summaryrefslogtreecommitdiffstats
path: root/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
diff options
context:
space:
mode:
authorChristian Beier <dontmind@freeshell.org>2014-09-03 20:54:39 +0200
committerChristian Beier <dontmind@freeshell.org>2014-09-03 20:54:39 +0200
commit498d222976975f53dea885cfe43ef0f805abd412 (patch)
treebac684fbde46fdc3e4cc3817616816b71bb67f9f /x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
parent8d2db0486dcc167f1b02d4454ebf4624ce03e1de (diff)
downloadlibtdevnc-498d222976975f53dea885cfe43ef0f805abd412.tar.gz
libtdevnc-498d222976975f53dea885cfe43ef0f805abd412.zip
Remove x11vnc subdir.
The new x11vnc repo is at https://github.com/LibVNC/x11vnc.
Diffstat (limited to 'x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer')
-rwxr-xr-xx11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer3635
1 files changed, 0 insertions, 3635 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
deleted file mode 100755
index b0245af..0000000
--- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
+++ /dev/null
@@ -1,3635 +0,0 @@
-#!/bin/sh
-#
-# ss_vncviewer: wrapper for vncviewer to use an stunnel SSL tunnel
-# or an SSH tunnel.
-#
-# Copyright (c) 2006-2009 by Karl J. Runge <runge@karlrunge.com>
-#
-# ss_vncviewer is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or (at
-# your option) any later version.
-#
-# ss_vncviewer is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with ss_vncviewer; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
-# or see <http://www.gnu.org/licenses/>.
-#
-#
-# You must have stunnel(8) installed on the system and in your PATH
-# (however, see the -ssh option below, in which case you will need ssh(1)
-# installed) Note: stunnel is usually installed in an "sbin" subdirectory.
-#
-# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..."
-# already running as the VNC server on the remote machine.
-# (or use stunnel on the server side for any other VNC server)
-#
-#
-# Usage: ss_vncviewer [cert-args] host:display <vncviewer-args>
-#
-# e.g.: ss_vncviewer snoopy:0
-# ss_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
-#
-# [cert-args] can be:
-#
-# -verify /path/to/cacert.pem
-# -mycert /path/to/mycert.pem
-# -crl /path/to/my_crl.pem (or directory)
-# -proxy host:port
-#
-# -verify specifies a CA cert PEM file (or a self-signed one) for
-# authenticating the VNC server.
-#
-# -mycert specifies this client's cert+key PEM file for the VNC server to
-# authenticate this client.
-#
-# -proxy try host:port as a Web proxy to use the CONNECT method
-# to reach the VNC server (e.g. your firewall requires a proxy).
-#
-# For the "double proxy" case use -proxy host1:port1,host2:port2
-# (the first CONNECT is done through host1:port1 to host2:port2
-# and then a 2nd CONNECT to the destination VNC server.)
-#
-# Use socks://host:port, socks4://host:port, or socks5://host,port
-# to force usage of a SOCKS proxy. Also repeater://host:port and
-# sslrepeater://host:port.
-#
-# -showcert Only fetch the certificate using the 'openssl s_client'
-# command (openssl(1) must in installed). On ssvnc 1.0.27 and
-# later the bundled command 'ultravnc_dsm_helper' is used.
-#
-# See http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca for details on
-# SSL certificates with VNC.
-#
-# A few other args (not related to SSL and certs):
-#
-# -2nd Run the vncviewer a 2nd time if the first connections fails.
-#
-# -ssh Use ssh instead of stunnel SSL. ssh(1) must be installed and you
-# must be able to log into the remote machine via ssh.
-#
-# In this case "host:display" may be of the form "user@host:display"
-# where "user@host" is used for the ssh login (see ssh(1) manpage).
-#
-# If -proxy is supplied it can be of the forms: "gwhost" "gwhost:port"
-# "user@gwhost" or "user@gwhost:port". "gwhost" is an incoming ssh
-# gateway machine (the VNC server is not running there), an ssh -L
-# redir is used to "host" in "host:display" from "gwhost". Any "user@"
-# part must be in the -proxy string (not in "host:display").
-#
-# Under -proxy use "gwhost:port" if connecting to any ssh port
-# other than the default (22). (even for the non-gateway case,
-# -proxy must be used to specify a non-standard ssh port)
-#
-# A "double ssh" can be specified via a -proxy string with the two
-# hosts separated by a comma:
-#
-# [user1@]host1[:port1],[user2@]host2[:port2]
-#
-# in which case a ssh to host1 and thru it via a -L redir a 2nd
-# ssh is established to host2.
-#
-# Examples:
-#
-# ss_vncviewer -ssh bob@bobs-home.net:0
-# ss_vncviewer -ssh -sshcmd 'x11vnc -localhost' bob@bobs-home.net:0
-#
-# ss_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0
-# ss_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0
-#
-# ss_vncviewer -ssh -proxy fred@gw-host,fred@peecee localhost:0
-#
-# -sshcmd cmd Run "cmd" via ssh instead of the default "sleep 15"
-# e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900'
-#
-# -sshargs "args" pass "args" to the ssh process, e.g. -L/-R port redirs.
-#
-# -sshssl Tunnel the SSL connection thru a SSH connection. The tunnel as
-# under -ssh is set up and the SSL connection goes thru it. Use
-# this if you want to have and end-to-end SSL connection but must
-# go thru a SSH gateway host (e.g. not the vnc server). Or use
-# this if you need to tunnel additional services via -R and -L
-# (see -sshargs above).
-#
-# ss_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
-#
-# -listen (or -reverse) set up a reverse connection.
-#
-# -alpha turn on cursor alphablending hack if you are using the
-# enhanced tightvnc vncviewer.
-#
-# -grab turn on XGrabServer hack if you are using the enhanced tightvnc
-# vncviewer (e.g. for fullscreen mode in some windowmanagers like
-# fvwm that do not otherwise work in fullscreen mode)
-#
-#
-# set VNCVIEWERCMD to whatever vncviewer command you want to use.
-#
-VNCIPCMD=${VNCVIEWERCMD:-vncip}
-VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
-if [ "X$SSVNC_TURBOVNC" != "X" ]; then
- if echo "$VNCVIEWERCMD" | grep '\.turbovnc' > /dev/null; then
- :
- else
- if type "$VNCVIEWERCMD.turbovnc" > /dev/null 2>/dev/null; then
- VNCVIEWERCMD="$VNCVIEWERCMD.turbovnc"
- fi
- fi
-fi
-#
-# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
-#
-
-# turn on verbose debugging output
-if [ "X$SS_DEBUG" != "X" -a "X$SS_DEBUG" != "X0" ]; then
- set -xv
-fi
-
-PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
-
-localhost="localhost"
-if uname | grep Darwin >/dev/null; then
- localhost="127.0.0.1"
-fi
-
-# work out which stunnel to use (debian installs as stunnel4)
-stunnel_set_here=""
-if [ "X$STUNNEL" = "X" ]; then
- check_stunnel=1
- if [ "X$SSVNC_BASEDIRNAME" != "X" ]; then
- if [ -x "$SSVNC_BASEDIRNAME/stunnel" ]; then
- type stunnel > /dev/null 2>&1
- if [ $? = 0 ]; then
- # found ours
- STUNNEL=stunnel
- check_stunnel=0
- fi
- fi
- fi
- if [ "X$check_stunnel" = "X1" ]; then
- type stunnel4 > /dev/null 2>&1
- if [ $? = 0 ]; then
- STUNNEL=stunnel4
- else
- STUNNEL=stunnel
- fi
- fi
- stunnel_set_here=1
-fi
-
-help() {
- tail -n +2 "$0" | sed -e '/^$/ q'
-}
-
-secondtry=""
-gotalpha=""
-use_ssh=""
-use_sshssl=""
-direct_connect=""
-ssh_sleep=15
-
-# sleep longer in -listen mode:
-if echo "$*" | grep '.*-listen' > /dev/null; then
- ssh_sleep=1800
-fi
-
-
-ssh_cmd=""
-# env override of ssh_cmd:
-if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
- ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
-fi
-
-ssh_args=""
-showcert=""
-reverse=""
-
-ciphers=""
-anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
-anondh_set=""
-stunnel_debug="6"
-if [ "X$SS_DEBUG" != "X" -o "X$SSVNC_VENCRYPT_DEBUG" != "X" -o "X$SSVNC_STUNNEL_DEBUG" != "X" ]; then
- stunnel_debug="7"
-fi
-
-if [ "X$1" = "X-viewerflavor" ]; then
- # special case, try to guess which viewer:
- #
- if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
- echo "unknown"
- exit 0
- fi
- if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
- echo "cotvnc"
- exit 0
- fi
- if echo "$VNCVIEWERCMD" | grep -i ultra > /dev/null; then
- echo "ultravnc"
- exit 0
- fi
- # OK, run it for help output...
- str=`$VNCVIEWERCMD -h 2>&1 | head -n 5`
- if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then
- echo "tightvnc"
- elif echo "$str" | grep -i 'VNC viewer version 3' > /dev/null; then
- echo "realvnc3"
- elif echo "$str" | grep -i 'VNC viewer .*Edition 4' > /dev/null; then
- echo "realvnc4"
- elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then
- echo "realvnc4"
- else
- echo "unknown"
- fi
- exit 0
-fi
-if [ "X$1" = "X-viewerhelp" ]; then
- $VNCVIEWERCMD -h 2>&1
- exit 0
-fi
-
-# grab our cmdline options:
-while [ "X$1" != "X" ]
-do
- case $1 in
- "-verify") shift; verify="$1"
- ;;
- "-mycert") shift; mycert="$1"
- ;;
- "-crl") shift; crl="$1"
- ;;
- "-proxy") shift; proxy="$1"
- ;;
- "-ssh") use_ssh=1
- ;;
- "-sshssl") use_ssh=1
- use_sshssl=1
- ;;
- "-sshcmd") shift; ssh_cmd="$1"
- ;;
- "-sshargs") shift; ssh_args="$1"
- ;;
- "-anondh") ciphers="ciphers=$anondh"
- ULTRAVNC_DSM_HELPER_SHOWCERT_ADH=1
- export ULTRAVNC_DSM_HELPER_SHOWCERT_ADH
- anondh_set=1
- ;;
- "-ciphers") shift; ciphers="ciphers=$1"
- ;;
- "-alpha") gotalpha=1
- ;;
- "-showcert") showcert=1
- ;;
- "-listen") reverse=1
- ;;
- "-reverse") reverse=1
- ;;
- "-2nd") secondtry=1
- ;;
- "-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
- ;;
- "-x11cursor") VNCVIEWER_X11CURSOR=1; export VNCVIEWER_X11CURSOR
- ;;
- "-rawlocal") VNCVIEWER_RAWLOCAL=1; export VNCVIEWER_RAWLOCAL
- ;;
- "-scale") shift; SSVNC_SCALE="$1"; export SSVNC_SCALE
- ;;
- "-onelisten") SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
- ;;
- "-sendclipboard") VNCVIEWER_SEND_CLIPBOARD=1; export VNCVIEWER_SEND_CLIPBOARD
- ;;
- "-sendalways") VNCVIEWER_SEND_ALWAYS=1; export VNCVIEWER_SEND_ALWAYS
- ;;
- "-recvtext") shift; VNCVIEWER_RECV_TEXT="$1"; export VNCVIEWER_RECV_TEXT
- ;;
- "-escape") shift; VNCVIEWER_ESCAPE="$1"; export VNCVIEWER_ESCAPE
- ;;
- "-ssvnc_encodings") shift; VNCVIEWER_ENCODINGS="$1"; export VNCVIEWER_ENCODINGS
- ;;
- "-ssvnc_extra_opts") shift; VNCVIEWERCMD_EXTRA_OPTS="$1"; export VNCVIEWERCMD_EXTRA_OPTS
- ;;
- "-rfbversion") shift; VNCVIEWER_RFBVERSION="$1"; export VNCVIEWER_RFBVERSION
- ;;
- "-nobell") VNCVIEWER_NOBELL=1; export VNCVIEWER_NOBELL
- ;;
- "-popupfix") VNCVIEWER_POPUP_FIX=1; export VNCVIEWER_POPUP_FIX
- ;;
- "-realvnc4") VNCVIEWER_IS_REALVNC4=1; export VNCVIEWER_IS_REALVNC4
- ;;
- "-h"*) help; exit 0
- ;;
- "--h"*) help; exit 0
- ;;
- *) break
- ;;
- esac
- shift
-done
-
-# maxconn is something we added to stunnel, this disables it:
-if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
- STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
-elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
- STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
-elif [ "X$reverse" != "X" ]; then
- STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
-else
- # new way (our patches). other than the above, we set these:
- if [ "X$SKIP_STUNNEL_ONCE" = "X" ]; then
- STUNNEL_ONCE=1; export STUNNEL_ONCE
- fi
- if [ "X$SKIP_STUNNEL_MAX_CLIENTS" = "X" ]; then
- STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
- fi
-fi
-# always set this one:
-if [ "X$SKIP_STUNNEL_NO_SYSLOG" = "X" ]; then
- STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
-fi
-
-# this is the -t ssh option (gives better keyboard response thru SSH tunnel)
-targ="-t"
-if [ "X$SS_VNCVIEWER_NO_T" != "X" ]; then
- targ=""
-fi
-
-# set the alpha blending env. hack:
-if [ "X$gotalpha" = "X1" ]; then
- VNCVIEWER_ALPHABLEND=1
- export VNCVIEWER_ALPHABLEND
-else
- NO_ALPHABLEND=1
- export NO_ALPHABLEND
-fi
-
-if [ "X$reverse" != "X" ]; then
- ssh_sleep=1800
- if [ "X$proxy" != "X" ]; then
- # check proxy usage under reverse connection:
- if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
- echo ""
- if echo "$proxy" | egrep -i "(repeater|vencrypt)://" > /dev/null; then
- :
- else
- echo "*Warning*: SSL -listen and a Web proxy does not make sense."
- sleep 2
- fi
- elif echo "$proxy" | grep "," > /dev/null; then
- :
- else
- echo ""
- echo "*Warning*: -listen and a single proxy/gateway does not make sense."
- sleep 2
- fi
-
- # we now try to PPROXY_LOOP_THYSELF, set this var to disable that.
- #SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
- fi
-fi
-if [ "X$ssh_cmd" = "X" ]; then
- # if no remote ssh cmd, sleep a bit:
- ssh_cmd="sleep $ssh_sleep"
-fi
-
-# this should be a host:display:
-#
-orig="$1"
-shift
-
-dL="-L"
-if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
- dL="-h"
-fi
-
-have_uvnc_dsm_helper_showcert=""
-if [ "X$showcert" = "X1" -a "X$SSVNC_USE_S_CLIENT" = "X" -a "X$reverse" = "X" ]; then
- if type ultravnc_dsm_helper >/dev/null 2>&1; then
- if ultravnc_dsm_helper -help 2>&1 | grep -w showcert >/dev/null; then
- have_uvnc_dsm_helper_showcert=1
- fi
- fi
-fi
-have_uvnc_dsm_helper_ipv6=""
-if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
- if type ultravnc_dsm_helper >/dev/null 2>&1; then
- if ultravnc_dsm_helper -help 2>&1 | grep -iw ipv6 >/dev/null; then
- have_uvnc_dsm_helper_ipv6=1
- fi
- fi
-fi
-
-rchk() {
- # a kludge to set $RANDOM if we are not bash:
- if [ "X$BASH_VERSION" = "X" ]; then
- RANDOM=`date +%S``sh -c 'echo $$'``ps -elf 2>&1 | sum 2>&1 | awk '{print $1}'`
- fi
-}
-rchk
-
-# a portable, but not absolutely safe, tmp file creator
-mytmp() {
- tf=$1
- if type mktemp > /dev/null 2>&1; then
- # if we have mktemp(1), use it:
- tf2="$tf.XXXXXX"
- tf2=`mktemp "$tf2"`
- if [ "X$tf2" != "X" -a -f "$tf2" ]; then
- if [ "X$DEBUG_MKTEMP" != "X" ]; then
- echo "mytmp-mktemp: $tf2" 1>&2
- fi
- echo "$tf2"
- return
- fi
- fi
- # fallback to multiple cmds:
- rm -rf "$tf" || exit 1
- if [ -d "$tf" ]; then
- echo "tmp file $tf still exists as a directory."
- exit 1
- elif [ $dL "$tf" ]; then
- echo "tmp file $tf still exists as a symlink."
- exit 1
- elif [ -f "$tf" ]; then
- echo "tmp file $tf still exists."
- exit 1
- fi
- touch "$tf" || exit 1
- chmod 600 "$tf" || exit 1
- rchk
- if [ "X$DEBUG_MKTEMP" != "X" ]; then
- echo "mytmp-touch: $tf" 1>&2
- fi
- echo "$tf"
-}
-
-# set up special case of ultravnc single click III mode:
-if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
- pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
- pstr1=`echo "$pstr" | sed -e 's/+.*$//'`
- pstr2=`echo "$pstr" | sed -e 's/^[^+]*+//'`
- SSVNC_REPEATER="SCIII=$pstr2"; export SSVNC_REPEATER
- orig=$pstr1
- echo
- echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
- proxy=""
-fi
-if echo "$proxy" | egrep "vencrypt://" > /dev/null; then
- vtmp="/tmp/ss_handshake${RANDOM}.$$.txt"
- vtmp=`mytmp "$vtmp"`
- SSVNC_PREDIGESTED_HANDSHAKE="$vtmp"
- export SSVNC_PREDIGESTED_HANDSHAKE
- if [ "X$SSVNC_USE_OURS" = "X" ]; then
- NEED_VENCRYPT_VIEWER_BRIDGE=1
- fi
-fi
-if [ "X$SSVNC_USE_OURS" = "X" ]; then
- VNCVIEWERCMD_EXTRA_OPTS=""
-fi
-
-
-# check -ssh and -mycert/-verify conflict:
-if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then
- if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then
- echo "-mycert and -verify cannot be used in -ssh mode"
- exit 1
- fi
-fi
-
-# direct mode Vnc:// means show no warnings.
-# direct mode vnc:// will show warnings.
-if echo "$orig" | grep '^V[Nn][Cc]://' > /dev/null; then
- SSVNC_NO_ENC_WARN=1
- export SSVNC_NO_ENC_WARN
- orig=`echo "$orig" | sed -e 's/^...:/vnc:/'`
-fi
-
-# interprest the pseudo URL proto:// strings:
-if echo "$orig" | grep '^vnc://' > /dev/null; then
- orig=`echo "$orig" | sed -e 's,vnc://,,'`
- verify=""
- mycert=""
- crl=""
- use_ssh=""
- use_sshssl=""
- direct_connect=1
-elif echo "$orig" | grep '^vncs://' > /dev/null; then
- orig=`echo "$orig" | sed -e 's,vncs://,,'`
-elif echo "$orig" | grep '^vncssl://' > /dev/null; then
- orig=`echo "$orig" | sed -e 's,vncssl://,,'`
-elif echo "$orig" | grep '^vnc+ssl://' > /dev/null; then
- orig=`echo "$orig" | sed -e 's,vnc.ssl://,,'`
-elif echo "$orig" | grep '^vncssh://' > /dev/null; then
- orig=`echo "$orig" | sed -e 's,vncssh://,,'`
- use_ssh=1
-elif echo "$orig" | grep '^vnc+ssh://' > /dev/null; then
- orig=`echo "$orig" | sed -e 's,vnc.ssh://,,'`
- use_ssh=1
-fi
-
-if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
- verify=""
- mycert=""
- crl=""
- use_ssh=""
- use_sshssl=""
- direct_connect=1
- if echo "$SSVNC_ULTRA_DSM" | grep 'noultra:' > /dev/null; then
- SSVNC_NO_ULTRA_DSM=1; export SSVNC_NO_ULTRA_DSM
- fi
-fi
-
-# rsh mode is an internal/secret thing only I use.
-rsh=""
-if echo "$orig" | grep '^rsh://' > /dev/null; then
- use_ssh=1
- rsh=1
- orig=`echo "$orig" | sed -e 's,rsh://,,'`
-elif echo "$orig" | grep '^rsh:' > /dev/null; then
- use_ssh=1
- rsh=1
- orig=`echo "$orig" | sed -e 's,rsh:,,'`
-fi
-
-# play around with host:display port:
-if echo "$orig" | grep ':' > /dev/null; then
- :
-else
- # add or assume :0 if no ':'
- if [ "X$reverse" = "X" ]; then
- orig="$orig:0"
- elif [ "X$orig" = "X" ]; then
- orig=":0"
- fi
-fi
-
-# extract host and disp number:
-
-# try to see if it is ipv6 address:
-ipv6=0
-if echo "$orig" | grep '\[' > /dev/null; then
- # ipv6 [fe80::219:dbff:fee5:3f92%eth1]:5900
- host=`echo "$orig" | sed -e 's/\].*$//' -e 's/\[//'`
- disp=`echo "$orig" | sed -e 's/^.*\]://'`
- ipv6=1
-elif echo "$orig" | grep ':..*:' > /dev/null; then
- # ipv6 fe80::219:dbff:fee5:3f92%eth1:5900
- host=`echo "$orig" | sed -e 's/:[^:]*$//'`
- disp=`echo "$orig" | sed -e 's/^.*://'`
- ipv6=1
-else
- # regular host:port
- host=`echo "$orig" | awk -F: '{print $1}'`
- disp=`echo "$orig" | awk -F: '{print $2}'`
-fi
-
-if [ "X$reverse" != "X" -a "X$STUNNEL_LISTEN" = "X" -a "X$host" != "X" ]; then
- STUNNEL_LISTEN=$host
- echo "set STUNNEL_LISTEN=$STUNNEL_LISTEN"
-fi
-
-if [ "X$host" = "X" ]; then
- host=$localhost
-fi
-
-if [ "X$SSVNC_IPV6" = "X0" ]; then
- # disable checking for it.
- ipv6=0
-#elif [ "X$reverse" != "X" -a "X$ipv6" = "X1" ]; then
-# ipv6=0
-elif [ "X$ipv6" = "X1" ]; then
- :
-elif echo "$host" | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' > /dev/null; then
- :
-else
- # regular hostname, can't be sure...
- gout=""
- if type getent > /dev/null 2>/dev/null; then
- gout=`getent hosts "$host" 2>/dev/null`
- fi
- if echo "$gout" | grep ':.*:' > /dev/null; then
- if echo "$gout" | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' > /dev/null; then
- :
- else
- echo "ipv6: "`echo "$gout" | grep ':.*:' | head -n 1`
- ipv6=1
- fi
- fi
- if [ "X$ipv6" = "X0" ]; then
- hout=""
- if type host > /dev/null 2>/dev/null; then
- host "$host" >/dev/null 2>&1
- host "$host" >/dev/null 2>&1
- hout=`host "$host" 2>/dev/null`
- fi
- if echo "$hout" | grep -i 'has ipv6 address' > /dev/null; then
- if echo "$hout" | grep -i 'has address' > /dev/null; then
- :
- else
- echo "ipv6: "`echo "$hout" | grep -i 'has ipv6 address' | head -n 1`
- ipv6=1
- fi
- fi
- fi
- if [ "X$ipv6" = "X0" ]; then
- dout=""
- if type dig > /dev/null 2>/dev/null; then
- dout=`dig -t any "$host" 2>/dev/null`
- fi
- if echo "$dout" | grep -i "^$host" | grep '[ ]AAAA[ ]' > /dev/null; then
- if echo "$dout" | grep -i "^$host" | grep '[ ]A[ ]' > /dev/null; then
- :
- else
- echo "ipv6: "`echo "$dout" | grep -i '[ ]AAAA[ ]' | head -n 1`
- ipv6=1
- fi
- fi
- fi
- if [ "X$ipv6" = "X0" ]; then
- sout=`env LOOKUP="$host" \
- perl -e ' eval {use Socket}; exit 0 if $@;
- eval {use Socket6}; exit 0 if $@;
- @res = getaddrinfo($ENV{LOOKUP}, "daytime", AF_UNSPEC, SOCK_STREAM);
- $ipv4 = 0;
- $ipv6 = 0;
- $ip6 = "";
- while (scalar(@res) >= 5) {
- ($family, $socktype, $proto, $saddr, $canon, @res) = @res;
- $ipv4 = 1 if $family == AF_INET;
- $ipv6 = 1 if $family == AF_INET6;
- if ($family == AF_INET6 && $ip6 eq "") {
- my ($host, $port) = getnameinfo($saddr, NI_NUMERICHOST | NI_NUMERICSERV);
- $ip6 = $host;
- }
- }
- if (! $ipv4 && $ipv6) {
- print "AF_INET6_ONLY: $ENV{LOOKUP}: $ip6\n";
- }
- exit 0;
- ' 2>/dev/null`
- if echo "$sout" | grep AF_INET6_ONLY > /dev/null; then
- echo "$sout"
- ipv6=1
- fi
- fi
-fi
-if [ "X$ipv6" = "X1" ]; then
- echo "ipv6: addr=$host disp=$disp"
-fi
-if [ "X$disp" = "X" ]; then
- port="" # probably -listen mode.
-elif [ $disp -lt 0 ]; then
- # negative means use |n| without question:
- port=`expr 0 - $disp`
-elif [ $disp -lt 200 ]; then
- # less than 200 means 5900+n
- if [ "X$reverse" = "X" ]; then
- port=`expr $disp + 5900`
- else
- port=`expr $disp + 5500`
- fi
-else
- # otherwise use the number directly, e.g. 443, 2345
- port=$disp
-fi
-
-if [ "X$ipv6" = "X1" -a "X$direct_connect" = "X1" ]; then
- if [ "X$proxy" = "X" -a "X$reverse" = "X" ]; then
- if [ "X$SSVNC_ULTRA_DSM" != "X" -a "X$have_uvnc_dsm_helper_ipv6" = "X1" ]; then
- :
- elif [ "X$SSVNC_NO_IPV6_PROXY" != "X" ]; then
- :
- elif [ "X$SSVNC_NO_IPV6_PROXY_DIRECT" != "X" ]; then
- :
- else
- proxy="ipv6://$host:$port"
- echo "direct connect: set proxy=$proxy"
- fi
- fi
-fi
-
-# (possibly) tell the vncviewer to only listen on lo:
-if [ "X$reverse" != "X" ]; then
- if [ "X$direct_connect" = "X" -o "X$proxy" != "X" -o "X$STUNNEL_LISTEN" != "X" ]; then
- VNCVIEWER_LISTEN_LOCALHOST=1
- export VNCVIEWER_LISTEN_LOCALHOST
- fi
-fi
-
-# try to find an open listening port via netstat(1):
-inuse=""
-if uname | grep Linux > /dev/null; then
- inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'`
-elif uname | grep SunOS > /dev/null; then
- inuse=`netstat -an -f inet -P tcp | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $1}' | sed 's/^.*\.//'`
-elif uname | egrep -i 'bsd|darwin' > /dev/null; then
- inuse=`netstat -ant -f inet | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*\.//'`
-# add others...
-fi
-
-# this is a crude attempt for unique ports tags, etc.
-date_sec=`date +%S`
-
-# these are special cases of no vnc, e.g. sleep or xmessage.
-# these are for using ssvnc as a general port redirector.
-if echo "$VNCVIEWERCMD" | grep '^sleep[ ][ ]*[0-9][0-9]*' > /dev/null; then
- if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
- p=`echo "$VNCVIEWERCMD" | awk '{print $3}'`
- if [ "X$p" != "X" ]; then
- SS_VNCVIEWER_LISTEN_PORT=$p
- fi
- fi
- p2=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
- VNCVIEWERCMD="eval sleep $p2; echo Local "
-elif echo "$VNCVIEWERCMD" | grep '^xmessage[ ][ ]*[0-9][0-9]*' > /dev/null; then
- if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
- p=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
- SS_VNCVIEWER_LISTEN_PORT=$p
- fi
-fi
-
-# utility to find a free port to listen on.
-findfree() {
- try0=$1
- try=$try0
- use0=""
-
- if [ "X$SS_VNCVIEWER_LISTEN_PORT" != "X" ]; then
- echo "$SS_VNCVIEWER_LISTEN_PORT"
- return
- fi
- if [ $try -ge 6000 ]; then
- fmax=`expr $try + 1000`
- else
- fmax=6000
- fi
-
- while [ $try -lt $fmax ]
- do
- if [ "X$inuse" = "X" ]; then
- break
- fi
- if echo "$inuse" | grep -w $try > /dev/null; then
- :
- else
- use0=$try
- break
- fi
- try=`expr $try + 1`
- done
- if [ "X$use0" = "X" ]; then
- use0=`expr $date_sec + $try0`
- fi
-
- echo $use0
-}
-
-# utility for exiting; kills some helper processes,
-# removes files, etc.
-final() {
- echo ""
- if [ "X$tmp_cfg" != "X" ]; then
- rm -f $tmp_cfg
- fi
- if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
- rm -f $SS_VNCVIEWER_RM 2>/dev/null
- fi
- if [ "X$tcert" != "X" ]; then
- rm -f $tcert
- fi
- if [ "X$pssh" != "X" ]; then
- echo "Terminating background ssh process"
- echo kill -TERM "$pssh"
- kill -TERM "$pssh" 2>/dev/null
- sleep 1
- kill -KILL "$pssh" 2>/dev/null
- pssh=""
- fi
- if [ "X$stunnel_pid" != "X" ]; then
- echo "Terminating background stunnel process"
- echo kill -TERM "$stunnel_pid"
- kill -TERM "$stunnel_pid" 2>/dev/null
- sleep 1
- kill -KILL "$stunnel_pid" 2>/dev/null
- stunnel_pid=""
- fi
- if [ "X$dsm_pid" != "X" ]; then
- echo "Terminating background ultravnc_dsm_helper process"
- echo kill -TERM "$dsm_pid"
- kill -TERM "$dsm_pid" 2>/dev/null
- sleep 1
- kill -KILL "$dsm_pid" 2>/dev/null
- stunnel_pid=""
- fi
- if [ "X$tail_pid" != "X" ]; then
- kill -TERM $tail_pid
- fi
- if [ "X$tail_pid2" != "X" ]; then
- kill -TERM $tail_pid2
- fi
-}
-
-if [ "X$reverse" = "X" ]; then
- # normal connections try 5930-5999:
- if [ "X$showcert" = "X" ]; then
- use=`findfree 5930`
- else
- # move away from normal place for (possibly many) -showcert
- pstart=`date +%S`
- pstart=`expr 6130 + $pstart + $pstart`
- use=`findfree $pstart`
- fi
- if [ $use -ge 5900 ]; then
- N=`expr $use - 5900`
- else
- N=$use
- fi
-else
- # reverse connections:
- p2=`expr $port + 30`
- use=`findfree $p2`
- if [ $use -ge 5500 ]; then
- N=`expr $use - 5500`
- else
- N=$use
- fi
-fi
-
-# this is for my special use of ss_vncip -> vncip viewer.
-if echo "$0" | grep vncip > /dev/null; then
- VNCVIEWERCMD="$VNCIPCMD"
-fi
-
-if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
- :
-elif [ "X$VNCVIEWERCMD_EXTRA_OPTS" != "X" ]; then
- VNCVIEWERCMD="$VNCVIEWERCMD $VNCVIEWERCMD_EXTRA_OPTS"
-fi
-
-# trick for the undocumented rsh://host:port method.
-rsh_setup() {
- if echo "$ssh_host" | grep '@' > /dev/null; then
- ul=`echo "$ssh_host" | awk -F@ '{print $1}'`
- ul="-l $ul"
- ssh_host=`echo "$ssh_host" | awk -F@ '{print $2}'`
- else
- ul=""
- fi
- ssh_cmd=`echo "$ssh_cmd" | sed -e 's/ -localhost/ /g'`
-}
-
-# trick for the undocumented rsh://host:port method.
-rsh_viewer() {
- trap "final" 0 2 15
- if [ "X$PORT" = "X" ]; then
- exit 1
- elif [ $PORT -ge 5900 ]; then
- vdpy=`expr $PORT - 5900`
- else
- vdpy=":$PORT"
- fi
- stty sane
- echo "$VNCVIEWERCMD" "$@" $ssh_host:$vdpy
- echo ""
- $VNCVIEWERCMD "$@" $ssh_host:$vdpy
- if [ $? != 0 ]; then
- sleep 2
- $VNCVIEWERCMD "$@" $ssh_host:$vdpy
- fi
-}
-
-check_perl() {
- if type "$1" > /dev/null 2>&1; then
- :
- elif [ ! -x "$1" ]; then
- echo ""
- echo "*******************************************************"
- echo "** Problem finding the Perl command '$1': **"
- echo ""
- type "perl"
- echo ""
- echo "** Perhaps you need to install the Perl package. **"
- echo "*******************************************************"
- echo ""
- sleep 5
- fi
-}
-
-# this is the PPROXY tool. used only here for now...
-pcode() {
- tf=$1
- PPROXY_PROXY=$proxy; export PPROXY_PROXY
- PPROXY_DEST="$host:$port"; export PPROXY_DEST
- check_perl /usr/bin/perl
-
- cod='#!/usr/bin/perl
-
-# A hack to glue stunnel to a Web or SOCKS proxy, UltraVNC repeater for
-# client connections.
-# Also acts as a VeNCrypt bridge (by redirecting to stunnel.)
-
-use IO::Socket::INET;
-
-my $have_inet6 = "";
-eval "use IO::Socket::INET6;";
-$have_inet6 = 1 if $@ eq "";
-
-#my $have_sock6 = "";
-#eval "use Socket; use Socket6;";
-#$have_sock6 = 1 if $@ eq "";
-
-if (exists $ENV{PPROXY_LOOP_THYSELF}) {
- # used for reverse vnc, run a repeating outer loop.
- print STDERR "PPROXY_LOOP: $ENV{PPROXY_LOOP_THYSELF}\n";
- my $rm = $ENV{PPROXY_REMOVE};
- my $lp = $ENV{PPROXY_LOOP_THYSELF};
- delete $ENV{PPROXY_REMOVE};
- delete $ENV{PPROXY_LOOP_THYSELF};
- $ENV{PPROXY_LOOP_THYSELF_MASTER} = $$;
- my $pid = $$;
- my $dbg = 0;
- my $c = 0;
- use POSIX ":sys_wait_h";
- while (1) {
- $pid = fork();
- last if ! defined $pid;
- if ($pid eq "0") {
- last;
- }
- $c++;
- print STDERR "\nPPROXY_LOOP: pid=$$ child=$pid count=$c\n";
- while (1) {
- waitpid(-1, WNOHANG);
- fsleep(0.25);
- if (! kill 0, $pid) {
- print STDERR "PPROXY_LOOP: child=$pid gone.\n";
- last;
- }
- print STDERR "PPROXY_LOOP: child=$pid alive.\n" if $dbg;
- if (! -f $lp) {
- print STDERR "PPROXY_LOOP: flag file $lp gone, killing $pid\n";
- kill TERM, $pid;
- fsleep(0.1);
- wait;
- last;
- }
- print STDERR "PPROXY_LOOP: file exists $lp\n" if $dbg;
- }
- last if ! -f $lp;
- fsleep(0.25);
- }
- if ($pid ne "0") {
- unlink($0) if $rm;
- exit 0;
- }
-}
-
-if (exists $ENV{PPROXY_SLEEP} && $ENV{PPROXY_SLEEP} > 0) {
- print STDERR "PPROXY_PID: $$\n";
- sleep $ENV{PPROXY_SLEEP};
-}
-
-foreach my $var (qw(
- PPROXY_DEST
- PPROXY_KILLPID
- PPROXY_LISTEN
- PPROXY_PROXY
- PPROXY_REMOVE
- PPROXY_REPEATER
- PPROXY_REVERSE
- PPROXY_SLEEP
- PPROXY_SOCKS
- PPROXY_VENCRYPT
- PPROXY_VENCRYPT_VIEWER_BRIDGE
- )) {
- if (0 || $ENV{SS_DEBUG} || $ENV{SSVNC_VENCRYPT_DEBUG}) {
- print STDERR "$var: $ENV{$var}\n";
- }
-}
-
-if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
- if ($ENV{PPROXY_SOCKS} eq "5") {
- $ENV{PPROXY_PROXY} = "socks5://$ENV{PPROXY_PROXY}";
- } else {
- $ENV{PPROXY_PROXY} = "socks://$ENV{PPROXY_PROXY}";
- }
-}
-
-my $rfbSecTypeAnonTls = 18;
-my $rfbSecTypeVencrypt = 19;
-
-my $rfbVencryptPlain = 256;
-my $rfbVencryptTlsNone = 257;
-my $rfbVencryptTlsVnc = 258;
-my $rfbVencryptTlsPlain = 259;
-my $rfbVencryptX509None = 260;
-my $rfbVencryptX509Vnc = 261;
-my $rfbVencryptX509Plain = 262;
-
-my $handshake_file = "";
-if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE}) {
- $handshake_file = $ENV{SSVNC_PREDIGESTED_HANDSHAKE};
-}
-
-my $have_gettimeofday = 0;
-eval "use Time::HiRes;";
-if ($@ eq "") {
- $have_gettimeofday = 1;
-}
-sub gettime {
- my $t = "0.0";
- if ($have_gettimeofday) {
- $t = Time::HiRes::gettimeofday();
- }
- return $t;
-}
-
-my $listen_handle = "";
-my $sock = "";
-my $parent = $$;
-
-my $initial_data = "";
-
-if ($ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}) {
- my ($from, $to) = split(/,/, $ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE});
- do_vencrypt_viewer_bridge($from, $to);
- exit 0;
-}
-
-my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
-my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
-
-($first, $mode_1st) = url_parse($first);
-
-my ($proxy_host, $proxy_port) = ($first, "");
-if ($proxy_host =~ /^(.*):(\d+)$/) {
- $proxy_host = $1;
- $proxy_port = $2;
-}
-my $connect = $ENV{PPROXY_DEST};
-
-if ($second ne "") {
- ($second, $mode_2nd) = url_parse($second);
-}
-
-if ($third ne "") {
- ($third, $mode_3rd) = url_parse($third);
-}
-
-
-print STDERR "\n";
-print STDERR "PPROXY v0.4: a tool for Web, SOCKS, and UltraVNC proxies and for\n";
-print STDERR "PPROXY v0.4: IPv6 and VNC VeNCrypt bridging.\n";
-print STDERR "proxy_host: $proxy_host\n";
-print STDERR "proxy_port: $proxy_port\n";
-print STDERR "proxy_connect: $connect\n";
-print STDERR "pproxy_params: $ENV{PPROXY_PROXY}\n";
-print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n";
-print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n";
-print STDERR "io_socket_inet6: $have_inet6\n";
-print STDERR "\n";
-if (! $have_inet6) {
- print STDERR "PPROXY: To enable IPv6 connections, install the IO::Socket::INET6 perl module.\n\n";
-}
-
-if (1) {
- print STDERR "pproxy 1st: $first\t- $mode_1st\n";
- print STDERR "pproxy 2nd: $second\t- $mode_2nd\n";
- print STDERR "pproxy 3rd: $third\t- $mode_3rd\n";
- print STDERR "\n";
-}
-
-sub pdie {
- my $msg = shift;
- kill_proxy_pids();
- die "$msg";
-}
-
-if ($ENV{PPROXY_REVERSE} ne "") {
- my ($rhost, $rport) = ($ENV{PPROXY_REVERSE}, "");
- if ($rhost =~ /^(.*):(\d+)$/) {
- $rhost = $1;
- $rport = $2;
- }
- $rport = 5900 unless $rport;
- my $emsg = "";
- $listen_handle = IO::Socket::INET->new(
- PeerAddr => $rhost,
- PeerPort => $rport,
- Proto => "tcp"
- );
- $emsg = $!;
- if (! $listen_handle && $have_inet6) {
- eval {$listen_handle = IO::Socket::INET6->new(
- PeerAddr => $rhost,
- PeerPort => $rport,
- Proto => "tcp"
- );};
- $emsg .= " / $!";
- }
- if (! $listen_handle) {
- pdie "pproxy: $emsg -- PPROXY_REVERSE\n";
- }
- print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n";
-
-} elsif ($ENV{PPROXY_LISTEN} ne "") {
- my $listen_sock = "";
- my $maxtry = 12;
- my $sleep = 5;
- my $p2 = "";
- my $emsg = "";
- for (my $i=0; $i < $maxtry; $i++) {
- my ($if, $p) = ("", $ENV{PPROXY_LISTEN});
- if ($p =~ /^(.*):(\d+)$/) {
- $if = $1;
- $p = $2;
- }
- $p2 = "*:$p";
- if ($if eq "") {
- $if = "localhost";
- }
- print STDERR "pproxy interface: $if\n";
-
- $emsg = "";
- if (($if eq "INADDR_ANY6" || $if eq "::") && $have_inet6) {
- eval {$listen_sock = IO::Socket::INET6->new(
- Listen => 2,
- ReuseAddr => 1,
- Domain => AF_INET6,
- LocalAddr => "::",
- LocalPort => $p,
- Proto => "tcp"
- );};
- $p2 = ":::$p";
- } elsif ($if =~ /^INADDR_ANY/) {
- $listen_sock = IO::Socket::INET->new(
- Listen => 2,
- ReuseAddr => 1,
- LocalPort => $p,
- Proto => "tcp"
- );
- } elsif (($if eq "INADDR_LOOPBACK6" || $if eq "::1") && $have_inet6) {
- $p2 = "::1:$p";
- eval {$listen_sock = IO::Socket::INET6->new(
- Listen => 2,
- ReuseAddr => 1,
- Domain => AF_INET6,
- LocalAddr => "::1",
- LocalPort => $p,
- Proto => "tcp"
- );};
- $p2 = "::1:$p";
- } else {
- $p2 = "$if:$p";
- $listen_sock = IO::Socket::INET->new(
- Listen => 2,
- ReuseAddr => 1,
- LocalAddr => $if,
- LocalPort => $p,
- Proto => "tcp"
- );
- $emsg = $!;
-
- if (! $listen_sock && $have_inet6) {
- print STDERR "PPROXY_LISTEN: retry with INET6\n";
- eval {$listen_sock = IO::Socket::INET6->new(
- Listen => 2,
- ReuseAddr => 1,
- Domain => AF_INET6,
- LocalAddr => $if,
- LocalPort => $p,
- Proto => "tcp"
- );};
- $emsg .= " / $!";
- }
- }
- if (! $listen_sock) {
- if ($i < $maxtry - 1) {
- warn "pproxy: $emsg $!\n";
- warn "Could not listen on port $p2, retrying in $sleep seconds... (Ctrl-C to quit)\n";
- sleep $sleep;
- }
- } else {
- last;
- }
- }
- if (! $listen_sock) {
- pdie "pproxy: $emsg -- PPROXY_LISTEN\n";
- }
- print STDERR "pproxy: listening on $p2\n";
- my $ip;
- ($listen_handle, $ip) = $listen_sock->accept();
- my $err = $!;
- close $listen_sock;
- if (! $listen_handle) {
- pdie "pproxy: $err\n";
- }
-
- if ($ENV{PPROXY_LOOP_THYSELF_MASTER}) {
- my $sml = $ENV{SSVNC_MULTIPLE_LISTEN};
- if ($sml ne "" && $sml ne "0") {
- setpgrp(0, 0);
- if (fork()) {
- close $viewer_sock;
- wait;
- exit 0;
- }
- if (fork()) {
- close $viewer_sock;
- exit 0;
- }
- setpgrp(0, 0);
- $parent = $$;
- }
- }
-}
-
-$sock = IO::Socket::INET->new(
- PeerAddr => $proxy_host,
- PeerPort => $proxy_port,
- Proto => "tcp"
-);
-
-my $err = "";
-
-if (! $sock && $have_inet6) {
- $err = $!;
-
- eval {$sock = IO::Socket::INET6->new(
- PeerAddr => $proxy_host,
- PeerPort => $proxy_port,
- Proto => "tcp"
- );};
- $err .= " / $!";
-}
-
-if (! $sock) {
- unlink($0) if $ENV{PPROXY_REMOVE};
- pdie "pproxy: $err\n";
-}
-
-unlink($0) if $ENV{PPROXY_REMOVE};
-
-if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_VENCRYPT_REVERSE}) {
- print STDERR "\nPPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n";
- my $tmp_swap = $sock;
- $sock = $listen_handle;
- $listen_handle = $tmp_swap;
-}
-
-$cur_proxy = $first;
-setmode($mode_1st);
-
-if ($second ne "") {
- connection($second, 1);
-
- setmode($mode_2nd);
- $cur_proxy = $second;
-
- if ($third ne "") {
- connection($third, 2);
- setmode($mode_3rd);
- $cur_proxy = $third;
- connection($connect, 3);
- } else {
- connection($connect, 2);
- }
-} else {
- connection($connect, 1);
-}
-
-sub kill_proxy_pids() {
- if ($ENV{PPROXY_VENCRYPT_VIEWER_BRIDGE}) {
- return;
- }
- if ($ENV{PPROXY_KILLPID}) {
- foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) {
- if ($p =~ /^(\+|-)/) {
- $p = $parent + $p;
- }
- print STDERR "kill TERM, $p (PPROXY_KILLPID)\n";
- kill "TERM", $p;
- }
- }
-}
-
-sub xfer {
- my($in, $out) = @_;
- $RIN = $WIN = $EIN = "";
- $ROUT = "";
- vec($RIN, fileno($in), 1) = 1;
- vec($WIN, fileno($in), 1) = 1;
- $EIN = $RIN | $WIN;
-
- while (1) {
- my $nf = 0;
- while (! $nf) {
- $nf = select($ROUT=$RIN, undef, undef, undef);
- }
- my $len = sysread($in, $buf, 8192);
- if (! defined($len)) {
- next if $! =~ /^Interrupted/;
- print STDERR "pproxy[$$]: $!\n";
- last;
- } elsif ($len == 0) {
- print STDERR "pproxy[$$]: Input is EOF.\n";
- last;
- }
- my $offset = 0;
- my $quit = 0;
- while ($len) {
- my $written = syswrite($out, $buf, $len, $offset);
- if (! defined $written) {
- print STDERR "pproxy[$$]: Output is EOF. $!\n";
- $quit = 1;
- last;
- }
- $len -= $written;
- $offset += $written;
- }
- last if $quit;
- }
- close($out);
- close($in);
- print STDERR "pproxy[$$]: finished xfer.\n";
-}
-
-sub handler {
- print STDERR "pproxy[$$]: got SIGTERM.\n";
- close $listen_handle if $listen_handle;
- close $sock if $sock;
- exit;
-}
-
-sub xfer_both {
- $child = fork;
-
- if (! defined $child) {
- kill_proxy_pids();
- exit 1;
- }
-
- $SIG{TERM} = "handler";
-
- if ($child) {
- if ($listen_handle) {
- print STDERR "pproxy parent[$$] listen_handle -> socket\n";
- xfer($listen_handle, $sock);
- } else {
- print STDERR "pproxy parent[$$] STDIN -> socket\n";
- xfer(STDIN, $sock);
- }
- select(undef, undef, undef, 0.25);
- if (kill 0, $child) {
- select(undef, undef, undef, 0.9);
- if (kill 0, $child) {
- print STDERR "pproxy[$$]: kill TERM child $child\n";
- kill "TERM", $child;
- } else {
- print STDERR "pproxy[$$]: child $child gone.\n";
- }
- }
- } else {
- select(undef, undef, undef, 0.05);
- if ($listen_handle) {
- print STDERR "pproxy child [$$] socket -> listen_handle\n";
- if ($initial_data ne "") {
- my $len = length $initial_data;
- print STDERR "pproxy child [$$] sending initial_data, length $len\n\n";
- syswrite($listen_handle, $initial_data, $len);
- } else {
- print STDERR "\n";
- }
- xfer($sock, $listen_handle);
- } else {
- print STDERR "pproxy child [$$] socket -> STDOUT\n";
- if ($initial_data ne "") {
- my $len = length $initial_data;
- print STDERR "pproxy child [$$] sending initial_data, length $len\n\n";
- syswrite(STDOUT, $initial_data, $len);
- } else {
- print STDERR "\n";
- }
- xfer($sock, STDOUT);
- }
- select(undef, undef, undef, 0.25);
- if (kill 0, $parent) {
- select(undef, undef, undef, 0.8);
- if (kill 0, $parent) {
- print STDERR "pproxy[$$]: kill TERM parent $parent\n";
- kill "TERM", $parent;
- } else {
- print STDERR "pproxy[$$]: parent $parent gone.\n";
- }
- }
- }
-
- kill_proxy_pids();
-}
-
-xfer_both();
-
-exit;
-
-sub fsleep {
- select(undef, undef, undef, shift);
-}
-
-sub url_parse {
- my $hostport = shift;
- my $mode = "http";
- if ($hostport =~ m,^socks4?://(\S*)$,i) {
- $mode = "socks4";
- $hostport = $1;
- } elsif ($hostport =~ m,^socks5://(\S*)$,i) {
- $mode = "socks5";
- $hostport = $1;
- } elsif ($hostport =~ m,^https?://(\S*)$,i) {
- $mode = "http";
- $hostport = $1;
- } elsif ($hostport =~ m,^ipv6://(\S*)$,i) {
- $mode = "ipv6";
- $hostport = $1;
- } elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) {
- # ultravnc repeater proxy.
- $hostport = $1;
- $mode = "repeater:$2";
- if ($hostport !~ /:\d+$/) {
- $hostport .= ":5900";
- }
- } elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
- # vencrypt handshake.
- $hostport = $1;
- my $m = "connect";
- if ($hostpost =~ /^(\S+)\+(\S+)$/) {
- $hostport = $1;
- $mode = $2;
- }
- $mode = "vencrypt:$m";
- if ($hostport !~ /:\d+$/) {
- $hostport .= ":5900";
- }
- }
- return ($hostport, $mode);
-}
-
-sub setmode {
- my $mode = shift;
- $ENV{PPROXY_REPEATER} = "";
- $ENV{PPROXY_VENCRYPT} = "";
- if ($mode =~ /^socks/) {
- if ($mode =~ /^socks5/) {
- $ENV{PPROXY_SOCKS} = 5;
- } else {
- $ENV{PPROXY_SOCKS} = 1;
- }
- } elsif ($mode =~ /^ipv6/i) {
- $ENV{PPROXY_SOCKS} = 0;
- } elsif ($mode =~ /^repeater:(.*)/) {
- $ENV{PPROXY_REPEATER} = $1;
- $ENV{PPROXY_SOCKS} = "";
- } elsif ($mode =~ /^vencrypt:(.*)/) {
- $ENV{PPROXY_VENCRYPT} = $1;
- $ENV{PPROXY_SOCKS} = "";
- } else {
- $ENV{PPROXY_SOCKS} = "";
- }
-}
-
-sub connection {
- my ($CONNECT, $w) = @_;
-
- my $con = "";
- my $msg = "";
-
- if ($ENV{PPROXY_SOCKS} eq "5") {
- # SOCKS5
- my ($h, $p) = ($CONNECT, "");
- if ($h =~ /^(.*):(\d+)$/) {
- $h = $1;
- $p = $2;
- }
- $con .= pack("C", 0x05);
- $con .= pack("C", 0x01);
- $con .= pack("C", 0x00);
-
- $msg = "SOCKS5 via $cur_proxy to $h:$p\n\n";
- print STDERR "proxy_request$w: $msg";
-
- syswrite($sock, $con, length($con));
-
- my ($n1, $n2, $n3, $n4, $n5, $n6);
- my ($r1, $r2, $r3, $r4, $r5, $r6);
- my ($s1, $s2, $s3, $s4, $s5, $s6);
-
- $n1 = sysread($sock, $r1, 1);
- $n2 = sysread($sock, $r2, 1);
-
- $s1 = unpack("C", $r1);
- $s2 = unpack("C", $r2);
- if ($s1 != 0x05 || $s2 != 0x00) {
- print STDERR "SOCKS5 fail s1=$s1 s2=$s2 n1=$n1 n2=$n2\n";
- close $sock;
- exit(1);
- }
-
- $con = "";
- $con .= pack("C", 0x05);
- $con .= pack("C", 0x01);
- $con .= pack("C", 0x00);
- $con .= pack("C", 0x03);
- $con .= pack("C", length($h));
- $con .= $h;
- $con .= pack("C", $p >> 8);
- $con .= pack("C", $p & 0xff);
-
- syswrite($sock, $con, length($con));
-
- $n1 = sysread($sock, $r1, 1);
- $n2 = sysread($sock, $r2, 1);
- $n3 = sysread($sock, $r3, 1);
- $n4 = sysread($sock, $r4, 1);
- $s1 = unpack("C", $r1);
- $s2 = unpack("C", $r2);
- $s3 = unpack("C", $r3);
- $s4 = unpack("C", $r4);
-
- if ($s4 == 0x1) {
- sysread($sock, $r5, 4 + 2);
- } elsif ($s4 == 0x3) {
- sysread($sock, $r5, 1);
- $s5 = unpack("C", $r5);
- sysread($sock, $r6, $s5 + 2);
- } elsif ($s4 == 0x4) {
- sysread($sock, $r5, 16 + 2);
- }
-
- if ($s1 != 0x5 || $s2 != 0x0 || $s3 != 0x0) {
- print STDERR "SOCKS5 failed: s1=$s1 s2=$s2 s3=$s3 s4=$s4 n1=$n1 n2=$n2 n3=$n3 n4=$n4\n";
- close $sock;
- exit(1);
- }
-
- } elsif ($ENV{PPROXY_SOCKS} eq "1") {
- # SOCKS4 SOCKS4a
- my ($h, $p) = ($CONNECT, "");
- if ($h =~ /^(.*):(\d+)$/) {
- $h = $1;
- $p = $2;
- }
- $con .= pack("C", 0x04);
- $con .= pack("C", 0x01);
- $con .= pack("n", $p);
-
- my $SOCKS_4a = 0;
- if ($h eq "localhost" || $h eq "127.0.0.1") {
- $con .= pack("C", 127);
- $con .= pack("C", 0);
- $con .= pack("C", 0);
- $con .= pack("C", 1);
- } elsif ($h =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
- $con .= pack("C", $1);
- $con .= pack("C", $2);
- $con .= pack("C", $3);
- $con .= pack("C", $4);
- } else {
- $con .= pack("C", 0);
- $con .= pack("C", 0);
- $con .= pack("C", 0);
- $con .= pack("C", 3);
- $SOCKS_4a = 1;
- }
-
- $con .= "nobody";
- $con .= pack("C", 0);
-
- $msg = "SOCKS4 via $cur_proxy to $h:$p\n\n";
- if ($SOCKS_4a) {
- $con .= $h;
- $con .= pack("C", 0);
- $msg =~ s/SOCKS4/SOCKS4a/;
- }
- print STDERR "proxy_request$w: $msg";
- syswrite($sock, $con, length($con));
-
- my $ok = 1;
- for (my $i = 0; $i < 8; $i++) {
- my $c;
- sysread($sock, $c, 1);
- my $s = unpack("C", $c);
- if ($i == 0) {
- $ok = 0 if $s != 0x0;
- } elsif ($i == 1) {
- $ok = 0 if $s != 0x5a;
- }
- }
- if (! $ok) {
- print STDERR "SOCKS4 failed.\n";
- close $sock;
- exit(1);
- }
- } elsif ($ENV{PPROXY_SOCKS} eq "0") {
- # hack for ipv6 "proxy", nothing to do, assume INET6 call worked.
- ;
- } elsif ($ENV{PPROXY_REPEATER} ne "") {
- my $rep = $ENV{PPROXY_REPEATER};
- print STDERR "repeater: $rep\n";
- $rep .= pack("x") x 250;
- syswrite($sock, $rep, 250);
-
- my $rfb = "";
-
- my $ok = 1;
- for (my $i = 0; $i < 12; $i++) {
- my $c;
- last if $ENV{PPROXY_GENERIC_REPEATER};
- sysread($sock, $c, 1);
- print STDERR $c;
- $rfb .= $c;
- }
- if ($rfb ne "" && $rfb !~ /^RFB 000\.000/) {
- $initial_data = $rfb;
- $rfb =~ s/\n//g;
- print STDERR "detected non-UltraVNC repeater; forwarding \"$rfb\"\nlength: ", length($initial_data), "\n";
- }
- } elsif ($ENV{PPROXY_VENCRYPT} ne "") {
- my $vencrypt = $ENV{PPROXY_VENCRYPT};
- vencrypt_dialog($vencrypt);
-
- } else {
- # Web Proxy:
- $con = "CONNECT $CONNECT HTTP/1.1\r\n";
- $con .= "Host: $CONNECT\r\n";
- $con .= "Connection: close\r\n\r\n";
- $msg = $con;
-
- print STDERR "proxy_request$w: via $cur_proxy:\n$msg";
- syswrite($sock, $con, length($con));
-
- my $rep = "";
- my $n = 0;
- while ($rep !~ /\r\n\r\n/ && $n < 30000) {
- my $c;
- sysread($sock, $c, 1);
- print STDERR $c;
- $rep .= $c;
- $n++;
- }
- if ($rep !~ m,HTTP/.* 200,) {
- print STDERR "HTTP CONNECT failed.\n";
- close $sock;
- exit(1);
- }
- }
-}
-
-sub vdie {
- append_handshake("done\n");
- close $sock;
- kill_proxy_pids();
- exit(1);
-}
-
-sub anontls_handshake {
- my ($vmode, $db) = @_;
-
- print STDERR "\nPPROXY: Doing ANONTLS Handshake\n";
-
- my $psec = pack("C", $rfbSecTypeAnonTls);
- syswrite($sock, $psec, 1);
-
- append_handshake("done\n");
-}
-
-sub vencrypt_handshake {
-
- my ($vmode, $db) = @_;
-
- print STDERR "\nPPROXY: Doing VeNCrypt Handshake\n";
-
- my $psec = pack("C", $rfbSecTypeVencrypt);
-
- if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
- my $fake = $ENV{SSVNC_TEST_SEC_TYPE};
- print STDERR "PPROXY: sending sec-type: $fake\n";
- $psec = pack("C", $fake);
- }
-
- syswrite($sock, $psec, 1);
-
- my $vmajor;
- my $vminor;
- sysread($sock, $vmajor, 1);
- sysread($sock, $vminor, 1);
-
- vdie if $vmajor eq "" || $vminor eq "";
-
- $vmajor = unpack("C", $vmajor);
- $vminor = unpack("C", $vminor);
- print STDERR "server vencrypt version $vmajor.$vminor\n" if $db;
-
- if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
- print STDERR "PPROXY: continuing on in test mode.\n";
- } else {
- vdie if $vmajor ne 0;
- vdie if $vminor < 2;
- }
-
- $vmajor = pack("C", 0);
- $vminor = pack("C", 2);
- append_handshake("subversion=0.2\n");
-
- syswrite($sock, $vmajor, 1);
- syswrite($sock, $vminor, 1);
-
- my $result;
- sysread($sock, $result, 1);
- print STDERR "result empty\n" if $db && $result eq "";
-
- vdie if $result eq "";
- $result = unpack("C", $result);
- print STDERR "result=$result\n" if $db;
-
- vdie if $result ne 0;
-
- my $nsubtypes;
- sysread($sock, $nsubtypes, 1);
-
- vdie if $nsubtypes eq "";
- $nsubtypes = unpack("C", $nsubtypes);
- print STDERR "nsubtypes=$nsubtypes\n" if $db;
-
- my %subtypes;
-
- for (my $i = 0; $i < $nsubtypes; $i++) {
- my $subtype = "";
- sysread($sock, $subtype, 4);
- vdie if length($subtype) != 4;
-
- # XXX fix 64bit.
- $subtype = unpack("N", $subtype);
- print STDERR "subtype: $subtype\n" if $db;
- $subtypes{$subtype} = 1;
- append_handshake("sst$i=$subtype\n");
- }
-
- my $subtype = 0;
- if (exists $subtypes{$rfbVencryptX509None}) {
- $subtype = $rfbVencryptX509None;
- print STDERR "selected rfbVencryptX509None\n" if $db;
- } elsif (exists $subtypes{$rfbVencryptX509Vnc}) {
- $subtype = $rfbVencryptX509Vnc;
- print STDERR "selected rfbVencryptX509Vnc\n" if $db;
- } elsif (exists $subtypes{$rfbVencryptX509Plain}) {
- $subtype = $rfbVencryptX509Plain;
- print STDERR "selected rfbVencryptX509Plain\n" if $db;
- } elsif (exists $subtypes{$rfbVencryptTlsNone}) {
- $subtype = $rfbVencryptTlsNone;
- print STDERR "selected rfbVencryptTlsNone\n" if $db;
- } elsif (exists $subtypes{$rfbVencryptTlsVnc}) {
- $subtype = $rfbVencryptTlsVnc;
- print STDERR "selected rfbVencryptTlsVnc\n" if $db;
- } elsif (exists $subtypes{$rfbVencryptTlsPlain}) {
- $subtype = $rfbVencryptTlsPlain;
- print STDERR "selected rfbVencryptTlsPlain\n" if $db;
- }
-
- if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
- my $fake = $ENV{SSVNC_TEST_SEC_SUBTYPE};
- print STDERR "PPROXY: sending sec-subtype: $fake\n";
- $subtype = $fake;
- }
-
- append_handshake("subtype=$subtype\n");
-
- my $pst = pack("N", $subtype);
- syswrite($sock, $pst, 4);
-
- if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
- print STDERR "PPROXY: continuing on in test mode.\n";
- } else {
- vdie if $subtype == 0;
- }
-
- my $ok;
- sysread($sock, $ok, 1);
- $ok = unpack("C", $ok);
- print STDERR "ok=$ok\n" if $db;
-
- append_handshake("done\n");
-
- vdie if $ok == 0;
-}
-
-sub vencrypt_dialog {
- my $vmode = shift;
- my $db = 0;
-
- $db = 1 if exists $ENV{SS_DEBUG};
- $db = 1 if exists $ENV{SSVNC_VENCRYPT_DEBUG};
-
- append_handshake("mode=$vmode\n");
-
- my $server_rfb = "";
- #syswrite($sock, $rep, 250);
- for (my $i = 0; $i < 12; $i++) {
- my $c;
- sysread($sock, $c, 1);
- $server_rfb .= $c;
- print STDERR $c;
- }
- print STDERR "server_rfb: $server_rfb\n" if $db;
- append_handshake("server=$server_rfb");
-
- my $minor = "";
- if ($server_rfb =~ /^RFB 003\.(\d+)/) {
- $minor = $1;
- } else {
- vdie;
- }
- my $viewer_rfb = "RFB 003.008\n";
- if ($minor < 7) {
- vdie;
- } elsif ($minor == 7) {
- $viewer_rfb = "RFB 003.007\n";
- }
- my $nsec;
- my $t1 = gettime();
- my $t0 = gettime();
-
- syswrite($sock, $viewer_rfb, 12);
- sysread($sock, $nsec, 1);
-
- $t1 = gettime();
- $t1 = sprintf("%.6f", $t1 - $t0);
-
- append_handshake("viewer=$viewer_rfb");
- append_handshake("latency=$t1\n");
-
- vdie if $nsec eq "";
-
- $nsec = unpack("C", $nsec);
-
- print STDERR "nsec: $nsec\n" if $db;
- vdie if $nsec eq 0 || $nsec > 100;
-
- my %sectypes = ();
-
- for (my $i = 0; $i < $nsec; $i++) {
- my $sec;
- sysread($sock, $sec, 1);
- vdie if $sec eq "";
- $sec = unpack("C", $sec);
- print STDERR "sec: $sec\n" if $db;
- $sectypes{$sec} = 1;
- }
-
- if (exists $sectypes{$rfbSecTypeVencrypt}) {
- print STDERR "found rfbSecTypeVencrypt\n" if $db;
- append_handshake("sectype=$rfbSecTypeVencrypt\n");
- vencrypt_handshake($vmode, $db);
- } elsif (exists $sectypes{$rfbSecTypeAnonTls}) {
- print STDERR "found rfbSecTypeAnonTls\n" if $db;
- append_handshake("sectype=$rfbSecTypeAnonTls\n");
- anontls_handshake($vmode, $db);
- } else {
- print STDERR "No supported sec-type found\n" if $db;
- vdie;
- }
-}
-
-sub append_handshake {
- my $str = shift;
- if ($handshake_file) {
- if (open(HSF, ">>$handshake_file")) {
- print HSF $str;
- close HSF;
- }
- }
-}
-
-sub do_vencrypt_viewer_bridge {
- my ($listen, $connect) = @_;
- print STDERR "\npproxy: starting vencrypt_viewer_bridge[$$]: $listen \-> $connect\n";
- my $db = 0;
- my $backwards = 0;
- if ($listen < 0) {
- $backwards = 1;
- $listen = -$listen;
- }
- if ($handshake_file eq "") {
- die "pproxy: vencrypt_viewer_bridge[$$]: no SSVNC_PREDIGESTED_HANDSHAKE\n";
- }
- my $listen_sock;
- my $maxtry = 12;
- my $sleep = 5;
- for (my $i=0; $i < $maxtry; $i++) {
- $listen_sock = IO::Socket::INET->new(
- Listen => 2,
- ReuseAddr => 1,
- LocalAddr => "127.0.0.1",
- LocalPort => $listen,
- Proto => "tcp"
- );
- if (! $listen_sock) {
- if ($i < $maxtry - 1) {
- warn "pproxy: vencrypt_viewer_bridge[$$]: $!\n";
- warn "Could not listen on port $listen, retrying in $sleep seconds... (Ctrl-C to quit)\n";
- sleep $sleep;
- }
- } else {
- last;
- }
- }
- if (! $listen_sock) {
- die "pproxy: vencrypt_viewer_bridge[$$]: $!\n";
- }
- print STDERR "pproxy: vencrypt_viewer_bridge[$$]: listening on port $listen\n\n";
- my ($viewer_sock, $ip) = $listen_sock->accept();
- my $err = $!;
- close $listen_sock;
- if (! $viewer_sock) {
- die "pproxy: vencrypt_viewer_bridge[$$]: $err\n";
- }
- if ($ENV{PPROXY_LOOP_THYSELF_MASTER}) {
- my $sml = $ENV{SSVNC_MULTIPLE_LISTEN};
- if ($sml ne "" && $sml ne "0") {
- setpgrp(0, 0);
- if (fork()) {
- close $viewer_sock;
- wait;
- exit 0;
- }
- if (fork()) {
- close $viewer_sock;
- exit 0;
- }
- setpgrp(0, 0);
- $parent = $$;
- }
- }
- print STDERR "vencrypt_viewer_bridge[$$]: viewer_sock $viewer_sock\n" if $db;
-
- print STDERR "pproxy: vencrypt_viewer_bridge[$$]: connecting to 127.0.0.1:$connect\n";
- my $server_sock = IO::Socket::INET->new(
- PeerAddr => "127.0.0.1",
- PeerPort => $connect,
- Proto => "tcp"
- );
- print STDERR "vencrypt_viewer_bridge[$$]: server_sock $server_sock\n" if $db;
- if (! $server_sock) {
- my $err = $!;
- die "pproxy: vencrypt_viewer_bridge[$$]: $err\n";
- }
-
- if ($backwards) {
- print STDERR "vencrypt_viewer_bridge[$$]: reversing roles of viewer and server.\n";
- my $t = $viewer_sock;
- $viewer_sock = $server_sock;
- $server_sock = $t;
- }
-
- my %hs = ();
- my $dt = 0.2;
- my $slept = 0.0;
- while ($slept < 20.0) {
- select(undef, undef, undef, $dt);
- $slept += $dt;
- if (-f $handshake_file && open(HSF, "<$handshake_file")) {
- my $done = 0;
- %hs = ();
- my $str = "";
- while (<HSF>) {
- print STDERR "vencrypt_viewer_bridge[$$]: $_" if $ENV{VENCRYPT_VIEWER_BRIDGE_DEBUG};
- $str .= "vencrypt_viewer_bridge[$$]: $_";
- chomp;
- if ($_ eq "done") {
- $done = 1;
- } else {
- my ($k, $v) = split(/=/, $_, 2);
- if ($k ne "" && $v ne "") {
- $hs{$k} = $v;
- }
- }
- }
- close HSF;
- if ($done) {
- print STDERR "\n" . $str;
- last;
- }
- }
- }
- if (! exists $hs{server}) {
- $hs{server} = "RFB 003.008";
- }
- if (! exists $hs{sectype}) {
- unlink($handshake_file);
- die "pproxy: vencrypt_viewer_bridge[$$]: no sectype.\n";
- }
- syswrite($viewer_sock, "$hs{server}\n", length($hs{server}) + 1);
- my $viewer_rfb = "";
- for (my $i = 0; $i < 12; $i++) {
- my $c;
- sysread($viewer_sock, $c, 1);
- $viewer_rfb .= $c;
- print STDERR $c;
- }
- my $viewer_major = 3;
- my $viewer_minor = 8;
- if ($viewer_rfb =~ /RFB (\d+)\.(\d+)/) {
- $viewer_major = $1;
- $viewer_minor = $2;
- }
- my $u0 = pack("C", 0);
- my $u1 = pack("C", 1);
- my $u2 = pack("C", 2);
- if ($hs{sectype} == $rfbSecTypeAnonTls) {
- unlink($handshake_file);
- print STDERR "\npproxy: vencrypt_viewer_bridge[$$]: rfbSecTypeAnonTls\n";
- if ($viewer_major > 3 || $viewer_minor >= 7) {
- ; # setup ok, proceed to xfer.
- } else {
- print STDERR "pproxy: vencrypt_viewer_bridge[$$]: faking RFB version 3.3 to viewer.\n";
- my $n;
- sysread($server_sock, $n, 1);
- $n = unpack("C", $n);
- if ($n == 0) {
- die "pproxy: vencrypt_viewer_bridge[$$]: nsectypes == $n.\n";
- }
- my %types;
- for (my $i = 0; $i < $n; $i++) {
- my $t;
- sysread($server_sock, $t, 1);
- $t = unpack("C", $t);
- $types{$t} = 1;
- }
- my $use = 1; # None
- if (exists $types{1}) {
- $use = 1; # None
- } elsif (exists $types{2}) {
- $use = 2; # VncAuth
- } else {
- die "pproxy: vencrypt_viewer_bridge[$$]: no valid sectypes" . join(",", keys %types) . "\n";
- }
-
- # send 4 bytes sectype to viewer:
- # (note this should be MSB, network byte order...)
- my $up = pack("C", $use);
- syswrite($viewer_sock, $u0, 1);
- syswrite($viewer_sock, $u0, 1);
- syswrite($viewer_sock, $u0, 1);
- syswrite($viewer_sock, $up, 1);
- # and tell server the one we selected:
- syswrite($server_sock, $up, 1);
- if ($use == 1) {
- # even None has security result, so read it here and discard it.
- my $sr = "";
- sysread($server_sock, $sr, 4);
- }
- }
- } elsif ($hs{sectype} == $rfbSecTypeVencrypt) {
- print STDERR "\npproxy: vencrypt_viewer_bridge[$$]: rfbSecTypeVencrypt\n";
- if (! exists $hs{subtype}) {
- unlink($handshake_file);
- die "pproxy: vencrypt_viewer_bridge[$$]: no subtype.\n";
- }
- my $fake_type = "None";
- my $plain = 0;
- my $sub_type = $hs{subtype};
- if ($sub_type == $rfbVencryptTlsNone) {
- $fake_type = "None";
- } elsif ($sub_type == $rfbVencryptTlsVnc) {
- $fake_type = "VncAuth";
- } elsif ($sub_type == $rfbVencryptTlsPlain) {
- $fake_type = "None";
- $plain = 1;
- } elsif ($sub_type == $rfbVencryptX509None) {
- $fake_type = "None";
- } elsif ($sub_type == $rfbVencryptX509Vnc) {
- $fake_type = "VncAuth";
- } elsif ($sub_type == $rfbVencryptX509Plain) {
- $fake_type = "None";
- $plain = 1;
- }
- if ($plain) {
- if (!open(W, ">$handshake_file")) {
- unlink($handshake_file);
- die "pproxy: vencrypt_viewer_bridge[$$]: $handshake_file $!\n";
- }
- print W <<"END";
-
- proc print_out {} {
- global user pass env
-
- if [info exists env(SSVNC_UP_DEBUG)] {
- toplevel .b
- button .b.b -text "user=\$user pass=\$pass" -command {destroy .b}
- pack .b.b
- update
- tkwait window .b
- }
-
- if [info exists env(SSVNC_UP_FILE)] {
- set fh ""
- catch {set fh [open \$env(SSVNC_UP_FILE) w]}
- if {\$fh != ""} {
- puts \$fh user=\$user\\npass=\$pass
- flush \$fh
- close \$fh
- return
- }
- }
- puts stdout user=\$user\\npass=\$pass
- flush stdout
- }
-
- proc center_win {w} {
- update
- set W [winfo screenwidth \$w]
- set W [expr \$W + 1]
- wm geometry \$w +\$W+0
- update
- set x [expr [winfo screenwidth \$w]/2 - [winfo width \$w]/2]
- set y [expr [winfo screenheight \$w]/2 - [winfo height \$w]/2]
-
- wm geometry \$w +\$x+\$y
- wm deiconify \$w
- update
- }
-
- wm withdraw .
-
- global env
- set up {}
- if [info exists env(SSVNC_UNIXPW)] {
- set rm 0
- set up \$env(SSVNC_UNIXPW)
- if [regexp {^rm:} \$up] {
- set rm 1
- regsub {^rm:} \$up {} up
- }
- if [file exists \$up] {
- set fh ""
- set f \$up
- catch {set fh [open \$up r]}
- if {\$fh != ""} {
- gets \$fh u
- gets \$fh p
- close \$fh
- set up "\$u@\$p"
- }
- if {\$rm} {
- catch {file delete \$f}
- }
- }
- } elseif [info exists env(SSVNC_VENCRYPT_USERPASS)] {
- set up \$env(SSVNC_VENCRYPT_USERPASS)
- }
- #puts stderr up=\$up
- if {\$up != ""} {
- if [regexp {@} \$up] {
- global user pass
- set user \$up
- set pass \$up
- regsub {@.*\$} \$user "" user
- regsub {^[^@]*@} \$pass "" pass
- print_out
- exit
- }
- }
-
- wm title . {VeNCrypt Viewer Bridge User/Pass}
-
- set user {}
- set pass {}
-
- label .l -text {SSVNC VeNCrypt Viewer Bridge}
-
- frame .f0
- frame .f0.fL
- label .f0.fL.la -text {Username: }
- label .f0.fL.lb -text {Password: }
-
- pack .f0.fL.la .f0.fL.lb -side top
-
- frame .f0.fR
- entry .f0.fR.ea -width 24 -textvariable user
- entry .f0.fR.eb -width 24 -textvariable pass -show *
-
- pack .f0.fR.ea .f0.fR.eb -side top -fill x
-
- pack .f0.fL -side left
- pack .f0.fR -side right -expand 1 -fill x
-
- button .no -text Cancel -command {destroy .}
- button .ok -text Done -command {print_out; destroy .}
-
- center_win .
- pack .l .f0 .no .ok -side top -fill x
- update
- wm deiconify .
-
- bind .f0.fR.ea <Return> {focus .f0.fR.eb}
- bind .f0.fR.eb <Return> {print_out; destroy .}
- focus .f0.fR.ea
-
- wm resizable . 1 0
- wm minsize . [winfo reqwidth .] [winfo reqheight .]
-END
- close W;
-
- #system("cat $handshake_file");
- my $w = "wish";
- if ($ENV{WISH}) {
- $w = $ENV{WISH};
- }
- print STDERR "pproxy: vencrypt_viewer_bridge[$$]: prompt VencryptPlain user and passwd.\n";
- my $res = "";
- if (`uname` =~ /Darwin/) {
- my $mtmp = `mktemp /tmp/hsup.XXXXXX`;
- chomp $mtmp;
- system("env SSVNC_UP_FILE=$mtmp $w $handshake_file");
- $res = `cat $mtmp`;
- unlink $mtmp;
- } else {
- $res = `$w $handshake_file`;
- }
- my $user = "";
- my $pass = "";
- if ($res =~ /user=(\S*)/) {
- $user = $1;
- }
- if ($res =~ /pass=(\S*)/) {
- $pass = $1;
- }
- print STDERR "pproxy: vencrypt_viewer_bridge[$$]: sending VencryptPlain user and passwd.\n";
- my $ulen = pack("C", length($user));
- my $plen = pack("C", length($pass));
- # (note this should be MSB, network byte order...)
- syswrite($server_sock, $u0, 1);
- syswrite($server_sock, $u0, 1);
- syswrite($server_sock, $u0, 1);
- syswrite($server_sock, $ulen, 1);
- syswrite($server_sock, $u0, 1);
- syswrite($server_sock, $u0, 1);
- syswrite($server_sock, $u0, 1);
- syswrite($server_sock, $plen, 1);
- syswrite($server_sock, $user, length($user));
- syswrite($server_sock, $pass, length($pass));
- }
- unlink($handshake_file);
-
- my $ft = 0;
- if ($fake_type eq "None") {
- $ft = 1;
- } elsif ($fake_type eq "VncAuth") {
- $ft = 2;
- } else {
- die "pproxy: vencrypt_viewer_bridge[$$]: unknown fake type: $fake_type\n";
- }
- my $fp = pack("C", $ft);
- if ($viewer_major > 3 || $viewer_minor >= 7) {
- syswrite($viewer_sock, $u1, 1);
- syswrite($viewer_sock, $fp, 1);
- my $cr;
- sysread($viewer_sock, $cr, 1);
- $cr = unpack("C", $cr);
- if ($cr != $ft) {
- die "pproxy: vencrypt_viewer_bridge[$$]: client selected wrong type: $cr / $ft\n";
- }
- } else {
- print STDERR "pproxy: vencrypt_viewer_bridge[$$]: faking RFB version 3.3 to viewer.\n";
- # send 4 bytes sect type to viewer:
- # (note this should be MSB, network byte order...)
- syswrite($viewer_sock, $u0, 1);
- syswrite($viewer_sock, $u0, 1);
- syswrite($viewer_sock, $u0, 1);
- syswrite($viewer_sock, $fp, 1);
- if ($ft == 1) {
- # even None has security result, so read it here and discard it.
- my $sr = "";
- sysread($server_sock, $sr, 4);
- }
- }
- }
-
- $listen_handle = $viewer_sock;
- $sock = $server_sock;
-
- xfer_both();
-}
-'
- # '
- # xpg_echo will expand \n \r, etc.
- # try to unset and then test for it.
- if type shopt > /dev/null 2>&1; then
- shopt -u xpg_echo >/dev/null 2>&1
- fi
- v='print STDOUT "abc\n";'
- echo "$v" > $tf
- chmod 700 $tf
-
- lc=`wc -l $tf | awk '{print $1}'`
- if [ "X$lc" = "X1" ]; then
- echo "$cod" > $tf
- else
- printf "%s" "$cod" > $tf
- echo "" >> $tf
- fi
- # prime perl
- perl -e 'use IO::Socket::INET; select(undef, undef, undef, 0.01)' >/dev/null 2>&1
-}
-
-# make_tcert is no longer invoked via the ssvnc gui (Listen mode).
-# make_tcert is for testing only now via -mycert BUILTIN
-make_tcert() {
- tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$"
- tcert=`mytmp "$tcert"`
- cat > $tcert <<END
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
-+zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
-OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
-jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
-qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
-S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
-CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
-6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
-MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
-PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
-Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
-rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
-yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
-1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
-eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
-uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
-RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
-GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
-3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
-vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
-SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
-3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
-zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
-YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
-/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
-VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
-A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
-MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
-bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
-CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
-b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
-ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
-CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
-Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
-6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
-QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
-jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
-YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
-vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
-ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
-2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
-CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
-wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
-dMw1yW09l+eEo4A7GzwOdw==
------END CERTIFICATE-----
-END
- chmod 600 $tcert
- echo "$tcert"
-}
-
-Kecho() {
- NO_KECHO=1
- if [ "X$USER" = "Xrunge" -a "X$NO_KECHO" = "X" ]; then
- echo "dbg: $*"
- fi
-}
-
-NHAFL_warning() {
- echo ""
- echo "** Warning: For the proxy: $proxy"
- echo "** Warning: the ssh(1) option: $ssh_NHAFL"
- echo "** Warning: will be used to avoid frequent 'ssh key has changed for localhost'"
- echo "** Warning: dialogs and connection failures (for example, ssh will exit asking"
- echo "** Warning: you to manually remove a key from ~/.ssh/known_hosts.)"
- echo "** Warning: "
- echo "** Warning: This decreases security: a Man-In-The-Middle attack is possible."
- echo "** Warning: For chained ssh connections the first ssh leg is secure but the"
- echo "** Warning: 2nd ssh leg is vulnerable. For an ssh connection going through"
- echo "** Warning: a HTTP or SOCKS proxy the ssh connection is vulnerable."
- echo "** Warning: "
- echo "** Warning: You can set the SSVNC_SSH_LOCALHOST_AUTH=1 env. var. to disable"
- echo "** Warning: using the NoHostAuthenticationForLocalhost=yes ssh option."
- echo "** Warning: "
- echo "** Warning: A better solution is to configure (in the SSVNC GUI) the setting:"
- echo "** Warning: 'Options -> Advanced -> Private SSH KnownHosts file' (or set"
- echo "** Warning: SSVNC_KNOWN_HOSTS_FILE directly) to a per-connection known hosts"
- echo "** Warning: file. That file holds the 'localhost' cert for this specific"
- echo "** Warning: connection. This yields a both secure and convenient solution."
- echo ""
-}
-
-space_expand() {
- str=`echo "$1" | sed -e 's/%SPACE/ /g' -e 's/%TAB/\t/g'`
- echo "$str"
-}
-
-# handle ssh case:
-#
-if [ "X$use_ssh" = "X1" ]; then
- #
- # USING SSH
- #
- ssh_port="22"
- ssh_host="$host"
- vnc_host="$localhost"
- ssh_UKHF=""
- localhost_extra=""
- # let user override ssh via $SSH
- ssh=${SSH:-"ssh -x"}
-
- sshword=`echo "$ssh" | awk '{print $1}'`
- if [ "X$sshword" != "X" ]; then
- if [ -x "$sshword" ]; then
- :
- elif type "$sshword" > /dev/null 2>&1; then
- :
- else
- echo ""
- echo "*********************************************************"
- echo "** Problem finding the SSH command '$sshword': **"
- echo ""
- type "$sshword"
- echo ""
- echo "** Perhaps you need to install the SSH client package. **"
- echo "*********************************************************"
- echo ""
- sleep 5
- fi
- fi
-
- ssh_NHAFL="-o NoHostAuthenticationForLocalhost=yes"
- if [ "X$SSVNC_SSH_LOCALHOST_AUTH" = "X1" ]; then
- ssh_NHAFL=""
- fi
- if [ "X$SSVNC_KNOWN_HOSTS_FILE" != "X" ]; then
- ssh_NHAFL=""
-
- ssh_UKHF="-o UserKnownHostsFile=$SSVNC_KNOWN_HOSTS_FILE"
- ssh_args="$ssh_args $ssh_UKHF"
- if [ ! -f "$SSVNC_KNOWN_HOSTS_FILE" ]; then
- touch "$SSVNC_KNOWN_HOSTS_FILE" >/dev/null 2>&1
- fi
- chmod 600 "$SSVNC_KNOWN_HOSTS_FILE" >/dev/null 2>&1
- fi
- did_ssh_NHAFL=""
-
- if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
- SSVNC_LIM_ACCEPT_PRELOAD="$SSVNC_BASEDIR/$SSVNC_UNAME/$SSVNC_LIM_ACCEPT_PRELOAD"
- fi
- if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
- echo ""
- echo "SSVNC_LIM_ACCEPT_PRELOAD=$SSVNC_LIM_ACCEPT_PRELOAD"
- fi
-
- if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" -a -f "$SSVNC_LIM_ACCEPT_PRELOAD" ]; then
- plvar=LD_PRELOAD
- if uname | grep Darwin >/dev/null; then
- plvar="DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES"
- fi
- ssh="env $plvar=$SSVNC_LIM_ACCEPT_PRELOAD $ssh"
- else
- SSVNC_LIM_ACCEPT_PRELOAD=""
- fi
-
- ssh_vencrypt_proxy=""
- # We handle vencrypt for SSH+SSL mode.
- if echo "$proxy" | grep 'vencrypt://' > /dev/null; then
- proxynew=""
- for part in `echo "$proxy" | tr ',' ' '`
- do
- if echo "$part" | egrep -i '^vencrypt://' > /dev/null; then
- ssh_vencrypt_proxy=$part
- else
- if [ "X$proxynew" = "X" ]; then
- proxynew="$part"
- else
- proxynew="$proxynew,$part"
- fi
- fi
- done
- proxy=$proxynew
- fi
- Kecho ssh_vencrypt_proxy=$ssh_vencrypt_proxy
-
- # note that user must supply http:// for web proxy in SSH and SSH+SSL.
- # No xxxx:// implies ssh server+port.
- #
- if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
- # Handle Web or SOCKS proxy(ies) for the initial connect.
- Kecho host=$host
- Kecho port=$port
- pproxy=""
- sproxy1=""
- sproxy_rest=""
- for part in `echo "$proxy" | tr ',' ' '`
- do
- Kecho proxy_part=$part
- if [ "X$part" = "X" ]; then
- continue
- elif echo "$part" | egrep -i '^(http|https|socks|socks4|socks5)://' > /dev/null; then
- pproxy="$pproxy,$part"
- else
- if [ "X$sproxy1" = "X" ]; then
- sproxy1="$part"
- else
- sproxy_rest="$sproxy_rest,$part"
- fi
- fi
- done
- pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
- sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
-
- Kecho pproxy=$pproxy
- Kecho sproxy1=$sproxy1
- Kecho sproxy_rest=$sproxy_rest
-
- sproxy1_host=""
- sproxy1_port=""
- sproxy1_user=""
-
- if [ "X$sproxy1" != "X" ]; then
- sproxy1_host=`echo "$sproxy1" | awk -F: '{print $1}'`
- sproxy1_user=`echo "$sproxy1_host" | awk -F@ '{print $1}'`
- sproxy1_host=`echo "$sproxy1_host" | awk -F@ '{print $2}'`
- if [ "X$sproxy1_host" = "X" ]; then
- sproxy1_host=$sproxy1_user
- sproxy1_user=""
- else
- sproxy1_user="${sproxy1_user}@"
- fi
- sproxy1_port=`echo "$sproxy1" | awk -F: '{print $2}'`
- if [ "X$sproxy1_port" = "X" ]; then
- sproxy1_port="22"
- fi
- else
- sproxy1_host=`echo "$host" | awk -F: '{print $1}'`
- sproxy1_user=`echo "$sproxy1_host" | awk -F@ '{print $1}'`
- sproxy1_host=`echo "$sproxy1_host" | awk -F@ '{print $2}'`
- if [ "X$sproxy1_host" = "X" ]; then
- sproxy1_host=$sproxy1_user
- sproxy1_user=""
- else
- sproxy1_user="${sproxy1_user}@"
- fi
- sproxy1_port=`echo "$host" | awk -F: '{print $2}'`
- if [ "X$sproxy1_port" = "X" ]; then
- sproxy1_port="22"
- fi
- fi
-
- Kecho sproxy1_host=$sproxy1_host
- Kecho sproxy1_port=$sproxy1_port
- Kecho sproxy1_user=$sproxy1_user
-
- ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
- ptmp=`mytmp "$ptmp"`
- PPROXY_REMOVE=1; export PPROXY_REMOVE
- proxy=$pproxy
- port_save=$port
- host_save=$host
- if [ "X$sproxy1_host" != "X" ]; then
- host=$sproxy1_host
- fi
- if [ "X$sproxy1_port" != "X" ]; then
- port=$sproxy1_port
- fi
- host=`echo "$host" | sed -e 's/^.*@//'`
- port=`echo "$port" | sed -e 's/^.*://'`
- pcode "$ptmp"
- port=$port_save
- host=$host_save
-
- nd=`findfree 6600`
- PPROXY_LISTEN=$nd; export PPROXY_LISTEN
- # XXX no reverse forever PPROXY_LOOP_THYSELF ...
- $ptmp &
- sleep 1
- if [ "X$ssh_NHAFL" != "X" -a "X$did_ssh_NHAFL" != "X1" ]; then
- NHAFL_warning
- ssh_args="$ssh_args $ssh_NHAFL"
- did_ssh_NHAFL=1
- fi
- sleep 1
- if [ "X$sproxy1" = "X" ]; then
- u=""
- if echo "$host" | grep '@' > /dev/null; then
- u=`echo "$host" | sed -e 's/@.*$/@/'`
- fi
-
- proxy="${u}$localhost:$nd"
- else
- proxy="${sproxy1_user}$localhost:$nd"
- fi
- localhost_extra=".2"
- if [ "X$sproxy_rest" != "X" ]; then
- proxy="$proxy,$sproxy_rest"
- fi
- Kecho proxy=$proxy
- fi
-
- if echo "$proxy" | grep "," > /dev/null; then
-
- proxy1=`echo "$proxy" | awk -F, '{print $1}'`
- proxy2=`echo "$proxy" | awk -F, '{print $2}'`
-
- # user1@gw1.com:port1,user2@ws2:port2
- ssh_host1=`echo "$proxy1" | awk -F: '{print $1}'`
- ssh_port1=`echo "$proxy1" | awk -F: '{print $2}'`
- if [ "X$ssh_port1" != "X" ]; then
- ssh_port1="-p $ssh_port1"
- fi
- ssh_host2=`echo "$proxy2" | awk -F: '{print $1}'`
- ssh_user2=`echo "$ssh_host2" | awk -F@ '{print $1}'`
- ssh_host2=`echo "$ssh_host2" | awk -F@ '{print $2}'`
- if [ "X$ssh_host2" = "X" ]; then
- ssh_host2=$ssh_user2
- ssh_user2=""
- else
- ssh_user2="${ssh_user2}@"
- fi
- ssh_port2=`echo "$proxy2" | awk -F: '{print $2}'`
- if [ "X$ssh_port2" = "X" ]; then
- ssh_port2="22"
- fi
- proxport=`findfree 3500`
- if [ "X$ssh_NHAFL" != "X" -a "X$did_ssh_NHAFL" != "X1" ]; then
- NHAFL_warning
- did_ssh_NHAFL=1
- sleep 1
- fi
- echo
- echo "Running 1st ssh proxy:"
- ukhf=""
- if [ "X$ssh_UKHF" != "X" ]; then
- ukhf="$ssh_UKHF$localhost_extra"
- fi
- if echo "$ssh_host1" | grep '%' > /dev/null; then
- uath=`space_expand "$ssh_host1"`
- else
- uath="$ssh_host1"
- fi
- echo "$ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 \"$uath\" \"sleep 30\""
- echo ""
- $ssh -f -x $ssh_port1 $targ -e none $ssh_NHAFL $ukhf -L $proxport:$ssh_host2:$ssh_port2 "$uath" "sleep 30"
- ssh_args="$ssh_args $ssh_NHAFL"
- sleep 1
- stty sane
- proxy="${ssh_user2}$localhost:$proxport"
- fi
-
- if [ "X$proxy" != "X" ]; then
- ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
- if [ "X$ssh_port" = "X" ]; then
- ssh_port="22"
- fi
- ssh_host=`echo "$proxy" | awk -F: '{print $1}'`
- vnc_host="$host"
- fi
-
- echo ""
- echo "Running ssh:"
- sz=`echo "$ssh_cmd" | wc -c`
- if [ "$sz" -gt 300 ]; then
- info="..."
- else
- info="$ssh_cmd"
- fi
-
- C=""
- if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
- C="-C"
- fi
-
- getport=""
- teeport=""
- if echo "$ssh_cmd" | egrep "(PORT=|P=) " > /dev/null; then
- getport=1
- if echo "$ssh_cmd" | egrep "P= " > /dev/null; then
- teeport=1
- fi
-
- PORT=""
- ssh_cmd=`echo "$ssh_cmd" | sed -e 's/PORT=[ ]*//' -e 's/P=//'`
- SSVNC_NO_ENC_WARN=1
- if [ "X$use_sshssl" = "X" ]; then
- direct_connect=1
- fi
- fi
- if [ "X$getport" != "X" ]; then
- ssh_redir="-D ${use}"
- elif [ "X$reverse" = "X" ]; then
- ssh_redir="-L ${use}:${vnc_host}:${port}"
- else
- ssh_redir="-R ${port}:${vnc_host}:${use}"
- fi
- pmark=`sh -c 'echo $$'`
-
- # the -t option actually speeds up typing response via VNC!!
- if [ "X$ssh_port" = "X22" ]; then
- ssh_port=""
- else
- ssh_port="-p $ssh_port"
- fi
-
- if echo "$ssh_host" | grep '%' > /dev/null; then
- uath=`space_expand "$ssh_host"`
- else
- uath="$ssh_host"
- fi
- if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
- echo "$ssh -x $ssh_port $targ $C $ssh_args \"$uath\" \"$info\""
- echo ""
- $ssh -x $ssh_port $targ $C $ssh_args "$uath" "$ssh_cmd"
- exit $?
-
- elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
- echo "$ssh -x $ssh_port $targ $C $ssh_redir $ssh_args \"$uath\" \"$info\""
- echo ""
- $ssh -x $ssh_port $targ $C $ssh_redir $ssh_args "$uath" "$ssh_cmd"
- rc=$?
-
- elif [ "X$getport" != "X" ]; then
- tport=/tmp/ss_vncviewer_tport${RANDOM}.$$
- tport=`mytmp "$tport"`
- tport2=/tmp/ss_vncviewer_tport2${RANDOM}.$$
- tport2=`mytmp "$tport2"`
-
- if [ "X$rsh" != "X1" ]; then
- if echo "$ssh_cmd" | grep "sudo " > /dev/null; then
- echo ""
- echo "Initial ssh with 'sudo id' to prime sudo so hopefully the next one"
- echo "will require no password..."
- echo ""
- targ="-t"
- $ssh -x $ssh_port $targ $ssh_args "$uath" "sudo id; tty"
- echo ""
- fi
- echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args \"$uath\" \"$info\""
- echo ""
- $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args "$uath" "$ssh_cmd" > $tport 2> $tport2
- if [ "X$teeport" = "X1" ]; then
- tail -f $tport 1>&2 &
- tail_pid=$!
- tail -f $tport2 1>&2 &
- tail_pid2=$!
- fi
- rc=$?
- else
- rsh_setup
- echo "rsh $ul \"$ssh_host\" \"$ssh_cmd\""
- echo ""
- rsh $ul "$ssh_host" "$ssh_cmd" > $tport &
- sleep 1
- rc=0
- fi
-
- if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
- echo "sleep $SSVNC_EXTRA_SLEEP"
- sleep $SSVNC_EXTRA_SLEEP
- fi
-
- stty sane
- i=0
- if type perl > /dev/null 2>&1; then
- imax=50
- sleepit="perl -e 'select(undef, undef, undef, 0.20)'"
- else
- imax=10
- sleepit="sleep 1"
- fi
- while [ $i -lt $imax ]; do
- #echo $sleepit
- eval $sleepit
- PORT=`grep "^PORT=" $tport | tr '\r' ' ' | head -n 1 | sed -e 's/PORT=//' -e 's/\r//g' -e 's/ *$//'`
- if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
- break
- fi
- vnss=`sed -e 's/\r//g' $tport $tport2 | egrep -i '^(New.* desktop is|A VNC server is already running).*:[0-9[0-9]*$' | head -n 1 | awk '{print $NF}'`
- if [ "X$vnss" != "X" ]; then
- PORT=`echo "$vnss" | awk -F: '{print $2}'`
- if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
- if [ $PORT -lt 100 ]; then
- PORT=`expr $PORT + 5900`
- fi
- fi
- if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
- vnss=`sed -e 's/\r//g' $tport | egrep -i '^(New.* desktop is|A VNC server is already running).*:[0-9[0-9]*$' | head -n 1`
- echo "vncserver string: $vnss" 1>&2
- break
- fi
- fi
- i=`expr $i + 1`
- done
-
- echo "found: PORT='$PORT'" 1>&2
- lh6=""
- if [ "X$SSVNC_PORT_IPV6" != "X" ]; then
- lh6=1
- elif egrep 'Info: listening on IPv6 only|Info: listening only on IPv6' $tport > /dev/null; then
- lh6=1
- fi
- if [ "X$lh6" = "X1" ]; then
- echo "set SOCKS5 localhost to ::1" 1>&2
- fi
- rm -f $tport $tport2
- if [ "X$rsh" = "X1" ]; then
- rsh_viewer "$@"
- exit $?
- fi
- PPROXY_SOCKS=5
- if [ "X$SSVNC_SOCKS5" != "X" ]; then
- PPROXY_SOCKS=5
- elif [ "X$SSVNC_SOCKS4" != "X" ]; then
- PPROXY_SOCKS=1
- fi
- export PPROXY_SOCKS
- if [ "X$lh6" = "X" ]; then
- host="$localhost"
- else
- host="::1"
- fi
- port="$PORT"
- proxy="$localhost:$use"
-
- else
- if [ "X$rsh" != "X1" ]; then
- echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args \"$uath\" \"$info\""
- echo ""
- $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args "$uath" "$ssh_cmd"
- rc=$?
- else
- rsh_setup
- echo "rsh $ul \"$ssh_host\" \"$ssh_cmd\""
- echo ""
- rsh $ul "$ssh_host" "$ssh_cmd" &
- sleep 1
- PORT=$port
- rsh_viewer "$@"
- exit $?
- fi
- fi
-
- if [ "$rc" != "0" ]; then
- echo ""
- echo "ssh to \"$uath\" failed."
- exit 1
- fi
- stty sane
-
- c=0
- pssh=""
- while [ $c -lt 40 ]
- do
- p=`expr $pmark + $c`
- pout=`ps -p "$p" 2>/dev/null | grep -v '^[ ]*PID' | sed -e 's/-L.*$//' -e 's/-x .*$//'`
- if echo "$pout" | grep "ssh" > /dev/null; then
- if echo "$pout" | egrep -i 'ssh.*(-add|-agent|-ask|-keygen|-argv0|vnc)' >/dev/null; then
- :
- elif echo "$pout" | egrep -i 'scp|sshd' >/dev/null; then
- :
- else
- pssh=$p
- break
- fi
- fi
- c=`expr $c + 1`
- done
- if [ "X$getport" != "X" ]; then
- :
- elif [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ] ; then
- sleep 2
- elif [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
- #echo T sleep 1
- sleep 1
- elif echo "$ssh_cmd" | grep '^sleep ' >/dev/null; then
- #echo T sleep 2
- sleep 2
- else
- # let any command get started a bit.
- #echo T sleep 5
- sleep 5
- fi
- echo ""
- #reset
- stty sane
- if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
- echo "sleep $SSVNC_EXTRA_SLEEP"
- sleep $SSVNC_EXTRA_SLEEP
- fi
- echo "ssh_pid='$pssh'"; echo
- if [ "X$use_sshssl" = "X" -a "X$getport" = "X" ]; then
- echo "Running viewer:"
-
- trap "final" 0 2 15
- if [ "X$reverse" = "X" ]; then
- echo "$VNCVIEWERCMD" "$@" $localhost:$N
- echo ""
- $VNCVIEWERCMD "$@" $localhost:$N
- if [ $? != 0 ]; then
- echo "vncviewer command failed: $?"
- if [ "X$secondtry" = "X1" ]; then
- sleep 2
- $VNCVIEWERCMD "$@" $localhost:$N
- fi
- fi
- else
- echo ""
- echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
- echo ""
- N2=$N
- if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
- N2=`echo "$N2" | sed -e 's/://g'`
- if [ $N2 -le 200 ]; then
- N2=`expr $N2 + 5500`
- fi
- fi
- echo "$VNCVIEWERCMD" "$@" -listen $N2
- echo ""
- $VNCVIEWERCMD "$@" -listen $N2
- fi
-
- exit $?
- else
- use2=`findfree 5960`
- host0=$host
- port0=$port
- host=$localhost
- port=$use
- use=$use2
- N=`expr $use - 5900`
- if [ "X$getport" != "X" ]; then
- host="$host0"
- port="$port0"
- else
- proxy=""
- fi
- if [ "X$ssh_vencrypt_proxy" != "X" ]; then
- ssh_vencrypt_proxy="vencrypt://$host:$port"
- if [ "X$proxy" = "X" ]; then
- proxy=$ssh_vencrypt_proxy
- else
- proxy="$proxy,$ssh_vencrypt_proxy"
- fi
- Kecho "proxy_now=$proxy"
- unset PPROXY_LISTEN
- fi
- fi
-fi
-
-if [ "X$stunnel_set_here" = "X1" -a "X$showcert" = "X" ]; then
- if type $STUNNEL > /dev/null 2>&1; then
- :
- else
- echo ""
- echo "***************************************************************"
- echo "** Problem finding the Stunnel command '$STUNNEL': **"
- echo ""
- type $STUNNEL
- echo ""
- echo "** Perhaps you need to install the stunnel/stunnel4 package. **"
- echo "***************************************************************"
- echo ""
- sleep 5
- fi
-fi
-
-# create the stunnel config file:
-if [ "X$verify" != "X" ]; then
- if [ -d $verify ]; then
- verify="CApath = $verify"
- else
- verify="CAfile = $verify"
- fi
- verify="$verify
-verify = 2"
-fi
-if [ "X$SSVNC_STUNNEL_VERIFY3" != "X" ]; then
- verify=`echo "$verify" | sed -e 's/verify = 2/verify = 3/'`
-fi
-if [ "X$mycert" != "X" ]; then
- cert="cert = $mycert"
-fi
-if [ "X$crl" != "X" ]; then
- if [ -d $crl ]; then
- crl="CRLpath = $crl"
- else
- crl="CRLfile = $crl"
- fi
-fi
-
-if [ "X$showcert" = "X1" ]; then
- if [ "X$have_uvnc_dsm_helper_showcert" = "X1" ]; then
- :
- elif [ "X$SSVNC_NO_IPV6_PROXY" != "X" ]; then
- :
- elif [ "X$ipv6" = "X1" -a "X$proxy" = "X" ]; then
- proxy="ipv6://$host:$port"
- fi
-fi
-
-if [ "X$direct_connect" != "X" -a "X$STUNNEL_LISTEN" != "X" ]; then
- proxy=reverse_direct
-fi
-
-ptmp=""
-if [ "X$proxy" != "X" ]; then
- ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
- ptmp=`mytmp "$ptmp"`
- PPROXY_REMOVE=1; export PPROXY_REMOVE
- pcode "$ptmp"
- if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
- if uname | egrep 'Darwin|SunOS' >/dev/null; then
- vout=`echo "$proxy" | grep -i vencrypt`
- if [ "X$vout" != "X" -a "X$reverse" = "X1" ]; then
- # need to exec for reverse vencrypt
- connect="exec = $ptmp"
- else
- # on mac and solaris we need to listen on socket instead of stdio:
- nd=`findfree 6700`
- PPROXY_LISTEN=$nd
- export PPROXY_LISTEN
- if [ "X$reverse" = "X" ]; then
- $ptmp &
- fi
- sleep 2
- host="$localhost"
- port="$nd"
- connect="connect = $localhost:$nd"
- fi
- else
- # otherwise on unix we can exec it:
- connect="exec = $ptmp"
- fi
- else
- connect="exec = $ptmp"
- fi
-else
- connect="connect = $host:$port"
-fi
-
-# handle showcert case:
-#
-if [ "X$showcert" = "X1" ]; then
- if [ "X$proxy" != "X" ]; then
- PPROXY_LISTEN=$use
- export PPROXY_LISTEN
- if [ "X$SS_DEBUG" != "X" ]; then
- $ptmp &
- else
- $ptmp 2>/dev/null &
- fi
- sleep 1
- more_sleep=1
- if uname | grep Linux > /dev/null; then
- if netstat -ant | grep LISTEN | grep "127.0.0.1:$use" > /dev/null; then
- more_sleep=""
- fi
- elif uname | grep SunOS > /dev/null; then
- if netstat -an -f inet -P tcp | grep LISTEN | grep "127.0.0.1.$use" > /dev/null; then
- more_sleep=""
- fi
- elif uname | egrep -i 'bsd|darwin' > /dev/null; then
- if netstat -ant -f inet | grep LISTEN | grep "127.0.0.1.$use" > /dev/null; then
- more_sleep=""
- fi
- fi
- if [ "X$more_sleep" = "X1" ]; then
- sleep 1
- fi
- host="$localhost"
- port="$use"
- fi
- cipher_args=""
- if [ "X$ciphers" != "X" ]; then
- cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
- fi
- if [ "X$have_uvnc_dsm_helper_showcert" = "X1" ]; then
- :
- elif type openssl > /dev/null 2>&1; then
- :
- else
- echo ""
- echo "********************************************************"
- echo "** Problem finding the OpenSSL command 'openssl': **"
- echo ""
- type openssl 2>&1
- echo ""
- echo "** Perhaps you need to install the 'openssl' package. **"
- echo "********************************************************"
- echo ""
- fi
- #echo "openssl s_client $cipher_args -connect $host:$port"
- if [ "X$reverse" = "X" ]; then
- if type host > /dev/null 2>/dev/null; then
- host $host >/dev/null 2>&1
- host $host >/dev/null 2>&1
- fi
- timeout=15
- if [ "X$SSVNC_FETCH_TIMEOUT" != "X" ]; then
- timeout=$SSVNC_FETCH_TIMEOUT
- fi
- if [ "X$have_uvnc_dsm_helper_showcert" = "X1" ]; then
- if type pkill >/dev/null 2>&1; then
- (sleep $timeout; if kill -0 $$; then pkill -TERM -f "ultravnc_dsm_helper.*$host.*$port"; fi) >/dev/null 2>&1 &
- fi
- ultravnc_dsm_helper showcert $host:$port 2>&1
- else
- if type pkill >/dev/null 2>&1; then
- (sleep $timeout; if kill -0 $$; then pkill -TERM -f "openssl.*s_client.*$host.*$port"; fi) >/dev/null 2>&1 &
- fi
- openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
- fi
- rc=$?
- else
- tcert=""
- if [ "X$mycert" = "X" ]; then
- tcert=`make_tcert`
- cert_args="-cert $tcert -CAfile $tcert"
- else
- cert_args="-cert $mycert -CAfile $mycert"
- fi
- tmp_out=/tmp/showcert_out${RANDOM}.$$
- tmp_out=`mytmp "$tmp_out"`
- tmp_err=/tmp/showcert_err${RANDOM}.$$
- tmp_err=`mytmp "$tmp_err"`
-
- #echo "openssl s_server $cipher_args $cert_args -accept $port -verify 2 > $tmp_out 2> $tmp_err" 1>&2
-
- # assume we have perl:
- check_perl perl
-
- perl -e "
- \$p = open(O, \"|openssl s_server $cipher_args $cert_args -accept $port -verify 2 1>$tmp_out 2> $tmp_err\");
- exit 1 unless \$p;
- while (1) {
- sleep 1;
- if (!open(F, \"<$tmp_out\")) {
- kill \$p;
- exit 1;
- }
- while (<F>) {
- if (/RFB 00/) {
- fsleep(0.25);
- print O \"RFB 000.000\\n\";
- fsleep(1.00);
- kill \$p;
- fsleep(0.25);
- exit 0;
- }
- }
- close F;
- }
- sub fsleep {
- select(undef, undef, undef, shift);
- }
- ";
-
- echo ""
- cat $tmp_out
- echo ""
- echo "----2----"
- cat $tmp_err
- if grep BEGIN.CERTIFICATE $tmp_out >/dev/null; then
- rc=0
- else
- rc=1
- fi
-
- rm -f $tmp_out $tmp_err
- fi
- if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
- rm -f $SSVNC_PREDIGESTED_HANDSHAKE
- fi
- if [ "X$SSVNC_SHOWCERT_EXIT_0" = "X1" ]; then
- exit 0
- else
- exit $rc
- fi
-fi
-
-# handle direct connect case:
-#
-if [ "X$direct_connect" != "X" ]; then
- if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
- SSVNC_NO_ENC_WARN=1
- echo ""
- echo "Using UltraVNC DSM Plugin key for encryption:"
- echo ""
- ustr=`echo "$SSVNC_ULTRA_DSM" | sed -e 's/pw=[^ ]*/pw=******/g'`
- echo " $ustr PORT HOST:PORT"
- echo ""
- elif [ "X$getport" = "X" ]; then
- echo ""
- echo "Running viewer for direct connection:"
- if echo X"$@" | grep chatonly > /dev/null; then
- :
- else
- echo ""
- echo "** WARNING: THERE WILL BE NO SSL OR SSH ENCRYPTION **"
- echo ""
- fi
- fi
- x=""
- if [ "X$SSVNC_NO_ENC_WARN" != "X" ]; then
- if [ "X$getport" = "X" ]; then
- sleep 1
- fi
- elif type printf > /dev/null 2>&1; then
- printf "Are you sure you want to continue? [y]/n "
- read x
- else
- echo -n "Are you sure you want to continue? [y]/n "
- read x
- fi
- if [ "X$x" = "Xn" ]; then
- exit 1
- fi
- echo ""
- if [ "X$ptmp" != "X" ]; then
- if [ "X$reverse" = "X" ]; then
- PPROXY_LISTEN=$use
- export PPROXY_LISTEN
- else
- if [ "X$proxy" = "Xreverse_direct" ]; then
- PPROXY_LISTEN="$STUNNEL_LISTEN:`expr 5500 + $disp`"
- PPROXY_DEST="$localhost:$use"
- PPROXY_PROXY="ipv6://$localhost:$use" # not always ipv6..
- export PPROXY_LISTEN PPROXY_DEST PPROXY_PROXY
- pps=1
- else
- PPROXY_REVERSE="$localhost:$use"
- export PPROXY_LISTEN
- pps=3
- fi
- if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
- PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself.${RANDOM}.$$"`
- export PPROXY_LOOP_THYSELF
- pps=2
- fi
- if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
- pps=`expr $pps + $SSVNC_EXTRA_SLEEP`
- fi
- PPROXY_SLEEP=$pps; export PPROXY_SLEEP;
- PPROXY_KILLPID=+1; export PPROXY_KILLPID;
- fi
-
- $ptmp &
-
- if [ "X$reverse" = "X" ]; then
- #sleep 2
- #echo T sleep 1
- sleep 1
- fi
- host="$localhost"
- disp="$N"
- port=`expr $disp + 5900`
- fi
- if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
- echo "T sleep $SSVNC_EXTRA_SLEEP"
- sleep $SSVNC_EXTRA_SLEEP
- fi
- if [ "X$reverse" = "X" ]; then
- hostdisp="$host:$disp"
- if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
- if [ "X$SSVNC_USE_OURS" = "X1" ]; then
- hostdisp="exec=$SSVNC_ULTRA_DSM 0 $host:$port"
- else
- pf=`findfree 5970`
- cmd="$SSVNC_ULTRA_DSM -$pf $host:$port"
- pf=`expr $pf - 5900`
- hostdisp="$localhost:$pf"
- ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
- echo "Running:"
- echo
- echo "$ustr &"
- echo
- $cmd &
- dsm_pid=$!
- sleep 2
- fi
- fi
- hostdisp2=`echo "$hostdisp" | sed -e 's/pw=[^ ]*/pw=******/g'`
- echo "$VNCVIEWERCMD" "$@" "$hostdisp2"
- trap "final" 0 2 15
- echo ""
- $VNCVIEWERCMD "$@" "$hostdisp"
- if [ $? != 0 ]; then
- echo "vncviewer command failed: $?"
- if [ "X$secondtry" = "X1" ]; then
- sleep 2
- $VNCVIEWERCMD "$@" "$hostdisp"
- fi
- fi
- else
- echo ""
- echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
- echo ""
- trap "final" 0 2 15
- if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
- if [ "X$SSVNC_LISTEN_ONCE" = "X1" ]; then
- echo "NOTE: The ultravnc_dsm_helper only runs once. So after the first LISTEN"
- echo " ends you must restart the Listening mode. You may also need to"
- echo " Press Ctrl-C to stop the viewer and restart for another connection."
- echo ""
- fi
- #SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
- VNCVIEWER_LISTEN_LOCALHOST=1
- export VNCVIEWER_LISTEN_LOCALHOST
- dport=`expr 5500 + $disp`
- cmd="$SSVNC_ULTRA_DSM $dport $localhost:$use"
- ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
- echo "Running:"
- echo
- echo "$ustr &"
- echo
- if [ "X$SSVNC_LISTEN_ONCE" = "X1" ]; then
- $cmd &
- dsm_pid=$!
- else
- while [ 1 ]; do $cmd; sleep 1; done &
- dsm_pid=$!
- fi
- sleep 2
- disp=$use
- if [ $disp -ge 5500 ]; then
- disp=`expr $disp - 5500`
- fi
- fi
- disp2=$disp
- if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
- disp2=`echo "$disp2" | sed -e 's/://g'`
- if [ $disp2 -le 200 ]; then
- disp2=`expr $disp2 + 5500`
- fi
- fi
- echo "$VNCVIEWERCMD" "$@" -listen $disp2
- echo ""
- $VNCVIEWERCMD "$@" -listen $disp2
- if [ "X$PPROXY_LOOP_THYSELF" != "X" ]; then
- rm -f $PPROXY_LOOP_THYSELF
- fi
- fi
- exit $?
-fi
-
-tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
-tmp_cfg=`mytmp "$tmp_cfg"`
-
-stunnel_exec=""
-if [ "X$SSVNC_USE_OURS" != "X1" ]; then
- :
-elif echo $STUNNEL_EXTRA_SVC_OPTS | grep '#stunnel-exec' > /dev/null; then
- stunnel_exec="#"
-fi
-
-if [ "X$reverse" = "X" ]; then
-
- if echo "$proxy" | grep "^repeater://" > /dev/null; then
- if [ "X$cert" = "XBUILTIN" ]; then
- ttcert=`make_tcert`
- cert="cert = $ttcert"
- fi
- # Note for listen mode, an empty cert will cause stunnel to fail.
- # The ssvnc gui will have already taken care of this.
- fi
-
- cat > "$tmp_cfg" <<END
-foreground = yes
-pid =
-client = yes
-debug = $stunnel_debug
-$ciphers
-$STUNNEL_EXTRA_OPTS
-$STUNNEL_EXTRA_OPTS_USER
-$cert
-$crl
-$verify
-
-${stunnel_exec}[vnc_stunnel]
-${stunnel_exec}accept = $localhost:$use
-$connect
-$STUNNEL_EXTRA_SVC_OPTS
-$STUNNEL_EXTRA_SVC_OPTS_USER
-
-END
-
-else
- # REVERSE case:
-
- stunnel_exec="" # doesn't work for listening.
-
- p2=`expr 5500 + $N`
- connect="connect = $localhost:$p2"
- if [ "X$cert" = "XBUILTIN" ]; then
- ttcert=`make_tcert`
- cert="cert = $ttcert"
- fi
- # Note for listen mode, an empty cert will cause stunnel to fail.
- # The ssvnc gui will have already taken care of this.
-
-
- hloc=""
- if [ "X$use_ssh" = "X1" ]; then
- hloc="$localhost:"
- elif [ "X$STUNNEL_LISTEN" != "X" ]; then
- hloc="$STUNNEL_LISTEN:"
- fi
- if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
- hloc="$localhost:"
- pv=`findfree 5570`
- proxy="vencrypt:$pv:$port"
- port=$pv
- if [ "X$anondh_set" = "X1" ]; then
- # not needed for ANONDH in this mode
- #ciphers="ciphers = ADH:@STRENGTH"
- :
- fi
- fi
- cat > "$tmp_cfg" <<END
-foreground = yes
-pid =
-client = no
-debug = $stunnel_debug
-$ciphers
-$STUNNEL_EXTRA_OPTS
-$STUNNEL_EXTRA_OPTS_USER
-$cert
-$crl
-$verify
-
-[vnc_stunnel]
-accept = $hloc$port
-$connect
-$STUNNEL_EXTRA_SVC_OPTS
-$STUNNEL_EXTRA_SVC_OPTS_USER
-
-END
-
-fi
-
-echo ""
-echo "Using this stunnel configuration:"
-echo ""
-cat "$tmp_cfg" | uniq
-echo ""
-if egrep -i '^[ ]*(CApath|CAfile) =' "$tmp_cfg" > /dev/null ; then
- :
-else
- echo "** WARNING: THE STUNNEL CONFIG HAS NO SERVER CERTIFICATE SPECIFIED **"
- echo "** WARNING: (the CApath or CAfile stunnel option) THE VNC SERVER WILL **"
- echo "** WARNING: NOT BE AUTHENTICATED. A MAN-IN-THE-MIDDLE ATTACK IS POSSIBLE **"
- echo ""
-fi
-sleep 1
-
-if [ "X$stunnel_exec" = "X" ]; then
- echo ""
- echo "Running stunnel:"
- echo "$STUNNEL $tmp_cfg"
- st=`echo "$STUNNEL" | awk '{print $1}'`
- $st -help > /dev/null 2>&1
- $STUNNEL "$tmp_cfg" < /dev/tty > /dev/tty &
- stunnel_pid=$!
- echo ""
-
- # pause here to let the user supply a possible passphrase for the
- # mycert key:
- if [ "X$mycert" != "X" ]; then
- nsl=10
- dsl=0
- if [ ! -f $mycert ]; then
- dsl=0
- elif grep -i 'Proc-Type.*ENCRYPTED' "$mycert" > /dev/null 2>/dev/null; then
- dsl=1
- fi
- if [ "X$dsl" = "X1" ]; then
- echo ""
- echo "(** pausing $nsl secs for possible certificate passphrase dialog **)"
- echo ""
- sleep $nsl
- echo "(** done pausing for passphrase **)"
- echo ""
- fi
- fi
- #echo T sleep 1
- sleep 1
- rm -f "$tmp_cfg"
-fi
-
-
-echo ""
-if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
- echo "sleep $SSVNC_EXTRA_SLEEP"
- sleep $SSVNC_EXTRA_SLEEP
-fi
-
-if [ "X$reverse" = "X" ]; then
- if [ "X$NEED_VENCRYPT_VIEWER_BRIDGE" = "X1" -a "X$ptmp" != "X" ] ; then
- port1=`expr 5900 + $N` # stunnel port
- port2=`findfree 5970` # bridge port (viewer connects to it.)
- N=`expr $port2 - 5900`
- env PPROXY_REMOVE=0 PPROXY_SLEEP=0 PPROXY_VENCRYPT_VIEWER_BRIDGE="$port2,$port1" $ptmp &
- sleep 1
- fi
- echo "Running viewer:"
- vnc_hp=$localhost:$N
- if [ "X$stunnel_exec" != "X" ]; then
- vnc_hp="exec=$STUNNEL $tmp_cfg"
- fi
- echo "$VNCVIEWERCMD" "$@" "$vnc_hp"
- trap "final" 0 2 15
- echo ""
- $VNCVIEWERCMD "$@" "$vnc_hp"
- if [ $? != 0 ]; then
- echo "vncviewer command failed: $?"
- if [ "X$secondtry" = "X1" ]; then
- sleep 2
- $VNCVIEWERCMD "$@" "$vnc_hp"
- fi
- fi
-else
- echo "Running viewer:"
- echo ""
- echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
- echo ""
- trap "final" 0 2 15
- N2=$N
- N2_trim=`echo "$N2" | sed -e 's/://g'`
- if [ $N2_trim -le 200 ]; then
- N2_trim=`expr $N2_trim + 5500`
- fi
- if [ "X$proxy" != "X" ]; then
- if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
- pstunnel=`echo "$proxy" | awk -F: '{print $2}'`
- plisten=`echo "$proxy" | awk -F: '{print $3}'`
- IF=INADDR_ANY
- if [ "X$STUNNEL_LISTEN" != "X" ]; then
- IF=$STUNNEL_LISTEN
- fi
- PPROXY_VENCRYPT_REVERSE=1; export PPROXY_VENCRYPT_REVERSE
- PPROXY_LISTEN="$IF:$plisten"; export PPROXY_LISTEN
- PPROXY_PROXY="vencrypt://$localhost:$pstunnel"; export PPROXY_PROXY
- PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST
- STUNNEL_ONCE=1; export STUNNEL_ONCE
- STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
- if [ "X$NEED_VENCRYPT_VIEWER_BRIDGE" = "X1" -a "X$ptmp" != "X" ] ; then
- port1=`expr 5500 + $N2`
- port2=`findfree 5580`
- N2=`expr $port2 - 5500`
- N2_trim=`echo "$N2" | sed -e 's/://g'`
- if [ $N2_trim -le 200 ]; then
- N2_trim=`expr $N2_trim + 5500`
- fi
- if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
- PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself1.${RANDOM}.$$"`
- export PPROXY_LOOP_THYSELF
- PPROXY_LOOP_THYSELF0=$PPROXY_LOOP_THYSELF
- fi
- env PPROXY_REMOVE=0 PPROXY_SLEEP=0 PPROXY_VENCRYPT_VIEWER_BRIDGE="-$port1,$port2" $ptmp &
- sleep 1
- fi
- else
- PPROXY_REVERSE="$localhost:$port"; export PPROXY_REVERSE
- PPROXY_SLEEP=1; export PPROXY_SLEEP;
- fi
- PPROXY_KILLPID=+1; export PPROXY_KILLPID;
- if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
- PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself2.${RANDOM}.$$"`
- export PPROXY_LOOP_THYSELF
- fi
- $ptmp &
- # Important to have no extra pids generated between here and VNCVIEWERCMD
- fi
- if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
- N2=$N2_trim
- fi
- echo "$VNCVIEWERCMD" "$@" -listen $N2
- echo ""
- $VNCVIEWERCMD "$@" -listen $N2
-
- if [ "X$PPROXY_LOOP_THYSELF" != "X" ]; then
- rm -f $PPROXY_LOOP_THYSELF
- fi
- if [ "X$PPROXY_LOOP_THYSELF0" != "X" ]; then
- rm -f $PPROXY_LOOP_THYSELF0
- fi
-fi
-
-sleep 1