summaryrefslogtreecommitdiffstats
path: root/x11vnc/help.c
diff options
context:
space:
mode:
authorrunge <runge>2006-06-08 23:06:26 +0000
committerrunge <runge>2006-06-08 23:06:26 +0000
commit1776a3a55f59052bd69509c889e4370973305f0d (patch)
treee77c3c0b53a1f15c03bba215c60982bc3e28c727 /x11vnc/help.c
parenta60ee2ee9f73d21c4407136d7a2878a34be2f7ed (diff)
downloadlibtdevnc-1776a3a55f59052bd69509c889e4370973305f0d.tar.gz
libtdevnc-1776a3a55f59052bd69509c889e4370973305f0d.zip
x11vnc: -display WAIT:..., -users unixpw=, su_verify dpy command.
Diffstat (limited to 'x11vnc/help.c')
-rw-r--r--x11vnc/help.c170
1 files changed, 118 insertions, 52 deletions
diff --git a/x11vnc/help.c b/x11vnc/help.c
index 14713c2..dc89c68 100644
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -69,7 +69,8 @@ void print_help(int mode) {
"-display disp X11 server display to connect to, usually :0. The X\n"
" server process must be running on same machine and\n"
" support MIT-SHM. Equivalent to setting the DISPLAY\n"
-" environment variable to \"disp\".\n"
+" environment variable to \"disp\". See the description\n"
+" below of the \"-display WAIT:...\" extensions.\n"
"-auth file Set the X authority file to be \"file\", equivalent to\n"
" setting the XAUTHORITY environment variable to \"file\"\n"
" before startup. Same as -xauth file. See Xsecurity(7),\n"
@@ -298,7 +299,7 @@ void print_help(int mode) {
" and only loop 5 times.\n"
"-timeout n Exit unless a client connects within the first n seconds\n"
" after startup.\n"
-"-inetd Launched by inetd(1): stdio instead of listening socket.\n"
+"-inetd Launched by inetd(8): stdio instead of listening socket.\n"
" Note: if you are not redirecting stderr to a log file\n"
" (via shell 2> or -o option) you MUST also specify the -q\n"
" option, otherwise the stderr goes to the viewer which\n"
@@ -554,6 +555,62 @@ void print_help(int mode) {
" for any other modern environment. All of the -unixpw\n"
" options and contraints apply.\n"
"\n"
+"-display WAIT:... A special usage mode for the normal -display option.\n"
+" Useful with -unixpw, but can be used independently\n"
+" of it. If the display string begins with WAIT: then\n"
+" x11vnc waits until a VNC client connects before opening\n"
+" the X display (or -rawfb device).\n"
+"\n"
+" This could be useful for delaying opening the display\n"
+" for certain usage modes (say if x11vnc is started at\n"
+" boot time and no X server is running or users logged\n"
+" in yet).\n"
+"\n"
+" If the string is, e.g. WAIT:0.0 or WAIT:1, i.e. \"WAIT\"\n"
+" in front of a normal X display, then that indicated\n"
+" display is used. A more interesting case is like this:\n"
+"\n"
+" WAIT:cmd=/usr/local/bin/find_display\n"
+"\n"
+" in which case the command after \"cmd=\" is run to\n"
+" dynamically work out the DISPLAY and optionally the\n"
+" XAUTHORITY data. The first line of the command output\n"
+" must be of the form DISPLAY=<xdisplay>. Any remaining\n"
+" output is taken as XAUTHORITY data. It can be either\n"
+" of the form XAUTHORITY=<file> or raw xauthority data for\n"
+" the display (e.g. \"xauth extract - $DISPLAY\" output).\n"
+"\n"
+" In the case of -unixpw, then the above command is run\n"
+" as the user who just authenticated via the login and\n"
+" password prompt.\n"
+"\n"
+" Thus the combination of -display WAIT:cmd=... and\n"
+" -unixpw allows automatic pairing of an unix\n"
+" authenticated VNC user with his desktop. This could\n"
+" be very useful on SunRays and also any system where\n"
+" multiple users share a given machine. The user does\n"
+" not need to remember special ports or passwords set up\n"
+" for his desktop and VNC.\n"
+"\n"
+" A nice way to use WAIT:cmd=... is out of inetd(8)\n"
+" (it automatically forks a new x11vnc for each user).\n"
+" You can have the x11vnc inetd spawned process run as,\n"
+" say, root or nobody. When run as root (for either\n"
+" inetd or display manager), you can also supply the\n"
+" option \"-users unixpw=\" to have the x11vnc process\n"
+" switch to the user as well. Note: there will be a 2nd\n"
+" SSL helper process that will not switch, but it is only\n"
+" encoding and decoding the stream at that point.\n"
+"\n"
+" As a special case, WAIT:cmd=FINDDISPLAY will run a\n"
+" script that works on most Unixes to determine a user's\n"
+" DISPLAY variable and xauthority data. this is TBD.\n"
+"\n"
+" Finally, one can insert a geometry between colons,\n"
+" e.g. WAIT:1280x1024:... to set the size of the display\n"
+" the VNC client first attaches to since some VNC viewers\n"
+" will not automatically adjust to a new framebuffer size.\n"
+"\n"
"-ssl [pem] Use the openssl library (www.openssl.org) to provide a\n"
" built-in encrypted SSL tunnel between VNC viewers and\n"
" x11vnc. This requires libssl support to be compiled\n"
@@ -689,24 +746,24 @@ void print_help(int mode) {
" is attempted to be loaded. As a kludge, use a token\n"
" like ../server-foo to load a server cert if you find\n"
" that necessary.\n"
-" \n"
+"\n"
" Use -ssldir to use a directory different from the\n"
" ~/.vnc/certs default.\n"
-" \n"
+"\n"
" Note that if the \"CA\" cert is loaded you do not need\n"
" to load any of the certs that have been signed by it.\n"
" You will need to load any additional self-signed certs\n"
" however.\n"
-" \n"
+"\n"
" Examples:\n"
" x11vnc -ssl -sslverify CA\n"
" x11vnc -ssl -sslverify self:fred,self:jim\n"
" x11vnc -ssl -sslverify CA,clients\n"
-" \n"
+"\n"
" Usually \"-sslverify CA\" is the most effective.\n"
" See the -sslGenCA and -sslGenCert options below for\n"
" how to set up and manage the CA framework.\n"
-" \n"
+"\n"
"\n"
"\n"
" NOTE: the following utilities, -sslGenCA, -sslGenCert,\n"
@@ -1092,7 +1149,7 @@ void print_help(int mode) {
" otherwise the client is rejected. See below for an\n"
" extension to accept a client view-only.\n"
"\n"
-" If x11vnc is running as root (say from inetd(1) or from\n"
+" If x11vnc is running as root (say from inetd(8) or from\n"
" display managers xdm(1), gdm(1), etc), think about the\n"
" security implications carefully before supplying this\n"
" option (likewise for the -gone option).\n"
@@ -1163,75 +1220,84 @@ void print_help(int mode) {
" Unlike -accept, the command return code is not\n"
" interpreted by x11vnc. Example: -gone 'xlock &'\n"
"\n"
-"-users list If x11vnc is started as root (say from inetd(1) or from\n"
+"-users list If x11vnc is started as root (say from inetd(8) or from\n"
" display managers xdm(1), gdm(1), etc), then as soon\n"
" as possible after connections to the X display are\n"
" established try to switch to one of the users in the\n"
" comma separated \"list\". If x11vnc is not running as\n"
" root this option is ignored.\n"
-" \n"
+"\n"
" Why use this option? In general it is not needed since\n"
" x11vnc is already connected to the X display and can\n"
" perform its primary functions. The option was added\n"
" to make some of the *external* utility commands x11vnc\n"
" occasionally runs work properly. In particular under\n"
" GNOME and KDE to implement the \"-solid color\" feature\n"
-" external commands (gconftool-2 and dcop) must be run\n"
-" as the user owning the desktop session. Since this\n"
-" option switches userid it also affects the userid used\n"
-" to run the processes for the -accept and -gone options.\n"
-" It also affects the ability to read files for options\n"
-" such as -connect, -allow, and -remap. Note that the\n"
-" -connect file is also sometimes written to.\n"
-" \n"
-" So be careful with this option since in many situations\n"
+" external commands (gconftool-2 and dcop) unfortunately\n"
+" must be run as the user owning the desktop session.\n"
+" Since this option switches userid it also affects the\n"
+" userid used to run the processes for the -accept and\n"
+" -gone options. It also affects the ability to read\n"
+" files for options such as -connect, -allow, and -remap.\n"
+" Note that the -connect file is also sometimes written\n"
+" to.\n"
+"\n"
+" So be careful with this option since in some situations\n"
" its use can decrease security.\n"
-" \n"
-" The switch to a user will only take place if the\n"
-" display can still be successfully opened as that user\n"
-" (this is primarily to try to guess the actual owner\n"
+"\n"
+" In general the switch to a user will only take place\n"
+" if the display can still be successfully opened as that\n"
+" user (this is primarily to try to guess the actual owner\n"
" of the session). Example: \"-users fred,wilma,betty\".\n"
" Note that a malicious user \"barney\" by quickly using\n"
-" \"xhost +\" when logging in may get x11vnc to switch\n"
-" to user \"fred\". What happens next?\n"
-" \n"
+" \"xhost +\" when logging in may possibly get the x11vnc\n"
+" process to switch to user \"fred\". What happens next?\n"
+"\n"
" Under display managers it may be a long time before\n"
-" the switch succeeds (i.e. a user logs in). To make\n"
-" it switch immediately regardless if the display\n"
+" the switch succeeds (i.e. a user logs in). To instead\n"
+" make it switch immediately regardless if the display\n"
" can be reopened prefix the username with the \"+\"\n"
" character. E.g. \"-users +bob\" or \"-users +nobody\".\n"
+"\n"
" The latter (i.e. switching immediately to user\n"
" \"nobody\") is probably the only use of this option\n"
" that increases security.\n"
-" \n"
+"\n"
+" In -unixpw mode, if \"-users unixpw=\" is supplied\n"
+" then after a user authenticates himself via the\n"
+" -unixpw mechanism, x11vnc will try to switch to that\n"
+" user as though \"-users +username\" had been supplied.\n"
+" If you want to limit which users this will be done for,\n"
+" provide them as a comma separated list after \"unixpw=\"\n"
+"\n"
" To immediately switch to a user *before* connections\n"
" to the X display are made or any files opened use the\n"
" \"=\" character: \"-users =bob\". That user needs to\n"
-" be able to open the X display of course.\n"
-" \n"
+" be able to open the X display and any files of course.\n"
+"\n"
" The special user \"guess=\" means to examine the utmpx\n"
" database (see who(1)) looking for a user attached to\n"
" the display number (from DISPLAY or -display option)\n"
" and try him/her. To limit the list of guesses, use:\n"
" \"-users guess=bob,betty\".\n"
-" \n"
-" Even more sinister is the special user \"lurk=\" that\n"
-" means to try to guess the DISPLAY from the utmpx login\n"
-" database as well. So it \"lurks\" waiting for anyone\n"
-" to log into an X session and then connects to it.\n"
-" Specify a list of users after the = to limit which\n"
-" users will be tried. To enable a different searching\n"
-" mode, if the first user in the list is something like\n"
-" \":0\" or \":0-2\" that indicates a range of DISPLAY\n"
-" numbers that will be tried (regardless of whether\n"
-" they are in the utmpx database) for all users that\n"
-" are logged in. Examples: \"-users lurk=\" and also\n"
-" \"-users lurk=:0-1,bob,mary\"\n"
-" \n"
+"\n"
+" Even more sinister is the special user \"lurk=\"\n"
+" that means to try to guess the DISPLAY from the utmpx\n"
+" login database as well. So it \"lurks\" waiting for\n"
+" anyone to log into an X session and then connects to it.\n"
+" Specify a list of users after the = to limit which users\n"
+" will be tried. To enable a different searching mode, if\n"
+" the first user in the list is something like \":0\" or\n"
+" \":0-2\" that indicates a range of DISPLAY numbers that\n"
+" will be tried (regardless of whether they are in the\n"
+" utmpx database) for all users that are logged in. Also\n"
+" see the \"-display WAIT:...\" functionality. Examples:\n"
+" \"-users lurk=\" and also \"-users lurk=:0-1,bob,mary\"\n"
+"\n"
" Be especially careful using the \"guess=\" and \"lurk=\"\n"
" modes. They are not recommended for use on machines\n"
" with untrustworthy local users.\n"
-" \n"
+"\n"
"-noshm Do not use the MIT-SHM extension for the polling.\n"
" Remote displays can be polled this way: be careful this\n"
" can use large amounts of network bandwidth. This is\n"
@@ -1255,7 +1321,7 @@ void print_help(int mode) {
" commands are run for GNOME and KDE respectively.\n"
" Other desktops won't work, e.g. Xfce (send us the\n"
" corresponding commands if you find them). If x11vnc is\n"
-" running as root (inetd(1) or gdm(1)), the -users option\n"
+" running as root (inetd(8) or gdm(1)), the -users option\n"
" may be needed for GNOME and KDE. If x11vnc guesses\n"
" your desktop incorrectly, you can force it by prefixing\n"
" color with \"gnome:\", \"kde:\", \"cde:\" or \"root:\".\n"
@@ -1554,7 +1620,7 @@ void print_help(int mode) {
" default (see -noxfixes below). This can be disabled\n"
" with -nocursor, and also some values of the \"mode\"\n"
" option below.\n"
-" \n"
+"\n"
" Note that under XFIXES cursors with transparency (alpha\n"
" channel) will usually not be exactly represented and one\n"
" may find Overlay preferable. See also the -alphacut\n"
@@ -1606,7 +1672,7 @@ void print_help(int mode) {
" pixel with alpha value less than n becomes completely\n"
" transparent. Otherwise the pixel is completely opaque.\n"
" Default %d\n"
-" \n"
+"\n"
"-alphafrac fraction With the threshold in -alphacut some cursors will become\n"
" almost completely transparent because their alpha values\n"
" are not high enough. For those cursors adjust the\n"
@@ -1872,7 +1938,7 @@ void print_help(int mode) {
" So for a short time there are two (or more) block\n"
" cursors on the screen. There are similar scenarios,\n"
" (e.g. an output line is duplicated).\n"
-" \n"
+"\n"
" These transients are induced by the approximation of\n"
" scroll detection (e.g. it detects the scroll, but not\n"
" the fact that the block cursor was cleared just before\n"
@@ -2279,7 +2345,7 @@ void print_help(int mode) {
" mode if the bpp is 24.\n"
"\n"
" video4linux: on Linux some attempt is made to handle\n"
-" video devices (webcams or tv tuners) automatically.\n"
+" video devices (webcams or TV tuners) automatically.\n"
" The idea is the WxHxB will be extracted from the\n"
" device itself. So if you do not supply \"@WxHxB...\n"
" parameters x11vnc will try to determine them. It first\n"
@@ -2326,7 +2392,7 @@ void print_help(int mode) {
" 24, and 32 respectively). See http://www.linuxtv.org\n"
" for more info (V4L api).\n"
"\n"
-" For tv/rf tuner cards one can set the tuning mode\n"
+" For TV/rf tuner cards one can set the tuning mode\n"
" via tun=XXX where XXX can be one of PAL, NTSC, SECAM,\n"
" or AUTO.\n"
"\n"