diff options
-rw-r--r-- | classes/ssl/proxy.vnc | 5 | ||||
-rwxr-xr-x | classes/ssl/ssl_vncviewer | 105 |
2 files changed, 86 insertions, 24 deletions
diff --git a/classes/ssl/proxy.vnc b/classes/ssl/proxy.vnc index 9bb30e4..5c3b207 100644 --- a/classes/ssl/proxy.vnc +++ b/classes/ssl/proxy.vnc @@ -52,6 +52,9 @@ SignedVncViewer.jar is just a signed version of VncViewer.jar The URL to use for this file: https://host:port/proxy.vnc +Note LIBVNCSERVERPORT, we assume $PARAMS will have the correct PORT setting +(e.g. 563), not the one libvncserver puts in.... + --> @@ -61,7 +64,7 @@ $USER's $DESKTOP desktop ($DISPLAY) </TITLE> <APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT> -<param name=PORT value=$PORT> +<param name=LIBVNCSERVERPORT value=$PORT> <param name="Open New Window" value=yes> $PARAMS </APPLET> diff --git a/classes/ssl/ssl_vncviewer b/classes/ssl/ssl_vncviewer index 1dec89f..1052cf2 100755 --- a/classes/ssl/ssl_vncviewer +++ b/classes/ssl/ssl_vncviewer @@ -64,10 +64,20 @@ # ssl_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0 # ssl_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0 # -# # -sshcmd cmd Run "cmd" via ssh instead of the default "sleep 15" # e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900' # +# -sshargs "args" pass "args" to the ssh process, e.g. -L/-R port redirs. +# +# -sshssl Tunnel the SSL connection thru a SSH connection. The tunnel as +# under -ssh is set up and the SSL connection goes thru it. Use +# this if you want to have and end-to-end SSL connection but must +# go thru a SSH gateway host (e.g. not the vnc server). Or use +# this if you need to tunnel additional services via -R and -L +# (see -sshargs above). +# +# ssl_vncviewer -sshssl -proxy fred@mygate.com mymachine:0 +# # # -alpha turn on cursor alphablending hack if you are using the # enhanced tightvnc vncviewer. @@ -103,8 +113,13 @@ help() { gotalpha="" use_ssh="" -ssl_sleep=15 -ssh_cmd="sleep $ssl_sleep" +use_sshssl="" +ssh_sleep=15 +ssh_cmd="sleep $ssh_sleep" +if [ "X$SSL_VNCVIEWER_SSH_CMD" != "X" ]; then + ssh_cmd="$SSL_VNCVIEWER_SSH_CMD" +fi +ssh_args="" # grab our cmdline options: while [ "X$1" != "X" ] @@ -118,8 +133,13 @@ do ;; "-ssh") use_ssh=1 ;; + "-sshssl") use_ssh=1 + use_sshssl=1 + ;; "-sshcmd") shift; ssh_cmd="$1" ;; + "-sshargs") shift; ssh_args="$1" + ;; "-alpha") gotalpha=1 ;; "-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER @@ -142,7 +162,7 @@ fi orig="$1" shift -if [ "X$use_ssh" = "X1" ]; then +if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then echo "-mycert and -verify cannot be used in -ssh mode" exit 1 @@ -168,31 +188,42 @@ else fi # try to find an open listening port via netstat(1): -use="" inuse="" if uname | grep Linux > /dev/null; then inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'` elif uname | grep SunOS > /dev/null; then inuse=`netstat -an -f inet -P tcp | grep LISTEN | awk '{print $1}' | sed 's/^.*\.//'` +# add others... fi -if [ "x$inuse" != "x" ]; then - try=5930 + +date_sec=`date +%S` + +findfree() { + try0=$1 + try=$try0 + use0="" + while [ $try -lt 6000 ] do + if [ "X$inuse" = "X" ]; then + break + fi if echo "$inuse" | grep -w $try > /dev/null; then : else - use=$try + use0=$try break fi try=`expr $try + 1` done -fi -if [ "X$use" = "X" ]; then - # otherwise choose a "random" one: - use=`date +%S` - use=`expr $use + 5930` -fi + if [ "X$use0" = "X" ]; then + use0=`expr $date_sec + $try0` + fi + + echo $use0 +} + +use=`findfree 5930` if [ $use -ge 5900 ]; then N=`expr $use - 5900` @@ -219,28 +250,56 @@ if [ "X$use_ssh" = "X1" ]; then fi echo "" echo "Running ssh:" - echo "$ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host \"$ssh_cmd\"" - echo "" - $ssh -f -p $ssh_port -L ${use}:${vnc_host}:${port} $ssh_host "$ssh_cmd" + sz=`echo "$ssh_cmd" | wc -c` + if [ "$sz" -gt 200 ]; then + info="..." + else + info="$ssh_cmd" + fi + if [ "X$SSL_VNCVIEWER_SSH_ONLY" != "X" ]; then + echo "$ssh -p $ssh_port -t -C $ssh_args $ssh_host \"$info\"" + echo "" + $ssh -p $ssh_port -t -C $ssh_args $ssh_host "$ssh_cmd" + exit $? + elif [ "X$SSL_VNCVIEWER_NO_F" != "X" ]; then + echo "$ssh -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\"" + echo "" + $ssh -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd" + else + echo "$ssh -f -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\"" + echo "" + $ssh -f -p $ssh_port -C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd" + fi if [ "$?" != "0" ]; then echo "" echo "ssh to $ssh_host failed." exit 1 fi echo "" - if [ "X$ssh_cmd" = "Xsleep $ssl_sleep" ] ; then + if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then sleep 1 else # let any command get started a bit. sleep 5 fi echo "" - echo "Running viewer:" - echo $VNCVIEWERCMD "$@" localhost:$N - echo "" - $VNCVIEWERCMD "$@" localhost:$N + if [ "X$use_sshssl" = "X" ]; then + echo "Running viewer:" + echo $VNCVIEWERCMD "$@" localhost:$N + echo "" + $VNCVIEWERCMD "$@" localhost:$N - exit $? + exit $? + else + use2=`findfree 5960` + host0=$host + port0=$port + host=localhost + port=$use + use=$use2 + N=`expr $use - 5900` + proxy="" + fi fi # create the stunnel config file: |