summaryrefslogtreecommitdiffstats
path: root/x11vnc/help.c
diff options
context:
space:
mode:
Diffstat (limited to 'x11vnc/help.c')
-rw-r--r--x11vnc/help.c99
1 files changed, 72 insertions, 27 deletions
diff --git a/x11vnc/help.c b/x11vnc/help.c
index 113e0ac..d31a038 100644
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -402,9 +402,10 @@ void print_help(int mode) {
" full-access passwords)\n"
"\n"
"-unixpw [list] Experimental option: use Unix username and password\n"
-" authentication. x11vnc uses the su(1) program to\n"
-" verify the user's password. [list] is an optional\n"
-" comma separated list of allowed Unix usernames.\n"
+" authentication. x11vnc uses the su(1) program to verify\n"
+" the user's password. [list] is an optional comma\n"
+" separated list of allowed Unix usernames. See below\n"
+" for per-user options that can be applied.\n"
"\n"
" A familiar \"login:\" and \"Password:\" dialog is\n"
" presented to the user on a black screen inside the\n"
@@ -413,6 +414,22 @@ void print_help(int mode) {
" send one before a 20 second timeout. Existing clients\n"
" are view-only during this period.\n"
"\n"
+" Since the detailed behavior of su(1) can vary from\n"
+" OS to OS and for local configurations, please test\n"
+" the mode carefully on your systems before using it.\n"
+" Try different combinations of valid/invalid usernames\n"
+" and passwords.\n"
+" \n"
+" For example, on FreeBSD and the other BSD's and Tru64\n"
+" it does not appear to be possible for the user running\n"
+" x11vnc to validate his *own* password via su(1).\n"
+" The x11vnc login will always fail in this case.\n"
+" A possible workaround would be to start x11vnc as\n"
+" root with the \"-users +nobody\" option to immediately\n"
+" switch to user nobody. Another source of problems are\n"
+" PAM modules that prompt for extra info, e.g. password\n"
+" aging modules. These logins will always fail as well.\n"
+"\n"
" *IMPORTANT*: to prevent the Unix password being sent in\n"
" *clear text* over the network, two x11vnc options are\n"
" enforced: 1) -localhost and 2) -stunnel. The former\n"
@@ -432,6 +449,13 @@ void print_help(int mode) {
" user login (since Unix password or the user's public\n"
" key authentication is used by ssh)\n"
"\n"
+" As a convenience, if you ssh(1) in and start x11vnc\n"
+" it will look to see if the environment variable\n"
+" SSH_CONNECTION is set and appears reasonable. If it\n"
+" does, then the stunnel requirement is dropped since\n"
+" it is assumed you are using ssh for the encrypted\n"
+" tunnelling. Use -stunnel to force stunnel usage.\n"
+"\n"
" Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost\n"
" requirement. One should never do this (i.e. allow the\n"
" Unix passwords to be sniffed on the network).\n"
@@ -440,23 +464,40 @@ void print_help(int mode) {
" since x11vnc does not make network connections in\n"
" that case. Be sure to use encryption from the viewer\n"
" to inetd. One can also have your own stunnel spawn\n"
-" x11vnc in -inetd mode.\n"
+" x11vnc in -inetd mode. See the FAQ.\n"
+"\n"
+" The user names in the comma separated [list] can have\n"
+" per-user options after a \":\", e.g. \"fred:opts\"\n"
+" where \"opts\" is a \"+\" separated list of\n"
+" \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n"
+" \"deny\", e.g. \"karl,fred:viewonly,boss:input=M\".\n"
+" For \"input=\" it is the K,M,B,C describe under -input.\n"
+"\n"
+" If a user in the list is \"*\" that means those options\n"
+" apply to all users. It also means all users are allowed\n"
+" to log in. Use \"deny\" to explicitly deny some users\n"
+" if you use \"*\" to set a global option.\n"
"\n"
"-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide an\n"
" encrypted SSL tunnel between viewers and x11vnc.\n"
" This requires stunnel be installed on the system and\n"
" available via PATH (n.b. stunnel is often installed in\n"
-" sbin directories). Version 4.x of stunnel is assumed.\n"
+" sbin directories). Version 4.x of stunnel is assumed;\n"
+" see -stunnel3 below.\n"
"\n"
" [pem] is optional, use \"-stunnel /path/to/stunnel.pem\"\n"
" to specify a PEM certificate file to pass to stunnel.\n"
+" Whether one is needed or not depends on your stunnel\n"
+" configuration.\n"
"\n"
-" stunnel is started up as a child process and any SSL\n"
-" connections it receives are decrypted and sent to x11vnc\n"
-" over a local socket. The strings \"The SSL VNC desktop\n"
-" is ...\" and SSLPORT=... are printed out at startup.\n"
+" stunnel is started up as a child process of x11vnc and\n"
+" any SSL connections stunnel receives are decrypted and\n"
+" sent to x11vnc over a local socket. The strings \"The\n"
+" SSL VNC desktop is ...\" and SSLPORT=... are printed\n"
+" out at startup.\n"
"\n"
-" The -localhost option is enforced by default. Set\n"
+" The -localhost option is enforced by default to\n"
+" avoid people routing around the SSL channel. Set\n"
" STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement.\n"
"\n"
" Your VNC viewer will need to be able to connect via SSL.\n"
@@ -470,7 +511,8 @@ void print_help(int mode) {
" %% vncviewer localhost:1\n"
"\n"
" For Windows, stunnel has been ported to it and there\n"
-" are probably other such tools available.\n"
+" are probably other such tools available. See the FAQ\n"
+" for more examples.\n"
"\n"
"-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of\n"
" version 4.x\n"
@@ -558,8 +600,9 @@ void print_help(int mode) {
"-gone string As -accept, except to run a user supplied command when\n"
" a client goes away (disconnects). RFB_MODE will be\n"
" set to \"gone\" and the other RFB_* variables are as\n"
-" in -accept. Unlike -accept, the command return code\n"
-" is not interpreted by x11vnc. Example: -gone 'xlock &'\n"
+" in -accept. The \"popup\" actions apply as well.\n"
+" Unlike -accept, the command return code is not\n"
+" interpreted by x11vnc. Example: -gone 'xlock &'\n"
"\n"
"-users list If x11vnc is started as root (say from inetd(1) or from\n"
" display managers xdm(1), gdm(1), etc), then as soon\n"
@@ -1766,6 +1809,8 @@ void print_help(int mode) {
" timeout:n reset -timeout to n, if there are\n"
" currently no clients, exit unless one\n"
" connects in the next n secs.\n"
+" filexfer enable filetransfer for new clients.\n"
+" nofilexfer disable filetransfer for new clients.\n"
/* access */
" http enable http client connections.\n"
" nohttp disable http client connections.\n"
@@ -2013,11 +2058,11 @@ void print_help(int mode) {
" truecolor notruecolor overlay nooverlay overlay_cursor\n"
" overlay_yescursor nooverlay_nocursor nooverlay_cursor\n"
" nooverlay_yescursor overlay_nocursor 8to24 no8to24\n"
-" 8to24_opts visual scale scale_cursor viewonly\n"
-" noviewonly shared noshared forever noforever once\n"
-" timeout filexfer deny lock nodeny unlock connect\n"
-" allowonce allow localhost nolocalhost listen lookup\n"
-" nolookup accept afteraccept gone shm noshm flipbyteorder\n"
+" 8to24_opts visual scale scale_cursor viewonly noviewonly\n"
+" shared noshared forever noforever once timeout filexfer\n"
+" nofilexfer deny lock nodeny unlock connect allowonce\n"
+" allow localhost nolocalhost listen lookup nolookup\n"
+" accept afteraccept gone shm noshm flipbyteorder\n"
" noflipbyteorder onetile noonetile solid_color solid\n"
" nosolid blackout xinerama noxinerama xtrap noxtrap\n"
" xrandr noxrandr xrandr_mode padgeom quiet q noquiet\n"
@@ -2056,15 +2101,15 @@ void print_help(int mode) {
" scale_str scaled_x scaled_y scale_numer scale_denom\n"
" scale_fac scaling_blend scaling_nomult4 scaling_pad\n"
" scaling_interpolate inetd privremote unsafe safer nocmds\n"
-" passwdfile using_shm logfile o flag rc norc h help V\n"
-" version lastmod bg sigpipe threads readrate netrate\n"
-" netlatency pipeinput clients client_count pid ext_xtest\n"
-" ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama\n"
-" ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin\n"
-" num_buttons button_mask mouse_x mouse_y bpp depth\n"
-" indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y\n"
-" cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd\n"
-"\n"
+" passwdfile unixpw unixpw_list stunnel stunnel_pem\n"
+" using_shm logfile o flag rc norc h help V version\n"
+" lastmod bg sigpipe threads readrate netrate netlatency\n"
+" pipeinput clients client_count pid ext_xtest ext_xtrap\n"
+" ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n"
+" ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n"
+" button_mask mouse_x mouse_y bpp depth indexed_color\n"
+" dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n"
+" coff_x coff_y rfbauth passwd viewpasswd\n"
"-QD variable Just like -query variable, but returns the default\n"
" value for that parameter (no running x11vnc server\n"
" is consulted)\n"