @@ -5167,10 +5279,13 @@ proc do_port_knock {hp} { if {$host0 == ""} { bell - mesg "No host: $hp" + mesg "PortKnock: No host: $hp" return 0 } - if [regexp {PAD=([^\n]+)} $port_knocking_list mv padfile] { + + set m "" + + if [regexp {PAD=([^\n]+)} $list mv padfile] { set tlist [read_from_pad $padfile] set tlist [string trim $tlist] if {$tlist == "" || $tlist == "FAIL"} { @@ -5179,9 +5294,7 @@ proc do_port_knock {hp} { -title "Error: Padfile $padfile" return 0 } - regsub -all {PAD=([^\n]+)} $port_knocking_list $tlist list - } else { - set list $port_knocking_list + regsub -all {PAD=([^\n]+)} $list $tlist list } set spl ",\n\r" @@ -5203,25 +5316,30 @@ proc do_port_knock {hp} { if [regexp {^#} $line] { continue } + if [regexp {^sleep[ \t][ \t]*([0-9][0-9]*)} $line mv sl] { - mesg "sleep: $sl" + set m "PortKnock: sleep $sl" + mesg $m after $sl continue } if [regexp {^delay[ \t][ \t]*([0-9][0-9]*)} $line mv sl] { - mesg "delay: $sl" + set m "PortKnock: delay=$sl" + mesg $m set default_delay $sl continue } if [regexp {^CMD=(.*)} $line mv cmd] { - mesg "CMD: $cmd" + set m "PortKnock: CMD: $cmd" + mesg $m eval exec $cmd continue } if [regexp {^CMDX=(.*)} $line mv cmd] { set cmd [pk_expand $cmd $host0] - mesg "CMDX: $cmd" + set m "PortKnock: CMDX: $cmd" + mesg $m eval exec $cmd continue } @@ -5271,22 +5389,26 @@ proc do_port_knock {hp} { if {$port == ""} { bell - mesg "No port found: \"$line0\"" + set m "PortKnock: No port found: \"$line0\"" + mesg $m return 0 } if {! [regexp {^[0-9][0-9]*$} $port]} { bell - mesg "Invalid port: \"$port\"" + set m "PortKnock: Invalid port: \"$port\"" + mesg $m return 0 } if {[regexp {[ \t]} $host]} { bell - mesg "Invalid host: \"$host\"" + set m "PortKnock: Invalid host: \"$host\"" + mesg $m return 0 } if {! [regexp {^[-A-z0-9_.][-A-z0-9_.]*$} $host]} { bell - mesg "Invalid host: \"$host\"" + set m "PortKnock: Invalid host: \"$host\"" + mesg $m return 0 } @@ -5295,7 +5417,8 @@ proc do_port_knock {hp} { set nc [find_netcat] if {$nc == ""} { bell - mesg "UDP: netcat(1) not found" + set m "PortKnock: UDP: netcat(1) not found" + mesg $m after 1000 continue } @@ -5313,7 +5436,8 @@ proc do_port_knock {hp} { puts -nonewline $fh "$snd" close $fh - mesg "SEND: $host $port" + set m "PortKnock: SEND: $host $port" + mesg $m if {$is_windows} { if {$udp} { catch {exec $nc -d -u -w 1 "$host" "$port" < $pfile &} @@ -5330,7 +5454,8 @@ proc do_port_knock {hp} { catch {after 50; file delete $pfile} } elseif {$udp} { - mesg "UDP: $host $port" + set m "PortKnock: UDP: $host $port" + mesg $m if {! $is_windows} { catch {exec echo a | $nc -u -w 1 "$host" "$port" &} } else { @@ -5340,7 +5465,8 @@ proc do_port_knock {hp} { catch {exec $nc -d -u -w 1 "$host" "$port" < "nc_in.txt" &} } } else { - mesg "TCP: $host $port" + set m "PortKnock: TCP: $host $port" + mesg $m set s "" set emess "" set rc [catch {set s [socket -async $host $port]} emess] @@ -5383,6 +5509,10 @@ proc do_port_knock {hp} { if {$is_windows} { catch {file delete "nc_in.txt"} } + if {$m != ""} { + set m "$m," + } + mesg "PortKnock: done" return 1 } @@ -5481,6 +5611,14 @@ proc port_knocking_dialog {} { the VNC/SSH host. By default, the VNC/SSH host is the one the packet is sent to. + If one of the items is the string "FINISH", then the part before it is + used prior to connecting and the part after is used once the connection + is finished. This can be used, say, to close the firewall port. Example: + + 5433, 12321, FINISH, 7659, 2314 + + (or one can split them up via lines as above.) + Advanced port knock actions: @@ -5940,10 +6078,11 @@ bind . <Control-q> "destroy .; exit" bind . <Shift-Escape> "destroy .; exit" bind . <Control-s> "launch_shell_only" -global entered_gui_top +global entered_gui_top button_gui_top set entered_gui_top 0 +set button_gui_top 0 bind . <Enter> {set entered_gui_top 1} +bind .l <ButtonPress> {set button_gui_top 1} +bind .f.l <ButtonPress> {set button_gui_top 1} - -#smb_help_me_decide update |