diff options
| author | runge <runge> | 2008-05-12 00:53:11 +0000 |
|---|---|---|
| committer | runge <runge> | 2008-05-12 00:53:11 +0000 |
| commit | b2306270d0e356108fde0a0710fefa5acb38f6e7 (patch) | |
| tree | 65695b420f242840d2103bfaa9fb0fc5885bb7c4 /x11vnc/misc/enhanced_tightvnc_viewer/bin/util | |
| parent | abbdf92a704790374a12d6da5125b4e95595aaac (diff) | |
| download | libtdevnc-b2306270d0e356108fde0a0710fefa5acb38f6e7.tar.gz libtdevnc-b2306270d0e356108fde0a0710fefa5acb38f6e7.zip | |
Many improvement to the frontend and unix viewer. UltraVNC proxy support,
and other proxy improvements.
Diffstat (limited to 'x11vnc/misc/enhanced_tightvnc_viewer/bin/util')
| -rwxr-xr-x | x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer | 374 | ||||
| -rwxr-xr-x | x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl | 524 |
2 files changed, 654 insertions, 244 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer index cffe6df..6becd63 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer @@ -3,7 +3,7 @@ # ss_vncviewer: wrapper for vncviewer to use an stunnel SSL tunnel # or an SSH tunnel. # -# Copyright (c) 2006-2007 by Karl J. Runge <runge@karlrunge.com> +# Copyright (c) 2006-2008 by Karl J. Runge <runge@karlrunge.com> # # You must have stunnel(8) installed on the system and in your PATH # (however, see the -ssh option below, in which case you will need ssh(1) @@ -39,7 +39,7 @@ # and then a 2nd CONNECT to the destination VNC server.) # # Use socks://host:port, socks4://host:port, or socks5://host,port -# to force usage of a SOCKS proxy. +# to force usage of a SOCKS proxy. Also repeater://host:port. # # -showcert Only fetch the certificate using the 'openssl s_client' # command (openssl(1) must in installed). @@ -259,8 +259,12 @@ if [ "X$reverse" != "X" ]; then # check proxy usage under reverse connection: if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then echo "" - echo "*Warning*: SSL -listen and a Web proxy does not make sense." - sleep 3 + if echo "$proxy" | egrep "repeater://" > /dev/null; then + : + else + echo "*Warning*: SSL -listen and a Web proxy does not make sense." + sleep 3 + fi elif echo "$proxy" | grep "," > /dev/null; then : else @@ -502,6 +506,11 @@ rchk() { } rchk +dL="-L" +if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then + dL="-h" +fi + # a portable, but not absolutely safe, tmp file creator mytmp() { tf=$1 @@ -509,7 +518,7 @@ mytmp() { if [ -d "$tf" ]; then echo "tmp file $tf still exists as a directory." exit 1 - elif [ -L "$tf" ]; then + elif [ $dL "$tf" ]; then echo "tmp file $tf still exists as a symlink." exit 1 elif [ -f "$tf" ]; then @@ -564,50 +573,43 @@ pcode() { use IO::Socket::INET; -my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3); +if (exists $ENV{PPROXY_SLEEP}) { + print STDERR "PPROXY_PID: $$\n"; + sleep $ENV{PPROXY_SLEEP}; +} -if ($first =~ m,^socks4?://(\S*)$,i) { - $ENV{PPROXY_SOCKS} = 1; - $first = $1; -} elsif ($first =~ m,^socks5://(\S*)$,i) { - $ENV{PPROXY_SOCKS} = 5; - $first = $1; -} elsif ($first =~ m,^https?://(\S*)$,i) { - $ENV{PPROXY_SOCKS} = ""; - $first = $1; +foreach my $var (qw(PPROXY_PROXY PPROXY_SOCKS PPROXY_DEST PPROXY_LISTEN + PPROXY_REVERSE PPROXY_REPEATER PPROXY_REMOVE PPROXY_KILLPID PPROXY_SLEEP)) { + if (0 || $ENV{SS_DEBUG}) { + print STDERR "$var: $ENV{$var}\n"; + } +} + +if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) { + if ($ENV{PPROXY_SOCKS} eq "5") { + $ENV{PPROXY_PROXY} = "socks5://$ENV{PPROXY_PROXY}"; + } else { + $ENV{PPROXY_PROXY} = "socks://$ENV{PPROXY_PROXY}"; + } } +my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3); +my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", ""); + +($first, $mode_1st) = url_parse($first); + my ($proxy_host, $proxy_port) = split(/:/, $first); my $connect = $ENV{PPROXY_DEST}; -my $mode_2nd = ""; if ($second ne "") { - if ($second =~ m,^socks4?://(\S*)$,i) { - $mode_2nd = "socks4"; - $second = $1; - } elsif ($second =~ m,^socks5://(\S*)$,i) { - $mode_2nd = "socks5"; - $second = $1; - } elsif ($second =~ m,^https?://(\S*)$,i) { - $mode_2nd = "http"; - $second = $1; - } + ($second, $mode_2nd) = url_parse($second); } -my $mode_3rd = ""; if ($third ne "") { - if ($third =~ m,^socks4?://(\S*)$,i) { - $mode_3rd = "socks4"; - $third = $1; - } elsif ($third =~ m,^socks5://(\S*)$,i) { - $mode_3rd = "socks5"; - $third = $1; - } elsif ($third =~ m,^https?://(\S*)$,i) { - $mode_3rd = "http"; - $third = $1; - } + ($third, $mode_3rd) = url_parse($third); } + print STDERR "\n"; print STDERR "PPROXY v0.2: a tool for Web proxies and SOCKS connections.\n"; print STDERR "proxy_host: $proxy_host\n"; @@ -615,10 +617,29 @@ print STDERR "proxy_port: $proxy_port\n"; print STDERR "proxy_connect: $connect\n"; print STDERR "pproxy_params: $ENV{PPROXY_PROXY}\n"; print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n"; +print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n"; print STDERR "\n"; +if (1) { + print STDERR "pproxy 1st: $first\t- $mode_1st\n"; + print STDERR "pproxy 2nd: $second\t- $mode_2nd\n"; + print STDERR "pproxy 3rd: $third\t- $mode_3rd\n"; + print STDERR "\n"; +} my $listen_handle = ""; -if ($ENV{PPROXY_LISTEN} != "") { +if ($ENV{PPROXY_REVERSE} ne "") { + my ($rhost, $rport) = split(/:/, $ENV{PPROXY_REVERSE}); + $rport = 5900 unless $rport; + $listen_handle = IO::Socket::INET->new( + PeerAddr => $rhost, + PeerPort => $rport, + Proto => "tcp" + ); + if (! $listen_handle) { + die "pproxy: $! -- PPROXY_REVERSE\n"; + } + print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n"; +} elsif ($ENV{PPROXY_LISTEN} ne "") { my $listen_sock = IO::Socket::INET->new( Listen => 2, LocalAddr => "localhost", @@ -626,7 +647,7 @@ if ($ENV{PPROXY_LISTEN} != "") { Proto => "tcp" ); if (! $listen_sock) { - die "pproxy: $!\n"; + die "pproxy: $! -- PPROXY_LISTEN\n"; } my $ip; ($listen_handle, $ip) = $listen_sock->accept(); @@ -647,6 +668,112 @@ if (! $sock) { die "pproxy: $err\n"; } +unlink($0) if $ENV{PPROXY_REMOVE}; + +$cur_proxy = $first; +setmode($mode_1st); + +if ($second ne "") { + connection($second, 1); + + setmode($mode_2nd); + $cur_proxy = $second; + + if ($third ne "") { + connection($third, 2); + setmode($mode_3rd); + $cur_proxy = $third; + connection($connect, 3); + } else { + connection($connect, 2); + } +} else { + connection($connect, 1); +} + +$parent = $$; +$child = fork; +if (! defined $child) { + kill "TERM", $ENV{PPROXY_KILLPID} if $ENV{PPROXY_KILLPID}; + exit 1; +} + +if ($child) { + print STDERR "pproxy parent\[$$] STDIN -> socket\n"; + if ($listen_handle) { + xfer($listen_handle, $sock); + } else { + xfer(STDIN, $sock); + } + select(undef, undef, undef, 0.25); + if (kill 0, $child) { + select(undef, undef, undef, 1.5); + #print STDERR "pproxy\[$$]: kill TERM $child\n"; + kill "TERM", $child; + } +} else { + print STDERR "pproxy child \[$$] socket -> STDOUT\n"; + if ($listen_handle) { + xfer($sock, $listen_handle); + } else { + xfer($sock, STDOUT); + } + select(undef, undef, undef, 0.25); + if (kill 0, $parent) { + select(undef, undef, undef, 1.5); + #print STDERR "pproxy\[$$]: kill TERM $parent\n"; + kill "TERM", $parent; + } +} +if ($ENV{PPROXY_KILLPID} ne "") { + if ($ENV{PPROXY_KILLPID} =~ /^(\+|-)/) { + $ENV{PPROXY_KILLPID} = $$ + $ENV{PPROXY_KILLPID}; + } + print STDERR "kill TERM, $ENV{PPROXY_KILLPID}\n"; + kill "TERM", $ENV{PPROXY_KILLPID}; +} +exit; + +sub url_parse { + my $hostport = shift; + my $mode = "http"; + if ($hostport =~ m,^socks4?://(\S*)$,i) { + $mode = "socks4"; + $hostport = $1; + } elsif ($hostport =~ m,^socks5://(\S*)$,i) { + $mode = "socks5"; + $hostport = $1; + } elsif ($hostport =~ m,^https?://(\S*)$,i) { + $mode = "http"; + $hostport = $1; + } elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) { + # ultravnc repeater proxy. + $hostport = $1; + $mode = "repeater:$2"; + if ($hostport !~ /:\d+/) { + $hostport .= ":5900"; + } + } + return ($hostport, $mode); +} + +sub setmode { + my $mode = shift; + $ENV{PPROXY_REPEATER} = ""; + if ($mode =~ /^socks/) { + if ($mode =~ /^socks5/) { + $ENV{PPROXY_SOCKS} = 5; + } else { + $ENV{PPROXY_SOCKS} = 1; + } + } elsif ($mode =~ /^repeater:(.*)/) { + $ENV{PPROXY_REPEATER} = $1; + $ENV{PPROXY_SOCKS} = ""; + } else { + $ENV{PPROXY_SOCKS} = ""; + } +} + sub connection { my ($CONNECT, $w) = @_; @@ -771,6 +898,18 @@ sub connection { close $sock; exit(1); } + } elsif ($ENV{PPROXY_REPEATER} ne "") { + my $rep = $ENV{PPROXY_REPEATER}; + print STDERR "repeater: $rep\n"; + $rep .= pack("x") x 250; + syswrite($sock, $rep, 250); + + my $ok = 1; + for (my $i = 0; $i < 12; $i++) { + my $c; + sysread($sock, $c, 1); + print STDERR $c; + } } else { # Web Proxy: @@ -799,76 +938,6 @@ sub connection { } } -unlink($0) if $ENV{PPROXY_REMOVE}; - -$cur_proxy = $first; - -if ($second ne "") { - connection($second, 1); - - setmode($mode_2nd); - $cur_proxy = $second; - - if ($third ne "") { - connection($third, 2); - setmode($mode_3rd); - $cur_proxy = $third; - connection($connect, 3); - } else { - connection($connect, 2); - } -} else { - connection($connect, 1); -} - -$parent = $$; -$child = fork; -if (! defined $child) { - exit 1; -} - -if ($child) { - print STDERR "pproxy parent\[$$] STDIN -> socket\n"; - if ($listen_handle) { - xfer($listen_handle, $sock); - } else { - xfer(STDIN, $sock); - } - select(undef, undef, undef, 0.25); - if (kill 0, $child) { - select(undef, undef, undef, 1.5); - #print STDERR "pproxy\[$$]: kill TERM $child\n"; - kill "TERM", $child; - } -} else { - print STDERR "pproxy child \[$$] socket -> STDOUT\n"; - if ($listen_handle) { - xfer($sock, $listen_handle); - } else { - xfer($sock, STDOUT); - } - select(undef, undef, undef, 0.25); - if (kill 0, $parent) { - select(undef, undef, undef, 1.5); - #print STDERR "pproxy\[$$]: kill TERM $parent\n"; - kill "TERM", $parent; - } -} -exit; - -sub setmode { - my $mode = shift; - if ($mode =~ /^socks/) { - if ($mode =~ /^socks5/) { - $ENV{PPROXY_SOCKS} = 5; - } else { - $ENV{PPROXY_SOCKS} = 1; - } - } else { - $ENV{PPROXY_SOCKS} = ""; - } -} - sub xfer { my($in, $out) = @_; $RIN = $WIN = $EIN = ""; @@ -1182,6 +1251,7 @@ Kecho proxy=$proxy fi if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then + echo "sleep $SSVNC_EXTRA_SLEEP" sleep $SSVNC_EXTRA_SLEEP fi @@ -1281,12 +1351,12 @@ Kecho proxy=$proxy sleep 5 fi echo "" + #reset + stty sane if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then - #echo T sleep $SSVNC_EXTRA_SLEEP + echo "sleep $SSVNC_EXTRA_SLEEP" sleep $SSVNC_EXTRA_SLEEP fi - #reset - stty sane #echo "pssh=\"$pssh\"" if [ "X$use_sshssl" = "X" -a "X$getport" = "X" ]; then echo "Running viewer:" @@ -1351,12 +1421,15 @@ if [ "X$proxy" != "X" ]; then PPROXY_REMOVE=1; export PPROXY_REMOVE pcode "$ptmp" if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then - if uname | grep Darwin >/dev/null; then + if uname | egrep 'Darwin|SunOS' >/dev/null; then # on mac we need to listen on socket instead of stdio: nd=`findfree 6700` PPROXY_LISTEN=$nd export PPROXY_LISTEN - $ptmp 2>/dev/null & + if [ "X$reverse" = "X" ]; then + #$ptmp 2>/dev/null & + $ptmp & + fi #sleep 3 sleep 2 host="localhost" @@ -1423,7 +1496,7 @@ if [ "X$direct_connect" != "X" ]; then disp="$N" fi if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then - #echo T sleep $SSVNC_EXTRA_SLEEP + echo "T sleep $SSVNC_EXTRA_SLEEP" sleep $SSVNC_EXTRA_SLEEP fi if [ "X$reverse" = "X" ]; then @@ -1453,29 +1526,9 @@ fi tmp=/tmp/ss_vncviewer${RANDOM}.$$ mytmp "$tmp" -if [ "X$reverse" = "X" ]; then - - cat > "$tmp" <<END -foreground = yes -pid = -client = yes -debug = 6 -$STUNNEL_EXTRA_OPTS -$verify -$cert - -[vnc_stunnel] -accept = localhost:$use -$connect - -END -else - - p2=`expr 5500 + $N` - connect="connect = localhost:$p2" - if [ "X$cert" = "X" ]; then - tcert="/tmp/tcert${RANDOM}.$$" - cat > $tcert <<END +make_tcert() { + tcert="/tmp/tcert${RANDOM}.$$" + cat > $tcert <<END -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN +zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS @@ -1527,8 +1580,40 @@ wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I dMw1yW09l+eEo4A7GzwOdw== -----END CERTIFICATE----- END - chmod 600 $tcert - cert="cert = $tcert" + chmod 600 $tcert + echo "$tcert" +} + +if [ "X$reverse" = "X" ]; then + + if echo "$proxy" | grep repeater:// > /dev/null; then + if [ "X$cert" = "X" ]; then + ttcert=`make_tcert` + cert="cert = $ttcert" + fi + fi + + cat > "$tmp" <<END +foreground = yes +pid = +client = yes +debug = 6 +$STUNNEL_EXTRA_OPTS +$verify +$cert + +[vnc_stunnel] +accept = localhost:$use +$connect + +END +else + + p2=`expr 5500 + $N` + connect="connect = localhost:$p2" + if [ "X$cert" = "X" ]; then + ttcert=`make_tcert` + cert="cert = $ttcert" fi STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'` @@ -1551,7 +1636,6 @@ accept = $hloc$port $connect END - fi echo "" @@ -1583,8 +1667,10 @@ fi sleep 1 rm -f "$tmp" + echo "" if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then + echo "sleep $SSVNC_EXTRA_SLEEP" sleep $SSVNC_EXTRA_SLEEP fi echo "Running viewer:" @@ -1607,6 +1693,12 @@ else echo "$VNCVIEWERCMD" "$@" -listen $N trap "final" 0 2 15 echo "" + if [ "X$proxy" != "X" ]; then + PPROXY_REVERSE="localhost:$port"; export PPROXY_REVERSE + PPROXY_SLEEP=1; export PPROXY_SLEEP; + PPROXY_KILLPID=+1; export PPROXY_KILLPID; + $ptmp & + fi $VNCVIEWERCMD "$@" -listen $N fi diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl index 2f52e7e..d99763e 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl @@ -33,6 +33,16 @@ proc center_win {w} { update } +proc mac_raise {} { + global uname + if {$uname == "Darwin"} { + catch {exec /bin/sh -c {osascript -e 'tell application "Wish Shell" to activate' >/dev/null 2>&1 &}} + after 150 + update + update idletasks + } +} + proc toplev {w} { catch {destroy $w} toplevel $w @@ -105,16 +115,18 @@ proc ts_help {} { The Terminal Services VNC Viewer uses SSH to establish an encrypted and authenticated connection to the remote server. - On the remote server x11vnc is run in terminal services mode to find - or create your desktop session. x11vnc is used for both the session - management and the VNC transport. + Through the SSH channel, it automatically starts x11vnc in terminal + services mode on the remote server to find or create your desktop + session. x11vnc is used for both the session management and the + VNC transport. You MUST be able to log in via SSH to the remote terminal server. Ask your administrator to set this up for you if it isn't already. - Also see "Requirements" below. + x11vnc must also be installed on the remote server machine. + See "Requirements" below. This mode is started by the commands 'tsvnc' or 'ssvnc -ts' or - toggling by pressing Ctrl-t. "SSVNC Mode" under Options -> Advanced + toggled by pressing Ctrl-t. "SSVNC Mode" under Options -> Advanced will also return to the full SSVNC. Or in your ~/.ssvncrc (or ~/ssvnc_rc on Windows) put "mode=tsvnc" @@ -322,11 +334,11 @@ proc help {} { set msg { Hosts and Displays: - Enter the VNC host and display in the 'VNC Host:Display' entry box. + Enter the VNC host and display in the 'VNC Host:Display' entry box. It is of the form "host:number", where "host" is the hostname of the machine running the VNC Server and "number" is the VNC display number; - it is often "0". Examples: + it is often "0". Some Examples: snoopy:0 @@ -336,13 +348,13 @@ proc help {} { 24.67.132.27:0 - Then click on "Connect". When you do so the STUNNEL program will be + Then click on "Connect". When you do the STUNNEL program will be started locally to provide you with an outgoing SSL tunnel. Once the STUNNEL is running, the TightVNC Viewer (Or Chicken of the - VNC on Mac OS X) will be automatically started directed to the local - port of the SSL tunnel which, in turn, encrypts and redirects the - connection to the remote VNC server. + VNC on Mac OS X, or one you set under Options) will be automatically + started directed to the local port of the SSL tunnel which, in turn, + encrypts and redirects the connection to the remote VNC server. The remote VNC server MUST support an initial SSL handshake before using the VNC protocol (i.e. VNC is tunnelled through the SSL channel @@ -351,15 +363,21 @@ proc help {} { Automatic SSH tunnels are described below. - If you are using a port less than the default VNC port 5900 (usually - the VNC display = port - 5900), use the full port number itself, e.g.: + See tip 5) below for how to disable encryption. + - 24.67.132.27:443 + Port numbers: - Note, however, if the number n after the colon is < 200, then a - port number 5900 + n is assumed; i.e. n is the VNC display number. - If you must use a TCP port less than 200, specify a negative value, - e.g.: 24.67.132.27:-80 + If you are using a port less than the default VNC port 5900 + (usually the VNC display = port - 5900), use the full port number + itself, e.g.: + + 24.67.132.27:443 + + Note, however, if the number n after the colon is < 200, then a + port number 5900 + n is assumed; i.e. n is the VNC display number. + If you must use a TCP port less than 200, specify a negative value, + e.g.: 24.67.132.27:-80 SSL Certificate Verification: @@ -377,21 +395,29 @@ proc help {} { and so the first time you connect to a new server you may need to follow a few dialogs to inspect and save the server certificate. See the "Certs... -> Help" for information on how to manage certificates. + "Verify All Certs" is on by default. - "Fetch Cert" and "Verify All Certs" are currently disabled in the rare - "SSH + SSL" usage mode (e.g. SSH is used to enter a firewall gateway, - and then SSL is tunneled through that to reach the workstation). + However, "Fetch Cert" and "Verify All Certs" are currently disabled + in the rare "SSH + SSL" usage mode (e.g. SSH is used to enter a + firewall gateway, and then SSL is tunneled through that to reach + the workstation). Windows STUNNEL: - Note that on Windows when the Viewer connection is finished you may - need to terminate STUNNEL manually from the System Tray (right click - on dark green icon) and selecting "Exit". Double clicking that icon - will show you its log file (useful for debugging connections). + Note that on Windows when the Viewer connection is finished you + will be prompted if you want SSVNC to try to kill the STUNNEL process + for you. Usually you will say Yes, however if there are problems + connecting you may want to look at the STUNNEL Log first. + + Double clicking the STUNNEL tray icon (dark green) will show you + its Log file (useful for debugging connections). + + SSVNC will kill the STUNNEL process for you, but you may still need + to move the mouse over the icon to make it go away. - SSVNC will try to kill the STUNNEL process for you, but you may still - need to move the mouse over the icon to make it go away. + In some cases you may need to terminate STUNNEL manually from the + System Tray (right click on dark green icon) and selecting "Exit". VNC Password: @@ -406,7 +432,7 @@ proc help {} { On Windows TightVNC viewer should prompt you when a password is required. - NOTE: when you Save a VNC profile, the password is not saved (you + NOTE: when you Save a VNC profile, the password is NOT saved (you need to enter it each time). @@ -414,6 +440,7 @@ proc help {} { Click on "Use SSH" if you want to use an *SSH* tunnel instead of SSL (then the VNC Server does not need to speak SSL or use STUNNEL). + You will need to be able to login to your account on the remote host via SSH (e.g. via password or ssh-agent). @@ -435,6 +462,50 @@ proc help {} { the -ssh command line option or "sshvnc". + Remote SSH Command: + + In SSH or SSH + SSL mode you can also specify a remote command + to run on the remote ssh host in the "Remote SSH Command" entry. + The default is just to sleep a bit (e.g. sleep 30) to make sure + the port tunnels are established. Alternatively you could have the + remote command start the VNC server, e.g. + + x11vnc -display :0 -rfbport 5900 -localhost -nopw + + When starting the VNC server this way, note that sometimes you + will need to correlate the VNC Display number with the "-rfbport" + (or similar) option of the server. E.g.: + + VNC Host:Display username@somehost.com:2 + Remote SSH Command: x11vnc -find -rfbport 5902 -nopw + + See the the Tip below (11) for using x11vnc PORT=NNNN feature (or + vncserver(1) output) to not need to specify the VNC display number + or the x11vnc -rfbport option. + + + Profiles: + + Use "Save" to save a profile (i.e. a host:display and its specific + settings) with a name. + + To load in a saved Options profile, click on the "Load" button. + + To list your profiles from the command line use: + + ssvnc -profiles (or -list) + + You can launch ssvnc and have it immediately connect to the server + by invoking it something like this: + + ssvnc profile1 (launches profile named "profile1") + ssvnc hostname:0 (connect to hostname VNC disp 0 via SSL) + ssvnc vnc+ssl://hostname:0 (same) + ssvnc vnc+ssh://hostname:0 (connect to hostname VNC disp 0 via SSH) + + see the Tips 5 and 9 below for more about the URL-like syntax. + + Proxies/Gateways: If an intermediate proxy is needed to make the SSL connection @@ -466,12 +537,12 @@ proc help {} { You can prefix web proxies with http:// but it doesn't matter since that is the default. - Note that Web proxies are often configured to only allow outgoing + Note that Web proxies are often configured to ONLY allow outgoing connections to ports 443 (HTTPS) and 563 (SNEWS), so you might have run the VNC server (or router port redirector) on those ports. SOCKS proxies usually have no restrictions on port number. - On Unix you can chain up to 3 proxies (any combination of http:// and + You can chain up to 3 proxies (any combination of http:// and socks://) by separating them with commas (i.e. first,second,third). See the ss_vncviewer description and x11vnc FAQ for info on proxies: @@ -523,6 +594,7 @@ proc help {} { will also work going to a different internal machine, e.g. "joes-pc:0" instead of "localhost:0", as in the first example. + A Web or SOCKS proxy can also be used with SSH. Use this if you are inside a firewall that prohibits direct connections to remote SSH servers. @@ -536,7 +608,7 @@ proc help {} { use socks5://... to force the SOCKS5 version. - On Unix you can chain up to 3 proxies (any combination of http:// and + You can chain up to 3 proxies (any combination of http:// and socks://) by separating them with commas (i.e. first,second,third). For a non-standard SSH port and a Web or SOCKS proxy try: @@ -551,26 +623,75 @@ proc help {} { Proxy/Gateway: http://mysocks.west:1080,ssh.company.com,joes-pc - Remote SSH Command: + UltraVNC Proxies/Gateways: - In SSH or SSH + SSL mode you can also specify a remote command - to run on the remote ssh host in the "Remote SSH Command" entry. - The default is just to sleep a bit (e.g. sleep 30) to make sure - the port tunnels are established. Alternatively you could have the - remote command start the VNC server, e.g. + UltraVNC has a "repeater" tool (http://www.uvnc.com/addons/repeater.html + and http://koti.mbnet.fi/jtko/) that acts as an VNC proxy. SSVNC can + work with both mode I and mode II schemes of this repeater. - x11vnc -display :0 -rfbport 5900 -localhost -nopw + Note: only SSL (or unencrypted) SSVNC connections make sense with + the UltraVNC repeater. SSH connections (previous section) do not + seem to (let us know if you find a way to use it). - When starting the VNC server this way, note that sometimes you - will need to correlate the VNC Display number with the "-rfbport" - (or similar) option of the server. E.g.: + For mode I repeater the viewer initiates the connection and passes + a string that is the internal VNC server's IP address (or hostname) + and port or display: - VNC Host:Display username@somehost.com:2 - Remote SSH Command: x11vnc -find -rfbport 5902 -nopw + VNC Host:Display: :0 + Proxy/Gateway: repeater://myproxy.west:5900+joes-pc:1 - See the the Tip below (11) for using x11vnc PORT=NNNN feature (or - vncserver(1) output) to not need to specify the VNC display number - or the x11vnc -rfbport option. + Note here that the VNC Host:Display can be anything; we use :0. + + The Proxy/Gateway format is repeater://proxy:port+vncserver:display. + The string after the "+" sign is passed to the repeater server for + it to interpret. For this example, instead of joes-pc:1 it could + be joes-pc:5901 or 192.168.1.4:1, 192.168.1.4:5901, etc. + + If you do not supply a proxy port, then the default 5900 is assumed, + e.g. repeater://myproxy.west+joes-pc:1 + + + For mode II repeater both the VNC viewer and VNC server initiate + connections to the repeater proxy. In this case they pass a string + that identifies their mutual connection via "ID:NNNN": + + VNC Host:Display: :0 + Proxy/Gateway: repeater://myproxy.west:5900+ID:1234 + + again, the default proxy port is 5900 if not supplied. + + In this case, mode II, you MUST set Options -> Reverse VNC Connection. + That is to say a "Listening Connection". The reason for this is that + the VNC server acts as a SSL *client* and so requires the Viewer end + to have an SSL cert, etc. + + Set REPEATER_FORCE=1 in the Host:Display (hit Enter, and then clear + it) to force SSVNC to try to a forward connection in this situation. + + We have also found that usually the Listening viewer must be started + BEFORE the VNC Server connects to the proxy. This is a likely bug + in the repeater tool. + + + For mode II, you probably should also disable "Verify All Certs" + unless you have taken the steps beforehand to save the VNC server's + certificate, or have previously accepted it using another method. + + Also, after the connection you MUST terminate the listening VNC Viewer + (Ctrl-C) and connect again (the proxy only runs once.) In Windows, + go to the System Tray and terminate the Listening VNC Viewer. + + BTW, the x11vnc VNC server command for the mode II case would be + something like: + + x11vnc -ssl SAVE -connect repeater=ID:1234+myproxy.west:5500 ... + + It also supports -connect repeater://myproxy.west:5500+ID:1234 + notation. + + For mode I operation x11vnc simply runs as a normal SSL/VNC server + + x11vnc -ssl SAVE SSL Certificates: @@ -599,10 +720,10 @@ proc help {} { the other one in the "Certs ..." dialog. Alternatively you can use the "Import Certificate" action to paste - in a certificate or read one in from a file or use the "Fetch Cert" - button on the main panel. If "Verify All Certs" is checked, you - will be forced to check Certs of any new servers the first time - you connect. + in a certificate or read one in from a file. Or you can use the + "Fetch Cert" button on the main panel. If "Verify All Certs" is + checked, you will be forced to check Certs of any new servers the + first time you connect. Note that "Verify All Certs" is on by default so that users who do not understand the SSL Man-In-The-Middle problem will not be left @@ -620,27 +741,6 @@ proc help {} { number of colors used. click on the "Options ..." button and read the Help there. - Profiles: - - Use "Save" to save a profile (i.e. a host:display and its specific - settings) with a name. - - To load in a saved Options profile, click on the "Load" button. - - To list your profiles from the command line use: - - ssvnc -profiles (or -list) - - You can launch ssvnc and have it immediately connect to the server - by invoking it something like this: - - ssvnc profile1 (launches profile named "profile1") - ssvnc hostname:0 (connect to hostname VNC disp 0 via SSL) - ssvnc vnc+ssl://hostname:0 (same) - ssvnc vnc+ssh://hostname:0 (connect to hostname VNC disp 0 via SSH) - - see the Tips 5 and 9 below for more about the URL-like syntax. - More Info: @@ -662,20 +762,25 @@ proc help {} { line: "user@hostname cmd=SHELL") then you get an SSH shell only: no VNC viewer will be launched. On Windows "PUTTY" will try to use putty.exe (better terminal emulation than plink.exe). + A ShortCut for this is Ctrl-S as long as user@hostname is present in the entry box. 3) If you use "KNOCK" for the "Remote SSH Command" (or int he display line "user@hostname cmd=KNOCK") then only the port-knocking is - performed. A ShortCut for this is Ctrl-P as long as hostname - is present in the entry box. If it is KNOCKF, i.e. an extra - "F", then the port-knocking "FINISH" sequence is sent, if any. - A ShortCut for this Shift-Ctrl-P as long as hostname is present. + performed. + + A ShortCut for this is Ctrl-P as long as hostname is present in + the entry box. + + If it is KNOCKF, i.e. an extra "F", then the port-knocking + "FINISH" sequence is sent, if any. A ShortCut for this + Shift-Ctrl-P as long as hostname is present. 4) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right mouse button on the main GUI will invoke the Load dialog. - 5) If you want to do a Direct VNC connection, WITH **NO(* SSL OR SSH + 5) If you want to do a Direct VNC connection, WITH **NO** SSL OR SSH ENCRYPTION, use the "vnc://" prefix, e.g. vnc://far-away.east:0 This also works for reverse connections (see below). @@ -720,11 +825,13 @@ proc help {} { 10) Mobile USB memory stick / flash drive usage: You can unpack ssvnc to a flash drive for impromptu usage (e.g. from a friends - computer) If you create a directory "Home" in the toplevel ssvnc - directory, then that will be the default location for your VNC - profiles and certs. So they follow the drive this way. If you - run like this: "ssvnc ." or "ssvnc.exe ." the "Home" directory - will be created for you. + computer). + + If you create a directory "Home" in the toplevel ssvnc directory, + then that will be the default location for your VNC profiles + and certs. So they follow the drive this way. If you run like + this: "ssvnc ." or "ssvnc.exe ." the "Home" directory will be + created for you. WARNING: if you use ssvnc from an "Internet Cafe", i.e. an untrusted computer, an unscrupulous person may be capturing @@ -773,10 +880,12 @@ proc help {} { This only works with x11vnc (not vncserver). 12) You can change the X DISPLAY variable by typing DISPLAY=... into - VNC Host:Display and hitting Return or clicking Connect. Same for - HOME=. Setting SLEEP=n increases the amount of time waited before - starting the viewer. On Mac, you can set DYLD_LIBRARY_PATH=... too. - It should propagate down the the viewer. + VNC Host:Display and hitting Return or clicking Connect. Same + for HOME=. Setting SLEEP=n increases the amount of time waited + before starting the viewer. The env. var. SSVNC_EXTRA_SLEEP + also does this (and also Sleep: Option setting) On Mac, you + can set DYLD_LIBRARY_PATH=... too. It should propagate down + the the viewer. 13) If you want this application to be SSH only, then supply the command line option "-ssh" or set the env. var SSVNC_SSH_ONLY=1. @@ -1777,6 +1886,7 @@ proc ts_x11vnc_cmd {} { global choose_filexfer ts_filexfer global ts_x11vnc_opts ts_x11vnc_path ts_x11vnc_autoport choose_x11vnc_opts global ts_othervnc choose_othervnc ts_xlogin + global choose_sleep extra_sleep set cmd "" if {$choose_x11vnc_opts && $ts_x11vnc_path != ""} { @@ -1798,6 +1908,12 @@ proc ts_x11vnc_cmd {} { set type "Xvnc.redirect" } + if [info exists choose_sleep] { + if {! $choose_sleep} { + set extra_sleep "" + } + } + if {$choose_othervnc && $ts_othervnc != "find"} { set cmd "$cmd -redirect $ts_othervnc" } elseif {$type == ""} { @@ -1921,7 +2037,7 @@ proc set_defaults {} { global choose_xserver ts_xserver_type choose_desktop ts_desktop_type ts_unixpw ts_vncshared global choose_filexfer ts_filexfer global ts_x11vnc_opts choose_x11vnc_opts ts_x11vnc_path ts_x11vnc_autoport ts_xlogin - global ts_othervnc choose_othervnc + global ts_othervnc choose_othervnc choose_sleep global choose_ncache ts_ncache choose_multisession ts_multisession global ts_mode ts_desktop_size ts_desktop_depth choose_desktop_geom global additional_port_redirs additional_port_redirs_list @@ -1929,7 +2045,7 @@ proc set_defaults {} { global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_x11vnc sound_daemon_local_start global smb_su_mode smb_mount_list global use_port_knocking port_knocking_list - global ycrop_string use_listen use_unixpw use_x11vnc_find unixpw_username + global ycrop_string extra_sleep use_listen use_unixpw use_x11vnc_find unixpw_username global include_list @@ -2010,8 +2126,9 @@ proc set_defaults {} { set defs(sound_daemon_local_kill) 0 set defs(sound_daemon_x11vnc) 0 - set defs(use_port_knocking) 0 set defs(ycrop_string) "" + set defs(extra_sleep) "" + set defs(use_port_knocking) 0 set defs(port_knocking_list) "" set defs(include_list) "" @@ -2131,20 +2248,24 @@ proc do_viewer_windows {n} { } set msg " - About to start the Listening VNC Viewer. + About to start the Listening VNC Viewer (Reverse Connection). - VNC Viewer command to be run: + The VNC Viewer command to be run is: $cmd - The VNC server should then Reverse connect to: + After the Viewer starts listening, the VNC server should + then Reverse connect to: $ln - To stop the Viewer: right click on the VNC Icon in the tray - and select 'Close listening daemon' (or similar). + When the VNC Connection has ended **YOU MUST MANUALLY STOP** + the Listening VNC Viewer. - You will then return to this GUI. + To stop the Listening Viewer: right click on the VNC Icon in + the tray and select 'Close listening daemon' (or similar). + + ONLY AFTER THAT will you return to the SSVNC GUI. Click OK now to start the Listening VNC Viewer. " @@ -2159,7 +2280,7 @@ proc do_viewer_windows {n} { set wll_done 0 - eval text .wll.t -width 60 -height 19 $help_font + eval text .wll.t -width 64 -height 22 $help_font button .wll.d -text "OK" -command {destroy .wll; set wll_done 1} pack .wll.t .wll.d -side top -fill x @@ -2188,6 +2309,13 @@ proc do_viewer_windows {n} { set t [expr "$t * 1000"] after $t } + global extra_sleep + if {$extra_sleep != ""} { + set t $extra_sleep + mesg "sleeping an extra $t seconds..." + set t [expr "$t * 1000"] + after $t + } mesg $cmd set emess "" @@ -2426,12 +2554,33 @@ proc ssh_split {str} { return [list $ssh_user $ssh_host $ssh_port] } +proc check_debug_netstat {port str wn} { + global debug_netstat + if {! [info exists debug_netstat]} { + return + } + if {$debug_netstat == "0" || $debug_netstat == ""} { + return + } + mesg "DBG: $wn" + + toplev .dbns + + scroll_text_dismiss .dbns.f 82 35 + center_win .dbns + .dbns.f.t insert end "LOOKING FOR PORT: $port\n\n$str" + jiggle_text .dbns.f.t + update + after 1000 +} + proc launch_windows_ssh {hp file n} { global is_win9x env global use_sshssl use_ssh putty_pw global port_knocking_list global use_listen listening_name global ts_only + global debug_netstat set hpnew [get_ssh_hp $hp] set proxy [get_ssh_proxy $hp] @@ -2500,7 +2649,7 @@ proc launch_windows_ssh {hp file n} { set double_ssh "" set p_port "" if {$proxy != ""} { - if [regexp -nocase {(http|https|socks|socks4|socks5)://} $proxy] { + if [regexp -nocase {(http|https|socks|socks4|socks5|repeater)://} $proxy] { set pproxy "" set sproxy1 "" set sproxy_rest "" @@ -2511,7 +2660,7 @@ proc launch_windows_ssh {hp file n} { if {[regexp {^[ ]*$} $part]} { continue } - if [regexp -nocase {^(http|https|socks|socks4|socks5)://} $part] { + if [regexp -nocase {^(http|https|socks|socks4|socks5|repeater)://} $part] { if {$pproxy == ""} { set pproxy $part } else { @@ -2933,6 +3082,7 @@ proc launch_windows_ssh {hp file n} { } set ns [get_netstat] set re ":$p_port" + check_debug_netstat $p_port $ns $waited append re {[ ][ ]*[0:.][0:.]*[ ][ ]*LISTEN} if [regexp $re $ns] { set gotit 1 @@ -2945,8 +3095,17 @@ proc launch_windows_ssh {hp file n} { } } + set wdraw 1 + if [info exists debug_netstat] { + if {$debug_netstat != "" && $debug_netstat != "0"} { + set wdraw 0 + } + } + if {$is_win9x} { - wm withdraw . + if {$wdraw} { + wm withdraw . + } update win9x_plink_msg $file global win9x_plink_msg_done @@ -3012,7 +3171,9 @@ proc launch_windows_ssh {hp file n} { if {! $do_shell} { make_plink } - wm withdraw . + if {$wdraw} { + wm withdraw . + } update if {$do_shell && [regexp {FINISH} $port_knocking_list]} { catch {exec $com /c $file} @@ -3046,6 +3207,7 @@ proc launch_windows_ssh {hp file n} { } set ns [get_netstat] set re ":$use" + check_debug_netstat $use $ns $waited append re {[ ][ ]*[0:.][0:.]*[ ][ ]*LISTEN} if [regexp $re $ns] { set plink_status yes @@ -3228,6 +3390,7 @@ proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} { if {! [info exists darwin_terminal]} { raise . tk_messageBox -type ok -icon error -message "Cannot find Darwin Terminal program." -title "Cannot find Terminal program" + mac_raise return } @@ -3244,6 +3407,7 @@ proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} { if {$fh == ""} { raise . tk_messageBox -type ok -icon error -message "Cannot open temporary file: $tmp" -title "Cannot open file" + mac_raise return } global env @@ -3268,6 +3432,7 @@ proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} { puts $fh { echo termpid-find-fail: termpid=$termpid mypid=$$} puts $fh {fi} puts $fh {trap "rm -f $tmp; kill -TERM $termpid; kill -TERM $mypid; kill -KILL $mypid; exit 0" 0 2 15} + puts $fh {osascript -e 'tell application "Terminal" to activate' >/dev/null 2>&1 &} puts $fh "$cmd" puts $fh "sleep 1" puts $fh {rm -f $tmp} @@ -3559,12 +3724,14 @@ proc fetch_cert {save} { mesg "No host:disp supplied." bell catch {raise .} + mac_raise return } if {[regexp -- {--nohost--} $tt]} { mesg "No host:disp supplied." bell catch {raise .} + mac_raise return } if {! [regexp ":" $hp]} { @@ -4160,6 +4327,39 @@ proc tpid {} { return $p } +proc repeater_proxy_check {proxy} { + if [regexp {^repeater://.*\+ID:[0-9]} $proxy] { + global env + set force 0 + if [info exists env(REPEATER_FORCE)] { + if {$env(REPEATER_FORCE) != "" && $env(REPEATER_FORCE) != "0"} { + set force 1 + } + } + global use_listen + if {! $use_listen} { + if {$force} { + mesg "WARNING: repeater:// ID:nnn proxy must use Listen Mode" + after 1000 + } else { + bell + mesg "ERROR: repeater:// ID:nnn proxy must use Listen Mode" + after 1000 + return 0 + } + } + global always_verify_ssl + if [info exists always_verify_ssl] { + if {$always_verify_ssl} { + bell + mesg "WARNING: repeater:// ID:nnn Verify All Certs may fail" + after 2500 + } + } + } + return 1 +} + proc fini_unixpw {} { global named_pipe_fh unixpw_tmp @@ -4477,6 +4677,11 @@ proc launch_unix {hp} { set cmd "ssvnc_cmd" set hpnew [get_ssh_hp $hp] set proxy [get_ssh_proxy $hp] + + if {! [repeater_proxy_check $proxy]} { + return + } + if {! $do_direct && ![regexp -nocase {ssh://} $hpnew]} { if {$mycert != ""} { set cmd "$cmd -mycert '$mycert'" @@ -4519,6 +4724,7 @@ proc launch_unix {hp} { } } + if {$use_alpha} { set cmd "$cmd -alpha" } @@ -4775,12 +4981,30 @@ proc launch_unix {hp} { if {$ts_only} { set te "" } + + global extra_sleep + set ssvnc_extra_sleep_save "" + if {$extra_sleep != ""} { + if [info exists env(SSVNC_EXTRA_SLEEP)] { + set ssvnc_extra_sleep_save $env(SSVNC_EXTRA_SLEEP) + } + set env(SSVNC_EXTRA_SLEEP) $extra_sleep + } + unix_terminal_cmd $geometry "SSL/SSH VNC Viewer $hp" \ "$te$cmd; set +xv; ulimit -c 0; trap 'printf \"Paused. Press Enter to exit:\"; read x' QUIT; echo; echo $m; echo; echo sleep 5; echo; sleep 6" 0 $xrm1 $xrm2 $xrm3 set env(SS_VNCVIEWER_SSH_CMD) "" set env(SS_VNCVIEWER_USE_C) "" + if {$extra_sleep != ""} { + if {$ssvnc_extra_sleep_save != ""} { + set env(SSVNC_EXTRA_SLEEP) $ssvnc_extra_sleep_save + } else { + catch {unset env(SSVNC_EXTRA_SLEEP)} + } + } + if {$use_sound && $sound_daemon_local_kill && $sound_daemon_local_cmd != ""} { # XXX need to kill just one... set daemon [string trim $sound_daemon_local_cmd] @@ -4804,6 +5028,7 @@ proc launch_unix {hp} { catch {file delete $passwdfile} } wm deiconify . + mac_raise mesg "Disconnected from $hp" if {[regexp {FINISH} $port_knocking_list]} { do_port_knock $pk_hp finish @@ -5035,6 +5260,7 @@ proc launch {{hp ""}} { global pids_before pids_after pids_new global env global use_ssl use_ssh use_sshssl use_listen + global vncdisplay set debug 0 if {$hp == ""} { @@ -5051,6 +5277,7 @@ proc launch {{hp ""}} { set t [string trim $t] set env(SSVNC_HOME) $t mesg "set SSVNC_HOME to $t" + set vncdisplay "" return 0 } if {[regexp {^DISPLAY=} $hpt] || [regexp {^SSVNC_DISPLAY=} $hpt]} { @@ -5059,6 +5286,7 @@ proc launch {{hp ""}} { set t [string trim $t] set env(DISPLAY) $t mesg "set DISPLAY to $t" + set vncdisplay "" global uname darwin_cotvnc if {$uname == "Darwin"} { if {$t != ""} { @@ -5076,6 +5304,7 @@ proc launch {{hp ""}} { set env(DYLD_LIBRARY_PATH) $t set env(SSVNC_DYLD_LIBRARY_PATH) $t mesg "set DYLD_LIBRARY_PATH to $t" + set vncdisplay "" return 0 } if {[regexp {^SLEEP=} $hpt] || [regexp {^SSVNC_EXTRA_SLEEP=} $hpt]} { @@ -5084,6 +5313,24 @@ proc launch {{hp ""}} { set t [string trim $t] set env(SSVNC_EXTRA_SLEEP) $t mesg "set SSVNC_EXTRA_SLEEP to $t" + set vncdisplay "" + return 0 + } + if {[regexp {^DEBUG_NETSTAT=} $hpt]} { + set t $hpt + regsub {^.*DEBUG_NETSTAT=} $t "" t + global debug_netstat + set debug_netstat $t + mesg "set DEBUG_NETSTAT to $t" + set vncdisplay "" + return 0 + } + if {[regexp {^REPEATER_FORCE=} $hpt]} { + set t $hpt + regsub {^.*REPEATER_FORCE=} $t "" t + set env(REPEATER_FORCE) $t + mesg "set REPEATER_FORCE to $t" + set vncdisplay "" return 0 } if {[regexp -nocase {^SSH.?ONLY} $hpt]} { @@ -5112,12 +5359,14 @@ proc launch {{hp ""}} { mesg "No host:disp supplied." bell catch {raise .} + mac_raise return } if {[regexp -- {--nohost--} $tt]} { mesg "No host:disp supplied." bell catch {raise .} + mac_raise return } if {! [regexp ":" $hp]} { @@ -5243,6 +5492,9 @@ proc launch {{hp ""}} { if {$use_sshssl} { set proxy "" } + if {! [repeater_proxy_check $proxy]} { + return + } for {set i 30} {$i < 90} {incr i} { set try "$prefix-$i.$suffix" @@ -5295,6 +5547,7 @@ proc launch {{hp ""}} { set did_port_knock 1 } elseif {$use_ssh} { launch_windows_ssh $hp $file $n + # WE ARE DONE. return } @@ -5340,8 +5593,12 @@ proc launch {{hp ""}} { mesg "WARNING: SSL proxy contains \"@\" sign" after 2000 } + if {$use_listen} { + set env(SSVNC_REVERSE) "localhost:$port" + } else { + set env(SSVNC_LISTEN) [expr "$n2 + 5900"] + } set env(SSVNC_PROXY) $proxy - set env(SSVNC_LISTEN) [expr "$n2 + 5900"] set env(SSVNC_DEST) "$host:$port" } @@ -5442,7 +5699,7 @@ proc launch {{hp ""}} { if {$hn == ""} { set hn "this-computer" } - set listening_name "$hn:$port (or IP:$port, etc.)" + set listening_name "$hn:$port (or nn.nn.nn.nn:$port, etc.)" } puts $fh "accept = $hloc$port" puts $fh "connect = localhost:$port2" @@ -5471,6 +5728,7 @@ proc launch {{hp ""}} { set proxy_pid [exec "connect_br.exe" &] unset -nocomplain env(SSVNC_PROXY) unset -nocomplain env(SSVNC_LISTEN) + unset -nocomplain env(SSVNC_REVERSE) unset -nocomplain env(SSVNC_DEST) } @@ -8380,6 +8638,46 @@ proc ts_othervnc_dialog {} { focus .ovnc.c.e } +proc ts_sleep_dialog {} { + + toplev .eslp + wm title .eslp "Extra Sleep" + + scroll_text .eslp.f 80 5 + + global extra_sleep + + set msg { + Sleep: Enter a number to indicate how many extra seconds to sleep + while waiting for the VNC viewer to start up. On Windows this + can give extra time to enter the Putty/Plink password, etc. +} + .eslp.f.t insert end $msg + + frame .eslp.c + label .eslp.c.l -anchor w -text "Extra Sleep:" + entry .eslp.c.e -width 20 -textvariable extra_sleep + pack .eslp.c.l -side left + pack .eslp.c.e -side left -expand 1 -fill x + + button .eslp.cancel -text "Cancel" -command {destroy .eslp; set choose_sleep 0} + bind .eslp <Escape> {destroy .eslp; set choose_sleep 0} + wm protocol .eslp WM_DELETE_WINDOW {destroy .eslp; set choose_sleep 0} + button .eslp.done -text "Done" -command {destroy .eslp; set choose_sleep 1} + bind .eslp.c.e <Return> {destroy .eslp; set choose_sleep 1} + + global choose_sleep + if {! $choose_sleep} { + set extra_sleep "" + } + + pack .eslp.done .eslp.cancel .eslp.c -side bottom -fill x + pack .eslp.f -side top -fill both -expand 1 + + center_win .eslp + focus .eslp.c.e +} + proc ts_ncache_dialog {} { toplev .nche @@ -9911,6 +10209,10 @@ proc help_advanced_opts {} { in them will be applied first, and then any values in the loaded Profile will override them. + Sleep: Enter a number to indicate how many extra seconds to sleep + while waiting for the VNC viewer to start up. On Windows this + can give extra time to enter the Putty/Plink password, etc. + ssh-agent: On Unix only: restart the GUI in the presence of ssh-agent(1) (e.g. in case you forgot to start your agent before starting this GUI). An xterm will be used to enter passphrases, @@ -10906,7 +11208,7 @@ proc set_ts_options {} { proc set_ts_adv_options {} { global ts_only ts_unixpw ts_vncshared global ts_ncache ts_multisession - global choose_othervnc darwin_cotvnc + global choose_othervnc darwin_cotvnc choose_sleep if {! $ts_only} { return @@ -10957,6 +11259,11 @@ proc set_ts_adv_options {} { -command {if {$choose_x11vnc_opts} {ts_x11vnc_opts_dialog}} incr i + checkbutton .ot2.b$i -anchor w -variable choose_sleep -text \ + "Extra Sleep" \ + -command {if {$choose_sleep} {ts_sleep_dialog}} + incr i + global env if {![info exists env(SSVNC_TS_ALWAYS)]} { button .ot2.b$i -anchor w -text " SSVNC Mode" \ @@ -11059,6 +11366,15 @@ proc set_advanced_options {} { incr i + global extra_sleep + frame .oa.b$i + label .oa.b$i.l -text "Sleep: " + entry .oa.b$i.e -width 10 -textvariable extra_sleep + pack .oa.b$i.l -side left + pack .oa.b$i.e -side right -expand 1 -fill x + + incr i + if {$is_windows} { .oa.b$ix configure -state disabled .oa.b$ia configure -state disabled @@ -11389,7 +11705,7 @@ proc set_options {} { incr i checkbutton .o.b$i -anchor w -variable use_listen -text \ - "Reverse VNC Connection (-listen)" -command {listen_adjust; if {$vncdisplay == ""} {set vncdisplay ":0"}} + "Reverse VNC Connection (-LISTEN)" -command {listen_adjust; if {$vncdisplay == ""} {set vncdisplay ":0"}} #if {$is_windows} {.o.b$i configure -state disabled} if {$darwin_cotvnc} {.o.b$i configure -state disabled} incr i @@ -12042,6 +12358,8 @@ bind .f0.l <ButtonPress> {set button_gui_top 1} update +mac_raise + set didload 0 for {set i 0} {$i < $argc} {incr i} { |