diff options
Diffstat (limited to 'x11vnc/help.c')
-rw-r--r-- | x11vnc/help.c | 99 |
1 files changed, 72 insertions, 27 deletions
diff --git a/x11vnc/help.c b/x11vnc/help.c index 113e0ac..d31a038 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -402,9 +402,10 @@ void print_help(int mode) { " full-access passwords)\n" "\n" "-unixpw [list] Experimental option: use Unix username and password\n" -" authentication. x11vnc uses the su(1) program to\n" -" verify the user's password. [list] is an optional\n" -" comma separated list of allowed Unix usernames.\n" +" authentication. x11vnc uses the su(1) program to verify\n" +" the user's password. [list] is an optional comma\n" +" separated list of allowed Unix usernames. See below\n" +" for per-user options that can be applied.\n" "\n" " A familiar \"login:\" and \"Password:\" dialog is\n" " presented to the user on a black screen inside the\n" @@ -413,6 +414,22 @@ void print_help(int mode) { " send one before a 20 second timeout. Existing clients\n" " are view-only during this period.\n" "\n" +" Since the detailed behavior of su(1) can vary from\n" +" OS to OS and for local configurations, please test\n" +" the mode carefully on your systems before using it.\n" +" Try different combinations of valid/invalid usernames\n" +" and passwords.\n" +" \n" +" For example, on FreeBSD and the other BSD's and Tru64\n" +" it does not appear to be possible for the user running\n" +" x11vnc to validate his *own* password via su(1).\n" +" The x11vnc login will always fail in this case.\n" +" A possible workaround would be to start x11vnc as\n" +" root with the \"-users +nobody\" option to immediately\n" +" switch to user nobody. Another source of problems are\n" +" PAM modules that prompt for extra info, e.g. password\n" +" aging modules. These logins will always fail as well.\n" +"\n" " *IMPORTANT*: to prevent the Unix password being sent in\n" " *clear text* over the network, two x11vnc options are\n" " enforced: 1) -localhost and 2) -stunnel. The former\n" @@ -432,6 +449,13 @@ void print_help(int mode) { " user login (since Unix password or the user's public\n" " key authentication is used by ssh)\n" "\n" +" As a convenience, if you ssh(1) in and start x11vnc\n" +" it will look to see if the environment variable\n" +" SSH_CONNECTION is set and appears reasonable. If it\n" +" does, then the stunnel requirement is dropped since\n" +" it is assumed you are using ssh for the encrypted\n" +" tunnelling. Use -stunnel to force stunnel usage.\n" +"\n" " Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost\n" " requirement. One should never do this (i.e. allow the\n" " Unix passwords to be sniffed on the network).\n" @@ -440,23 +464,40 @@ void print_help(int mode) { " since x11vnc does not make network connections in\n" " that case. Be sure to use encryption from the viewer\n" " to inetd. One can also have your own stunnel spawn\n" -" x11vnc in -inetd mode.\n" +" x11vnc in -inetd mode. See the FAQ.\n" +"\n" +" The user names in the comma separated [list] can have\n" +" per-user options after a \":\", e.g. \"fred:opts\"\n" +" where \"opts\" is a \"+\" separated list of\n" +" \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n" +" \"deny\", e.g. \"karl,fred:viewonly,boss:input=M\".\n" +" For \"input=\" it is the K,M,B,C describe under -input.\n" +"\n" +" If a user in the list is \"*\" that means those options\n" +" apply to all users. It also means all users are allowed\n" +" to log in. Use \"deny\" to explicitly deny some users\n" +" if you use \"*\" to set a global option.\n" "\n" "-stunnel [pem] Use the stunnel(1) (www.stunnel.org) to provide an\n" " encrypted SSL tunnel between viewers and x11vnc.\n" " This requires stunnel be installed on the system and\n" " available via PATH (n.b. stunnel is often installed in\n" -" sbin directories). Version 4.x of stunnel is assumed.\n" +" sbin directories). Version 4.x of stunnel is assumed;\n" +" see -stunnel3 below.\n" "\n" " [pem] is optional, use \"-stunnel /path/to/stunnel.pem\"\n" " to specify a PEM certificate file to pass to stunnel.\n" +" Whether one is needed or not depends on your stunnel\n" +" configuration.\n" "\n" -" stunnel is started up as a child process and any SSL\n" -" connections it receives are decrypted and sent to x11vnc\n" -" over a local socket. The strings \"The SSL VNC desktop\n" -" is ...\" and SSLPORT=... are printed out at startup.\n" +" stunnel is started up as a child process of x11vnc and\n" +" any SSL connections stunnel receives are decrypted and\n" +" sent to x11vnc over a local socket. The strings \"The\n" +" SSL VNC desktop is ...\" and SSLPORT=... are printed\n" +" out at startup.\n" "\n" -" The -localhost option is enforced by default. Set\n" +" The -localhost option is enforced by default to\n" +" avoid people routing around the SSL channel. Set\n" " STUNNEL_DISABLE_LOCALHOST=1 to disable the requirement.\n" "\n" " Your VNC viewer will need to be able to connect via SSL.\n" @@ -470,7 +511,8 @@ void print_help(int mode) { " %% vncviewer localhost:1\n" "\n" " For Windows, stunnel has been ported to it and there\n" -" are probably other such tools available.\n" +" are probably other such tools available. See the FAQ\n" +" for more examples.\n" "\n" "-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of\n" " version 4.x\n" @@ -558,8 +600,9 @@ void print_help(int mode) { "-gone string As -accept, except to run a user supplied command when\n" " a client goes away (disconnects). RFB_MODE will be\n" " set to \"gone\" and the other RFB_* variables are as\n" -" in -accept. Unlike -accept, the command return code\n" -" is not interpreted by x11vnc. Example: -gone 'xlock &'\n" +" in -accept. The \"popup\" actions apply as well.\n" +" Unlike -accept, the command return code is not\n" +" interpreted by x11vnc. Example: -gone 'xlock &'\n" "\n" "-users list If x11vnc is started as root (say from inetd(1) or from\n" " display managers xdm(1), gdm(1), etc), then as soon\n" @@ -1766,6 +1809,8 @@ void print_help(int mode) { " timeout:n reset -timeout to n, if there are\n" " currently no clients, exit unless one\n" " connects in the next n secs.\n" +" filexfer enable filetransfer for new clients.\n" +" nofilexfer disable filetransfer for new clients.\n" /* access */ " http enable http client connections.\n" " nohttp disable http client connections.\n" @@ -2013,11 +2058,11 @@ void print_help(int mode) { " truecolor notruecolor overlay nooverlay overlay_cursor\n" " overlay_yescursor nooverlay_nocursor nooverlay_cursor\n" " nooverlay_yescursor overlay_nocursor 8to24 no8to24\n" -" 8to24_opts visual scale scale_cursor viewonly\n" -" noviewonly shared noshared forever noforever once\n" -" timeout filexfer deny lock nodeny unlock connect\n" -" allowonce allow localhost nolocalhost listen lookup\n" -" nolookup accept afteraccept gone shm noshm flipbyteorder\n" +" 8to24_opts visual scale scale_cursor viewonly noviewonly\n" +" shared noshared forever noforever once timeout filexfer\n" +" nofilexfer deny lock nodeny unlock connect allowonce\n" +" allow localhost nolocalhost listen lookup nolookup\n" +" accept afteraccept gone shm noshm flipbyteorder\n" " noflipbyteorder onetile noonetile solid_color solid\n" " nosolid blackout xinerama noxinerama xtrap noxtrap\n" " xrandr noxrandr xrandr_mode padgeom quiet q noquiet\n" @@ -2056,15 +2101,15 @@ void print_help(int mode) { " scale_str scaled_x scaled_y scale_numer scale_denom\n" " scale_fac scaling_blend scaling_nomult4 scaling_pad\n" " scaling_interpolate inetd privremote unsafe safer nocmds\n" -" passwdfile using_shm logfile o flag rc norc h help V\n" -" version lastmod bg sigpipe threads readrate netrate\n" -" netlatency pipeinput clients client_count pid ext_xtest\n" -" ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama\n" -" ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin\n" -" num_buttons button_mask mouse_x mouse_y bpp depth\n" -" indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y\n" -" cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd\n" -"\n" +" passwdfile unixpw unixpw_list stunnel stunnel_pem\n" +" using_shm logfile o flag rc norc h help V version\n" +" lastmod bg sigpipe threads readrate netrate netlatency\n" +" pipeinput clients client_count pid ext_xtest ext_xtrap\n" +" ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay\n" +" ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons\n" +" button_mask mouse_x mouse_y bpp depth indexed_color\n" +" dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y\n" +" coff_x coff_y rfbauth passwd viewpasswd\n" "-QD variable Just like -query variable, but returns the default\n" " value for that parameter (no running x11vnc server\n" " is consulted)\n" |