summaryrefslogtreecommitdiffstats
path: root/classes/ssl/ss_vncviewer
diff options
context:
space:
mode:
authorrunge <runge>2007-03-24 23:30:43 +0000
committerrunge <runge>2007-03-24 23:30:43 +0000
commitc5055013c0efd6a9fc7b3b97e76fa4722631db18 (patch)
tree42f49df776c051600420e18a43af0806e03ea3b0 /classes/ssl/ss_vncviewer
parent61c56222b3becbbc8f0bafef7602baae9f8fd7d9 (diff)
downloadlibtdevnc-c5055013c0efd6a9fc7b3b97e76fa4722631db18.tar.gz
libtdevnc-c5055013c0efd6a9fc7b3b97e76fa4722631db18.zip
reverse connections for ss_vncviewer. java one-time-keys.
Diffstat (limited to 'classes/ssl/ss_vncviewer')
-rwxr-xr-xclasses/ssl/ss_vncviewer329
1 files changed, 298 insertions, 31 deletions
diff --git a/classes/ssl/ss_vncviewer b/classes/ssl/ss_vncviewer
index 3f8bd42..381e678 100755
--- a/classes/ssl/ss_vncviewer
+++ b/classes/ssl/ss_vncviewer
@@ -38,6 +38,9 @@
# (the first CONNECT is done through host1:port1 to host2:port2
# and then a 2nd CONNECT to the destination VNC server.)
#
+# -showcert Only fetch the certificate using the 'openssl s_client'
+# command (openssl(1) must in installed).
+#
# See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
# certificates with VNC.
#
@@ -91,6 +94,7 @@
#
# ss_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
#
+# -listen (or -reverse) set up a reverse connection.
#
# -alpha turn on cursor alphablending hack if you are using the
# enhanced tightvnc vncviewer.
@@ -108,6 +112,8 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
#
+#set -xv
+
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
if [ "X$STUNNEL" = "X" ]; then
@@ -128,18 +134,27 @@ use_ssh=""
use_sshssl=""
direct_connect=""
ssh_sleep=15
-ssh_cmd="sleep $ssh_sleep"
+if echo "$*" | grep '.*-listen' > /dev/null; then
+ ssh_sleep=1800
+fi
+ssh_cmd=""
if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
fi
ssh_args=""
+showcert=""
+reverse=""
if [ "X$1" = "X-viewerflavor" ]; then
if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
echo "cotvnc"
exit 0
fi
- str=`"$VNCVIEWERCMD" -h 2>&1 | head -5`
+ if echo "$VNCVIEWERCMD" | grep -i ultra > /dev/null; then
+ echo "ultravnc"
+ exit 0
+ fi
+ str=`$VNCVIEWERCMD -h 2>&1 | head -5`
if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then
echo "tightvnc"
elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then
@@ -173,6 +188,12 @@ do
;;
"-alpha") gotalpha=1
;;
+ "-showcert") showcert=1
+ ;;
+ "-listen") reverse=1
+ ;;
+ "-reverse") reverse=1
+ ;;
"-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
;;
"-h"*) help; exit 0
@@ -185,10 +206,36 @@ do
shift
done
-if [ "X$gotalpha" != "X1" ]; then
+if [ "X$gotalpha" = "X1" ]; then
+ VNCVIEWER_ALPHABLEND=1
+ export VNCVIEWER_ALPHABLEND
+else
NO_ALPHABLEND=1
export NO_ALPHABLEND
fi
+if [ "X$reverse" != "X" ]; then
+ ssh_sleep=1800
+ if [ "X$use_ssh" = "X1" ]; then
+ VNCVIEWER_LISTEN_LOCALHOST=1
+ export VNCVIEWER_LISTEN_LOCALHOST
+ fi
+ if [ "X$proxy" != "X" ]; then
+ if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
+ echo ""
+ echo "*Warning*: SSL -listen and a Web proxy does not make sense."
+ sleep 3
+ elif echo "$proxy" | grep "," > /dev/null; then
+ :
+ else
+ echo ""
+ echo "*Warning*: -listen and a single proxy/gateway does not make sense."
+ sleep 3
+ fi
+ fi
+fi
+if [ "X$ssh_cmd" = "X" ]; then
+ ssh_cmd="sleep $ssh_sleep"
+fi
orig="$1"
shift
@@ -207,13 +254,17 @@ if echo "$orig" | grep '^vnc://' > /dev/null; then
use_ssh=""
use_sshssl=""
direct_connect=1
+elif echo "$orig" | grep '^vncs://' > /dev/null; then
+ orig=`echo "$orig" | sed -e 's,vncs://,,'`
fi
# play around with host:display port:
if echo "$orig" | grep ':' > /dev/null; then
:
else
- orig="$orig:0"
+ if [ "X$reverse" = "X" ]; then
+ orig="$orig:0"
+ fi
fi
host=`echo "$orig" | awk -F: '{print $1}'`
@@ -221,8 +272,14 @@ disp=`echo "$orig" | awk -F: '{print $2}'`
if [ "X$host" = "X" ]; then
host=localhost
fi
-if [ $disp -lt 200 ]; then
- port=`expr $disp + 5900`
+if [ $disp -lt 0 ]; then
+ port=`expr 0 - $disp`
+elif [ $disp -lt 200 ]; then
+ if [ "X$reverse" = "X" ]; then
+ port=`expr $disp + 5900`
+ else
+ port=`expr $disp + 5500`
+ fi
else
port=$disp
fi
@@ -263,12 +320,47 @@ findfree() {
echo $use0
}
-use=`findfree 5930`
+final() {
+ echo ""
+ if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
+ rm -f $SS_VNCVIEWER_RM 2>/dev/null
+ fi
+ if [ "X$tcert" != "X" ]; then
+ rm -f $tcert
+ fi
+ if [ "X$pssh" != "X" ]; then
+ echo "Terminating background ssh process"
+ echo kill -TERM "$pssh"
+ kill -TERM "$pssh" 2>/dev/null
+ sleep 1
+ kill -KILL "$pssh" 2>/dev/null
+ pssh=""
+ fi
+ if [ "X$stunnel_pid" != "X" ]; then
+ echo "Terminating background stunnel process"
+ echo kill -TERM "$stunnel_pid"
+ kill -TERM "$stunnel_pid" 2>/dev/null
+ sleep 1
+ kill -KILL "$stunnel_pid" 2>/dev/null
+ stunnel_pid=""
+ fi
+}
-if [ $use -ge 5900 ]; then
- N=`expr $use - 5900`
+if [ "X$reverse" = "X" ]; then
+ use=`findfree 5930`
+ if [ $use -ge 5900 ]; then
+ N=`expr $use - 5900`
+ else
+ N=$use
+ fi
else
- N=$use
+ p2=`expr $port + 30`
+ use=`findfree $p2`
+ if [ $use -ge 5500 ]; then
+ N=`expr $use - 5500`
+ else
+ N=$use
+ fi
fi
if echo "$0" | grep vncip > /dev/null; then
@@ -280,6 +372,7 @@ if [ "X$use_ssh" = "X1" ]; then
ssh_host="$host"
vnc_host="localhost"
ssh=${SSH:-"ssh -x"}
+
if echo "$proxy" | grep "," > /dev/null; then
proxy1=`echo "$proxy" | awk -F, '{print $1}'`
proxy2=`echo "$proxy" | awk -F, '{print $2}'`
@@ -312,6 +405,7 @@ if [ "X$use_ssh" = "X1" ]; then
stty sane
proxy="${ssh_user2}localhost:$proxport"
fi
+
if [ "X$proxy" != "X" ]; then
ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
if [ "X$ssh_port" = "X" ]; then
@@ -333,6 +427,12 @@ if [ "X$use_ssh" = "X1" ]; then
if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
C="-C"
fi
+ if [ "X$reverse" = "X" ]; then
+ ssh_redir="-L ${use}:${vnc_host}:${port}"
+ else
+ ssh_redir="-R ${port}:${vnc_host}:${use}"
+ fi
+ pmark=`sh -c 'echo $$'`
# the -t option actually speeds up typing response via VNC!!
if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
echo "$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
@@ -340,20 +440,32 @@ if [ "X$use_ssh" = "X1" ]; then
$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
exit $?
elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
- echo "$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+ echo "$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
- $ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+ $ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
else
- echo "$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+ echo "$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
- $ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+ $ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
fi
if [ "$?" != "0" ]; then
echo ""
echo "ssh to $ssh_host failed."
exit 1
fi
- echo ""
+ stty sane
+
+ c=0
+ pssh=""
+ while [ $c -lt 30 ]
+ do
+ p=`expr $pmark + $c`
+ if ps -p "$p" 2>&1 | grep "$ssh" > /dev/null; then
+ pssh=$p
+ break
+ fi
+ c=`expr $c + 1`
+ done
if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
sleep 1
else
@@ -363,11 +475,23 @@ if [ "X$use_ssh" = "X1" ]; then
echo ""
#reset
stty sane
+ #echo "pssh=\"$pssh\""
if [ "X$use_sshssl" = "X" ]; then
echo "Running viewer:"
- echo "$VNCVIEWERCMD" "$@" localhost:$N
- echo ""
- "$VNCVIEWERCMD" "$@" localhost:$N
+
+ trap "final" 0 2 15
+ if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" localhost:$N
+ echo ""
+ $VNCVIEWERCMD "$@" localhost:$N
+ else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+ fi
exit $?
else
@@ -571,11 +695,39 @@ if [ "X$proxy" != "X" ]; then
ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
mytmp "$ptmp"
pcode "$ptmp"
- connect="exec = $ptmp"
+ if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
+ if uname | grep Darwin >/dev/null; then
+ nd=`expr $use + 333`
+ SSVNC_LISTEN=$nd
+ export SSVNC_LISTEN
+ $ptmp 2>/dev/null &
+ sleep 3
+ host="localhost"
+ port="$nd"
+ connect="connect = localhost:$nd"
+ else
+ connect="exec = $ptmp"
+ fi
+ else
+ connect="exec = $ptmp"
+ fi
else
connect="connect = $host:$port"
fi
+if [ "X$showcert" = "X1" ]; then
+ if [ "X$proxy" != "X" ]; then
+ SSVNC_LISTEN=$use
+ export SSVNC_LISTEN
+ $ptmp 2>/dev/null &
+ sleep 3
+ host="localhost"
+ port="$use"
+ fi
+ openssl s_client -connect $host:$port 2>&1 < /dev/null
+ exit $?
+fi
+
if [ "X$direct_connect" != "X" ]; then
echo ""
echo "Running viewer for direct connection:"
@@ -596,21 +748,37 @@ if [ "X$direct_connect" != "X" ]; then
SSVNC_LISTEN=$use
export SSVNC_LISTEN
$ptmp &
- sleep 2
+ if [ "X$reverse" = "X" ]; then
+ sleep 2
+ fi
host="localhost"
disp="$N"
fi
- echo "$VNCVIEWERCMD" "$@" $host:$disp
- echo ""
- "$VNCVIEWERCMD" "$@" $host:$disp
+ if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" $host:$disp
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" $host:$disp
+ else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+ fi
exit $?
fi
##debug = 7
+## debug = 6
tmp=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp"
-cat > "$tmp" <<END
+if [ "X$reverse" = "X" ]; then
+
+ cat > "$tmp" <<END
foreground = yes
pid =
client = yes
@@ -622,7 +790,92 @@ $cert
[vnc_stunnel]
accept = localhost:$use
$connect
+
+END
+else
+
+ p2=`expr 5500 + $N`
+ connect="connect = localhost:$p2"
+ if [ "X$cert" = "X" ]; then
+ tcert="/tmp/tcert.$$"
+ cat > $tcert <<END
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
++zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
+OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
+jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
+qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
+S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
+CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
+6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
+MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
+PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
+Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
+rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
+yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
+1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
+eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
+uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
+RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
+GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
+3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
+vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
+SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
+3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
+zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
+YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
+/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
+VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
+A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
+MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
+bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
+b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
+ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
+CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
+Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
+6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
+QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
+jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
+YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
+vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
+ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
+2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
+CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
+wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
+dMw1yW09l+eEo4A7GzwOdw==
+-----END CERTIFICATE-----
END
+ chmod 600 $tcert
+ cert="cert = $tcert"
+ fi
+
+ STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
+
+ hloc=""
+ if [ "X$use_ssh" = "X1" ]; then
+ hloc="localhost:"
+ fi
+ cat > "$tmp" <<END
+foreground = yes
+pid =
+client = no
+debug = 6
+$STUNNEL_EXTRA_OPTS
+$verify
+$cert
+
+[vnc_stunnel]
+accept = $hloc$port
+$connect
+
+END
+
+fi
echo ""
echo "Using this stunnel configuration:"
@@ -632,25 +885,39 @@ echo ""
sleep 1
echo ""
-echo "Running: stunnel"
+echo "Running stunnel:"
echo "$STUNNEL $tmp"
$STUNNEL "$tmp" < /dev/tty > /dev/tty &
-pid=$!
+stunnel_pid=$!
echo ""
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
- sleep 4
+ sleep 2
+ echo ""
+ echo "(pausing for possible certificate passphrase dialog)"
+ echo ""
+ sleep 2
fi
sleep 2
rm -f "$tmp"
echo ""
echo "Running viewer:"
-echo "$VNCVIEWERCMD" "$@" localhost:$N
-echo ""
-"$VNCVIEWERCMD" "$@" localhost:$N
+if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" localhost:$N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" localhost:$N
+else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+fi
-kill $pid
sleep 1