diff options
Diffstat (limited to 'x11vnc/misc/enhanced_tightvnc_viewer/bin/util')
3 files changed, 277 insertions, 26 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer index 31a8bb6..857cfce 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer @@ -112,7 +112,9 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer} # Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc. # -#set -xv +if [ "X$SS_DEBUG" != "X" ]; then + set -xv +fi PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH @@ -146,6 +148,10 @@ showcert="" reverse="" if [ "X$1" = "X-viewerflavor" ]; then + if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then + echo "unknown" + exit 0 + fi if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then echo "cotvnc" exit 0 @@ -167,6 +173,12 @@ if [ "X$1" = "X-viewerflavor" ]; then exit 0 fi +if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then + STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'` +elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then + STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'` +fi + # grab our cmdline options: while [ "X$1" != "X" ] do @@ -215,10 +227,6 @@ else fi if [ "X$reverse" != "X" ]; then ssh_sleep=1800 - if [ "X$use_ssh" = "X1" ]; then - VNCVIEWER_LISTEN_LOCALHOST=1 - export VNCVIEWER_LISTEN_LOCALHOST - fi if [ "X$proxy" != "X" ]; then if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then echo "" @@ -256,6 +264,15 @@ if echo "$orig" | grep '^vnc://' > /dev/null; then direct_connect=1 elif echo "$orig" | grep '^vncs://' > /dev/null; then orig=`echo "$orig" | sed -e 's,vncs://,,'` +elif echo "$orig" | grep '^vncssl://' > /dev/null; then + orig=`echo "$orig" | sed -e 's,vncssl://,,'` +elif echo "$orig" | grep '^vncssh://' > /dev/null; then + orig=`echo "$orig" | sed -e 's,vncssh://,,'` + use_ssh=1 +fi +if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then + VNCVIEWER_LISTEN_LOCALHOST=1 + export VNCVIEWER_LISTEN_LOCALHOST fi # play around with host:display port: @@ -264,6 +281,8 @@ if echo "$orig" | grep ':' > /dev/null; then else if [ "X$reverse" = "X" ]; then orig="$orig:0" + elif [ "X$orig" = "X" ]; then + orig=":0" fi fi @@ -295,11 +314,32 @@ fi date_sec=`date +%S` +if echo "$VNCVIEWERCMD" | grep '^sleep[ ][ ]*[0-9][0-9]*' > /dev/null; then + if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then + p=`echo "$VNCVIEWERCMD" | awk '{print $3}'` + if [ "X$p" != "X" ]; then + SS_VNCVIEWER_LISTEN_PORT=$p + fi + fi + p2=`echo "$VNCVIEWERCMD" | awk '{print $2}'` + VNCVIEWERCMD="eval sleep $p2; echo Local " +elif echo "$VNCVIEWERCMD" | grep '^xmessage[ ][ ]*[0-9][0-9]*' > /dev/null; then + if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then + p=`echo "$VNCVIEWERCMD" | awk '{print $2}'` + SS_VNCVIEWER_LISTEN_PORT=$p + fi +fi + findfree() { try0=$1 try=$try0 use0="" + if [ "X$SS_VNCVIEWER_LISTEN_PORT" != "X" ]; then + echo "$SS_VNCVIEWER_LISTEN_PORT" + return + fi + while [ $try -lt 6000 ] do if [ "X$inuse" = "X" ]; then @@ -763,10 +803,10 @@ if [ "X$direct_connect" != "X" ]; then echo "" echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode." echo "" - echo "$VNCVIEWERCMD" "$@" -listen $N + echo "$VNCVIEWERCMD" "$@" -listen $disp trap "final" 0 2 15 echo "" - $VNCVIEWERCMD "$@" -listen $N + $VNCVIEWERCMD "$@" -listen $disp fi exit $? fi diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl index b583c8e..2d79610 100755 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl @@ -3,7 +3,7 @@ exec wish "$0" "$@" # -# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com> +# Copyright (c) 2006-2007 by Karl J. Runge <runge@karlrunge.com> # # ssvnc.tcl: gui wrapper to the programs in this # package. Also sets up service port forwarding. @@ -270,14 +270,30 @@ proc help {} { 4) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right mouse button on the main GUI will invoke the Load Profile dialog. - 5) If you want to do a Direct VNC connection, with *NO* SSL or SSH - encryption, use the "vnc://" prefix, e.g. vnc://far-away.east:0 + 5) If you want to do a Direct VNC connection, WITH *NO* SSL OR SSH + ENCRYPTION, use the "vnc://" prefix, e.g. vnc://far-away.east:0 + This also works for reverse connections (see below). + + Sorry we do not make this easy to figure out how to do (e.g. a + button on the main panel), but the goal of SSVNC is secure + connections! 6) Reverse VNC connections are possible as well. Go to Options and select "Reverse VNC connection". In the 'VNC Host:Display' entry box put in the number (e.g. "0" or ":0") that corresponds to the Listening display (0 -> port 5500). See the Options Help for more info. + + 7) On Unix to have SSVNC act as a general STUNNEL redirector (i.e. no + VNC), put the the desired host:port in VNC Host:Display (use a + negative port value if it is to be less than 200), then go to + Options -> Advanced -> Change VNC Viewer. Change the "viewer" + command to be "xmessage OK" or "xmessage <port>" (or sleep) where + port is the desired local listening port. Then click Connect. + If you didn't set the local port look for it in the terminal output. + + On Windows set it to "NOTEPAD" or similar; you can't control + the port though. It is usually 5930. } .h.f.t insert end $msg @@ -476,12 +492,14 @@ set msg { over using a different port. In reverse connections mode be careful to protect the listening - vncviewer from direct connections (neither SSL nor SSH) + VNC Viewer from direct connections (neither SSL nor SSH) connecting directly to its listening port thereby bypassing - the tunnel. This can be done by a host-level firewall that only - lets in, say, port 5500. Or for SSH reverse connections allows - no 5500+n ports in. For SSH reverse connections the Unix viewers - supplied in the SSVNC package will only listen on localhost. + the tunnel. This can be done by a host-level firewall that + only lets in, say, port 5500 (the default one ":0" for stunnel + to listen on). Or for SSH reverse connections allow NO 5500+n + ports in. For reverse connections, the Unix enhanced tightvnc + viewers supplied in the SSVNC package will only listen on + localhost so these precautions are not needed. Note that for SSL connections use of "Proxy/Gateway" does not make sense: the remote side cannot initiate its reverse connection @@ -556,7 +574,7 @@ set msg { proc help_fetch_cert {} { toplev .fh - scroll_text_dismiss .fh.f 85 37 + scroll_text_dismiss .fh.f 85 35 center_win .fh wm resizable .fh 1 0 @@ -849,6 +867,7 @@ proc set_defaults {} { set vncauth_passwd "" ssl_ssh_adjust ssl + listen_adjust } proc do_viewer_windows {n} { @@ -929,6 +948,11 @@ proc do_viewer_windows {n} { incr did_listening_message global listening_name + set ln $listening_name + if {$ln == ""} { + set ln "this-computer:$n" + } + set msg " About to start the Listening VNC Viewer. @@ -938,13 +962,14 @@ proc do_viewer_windows {n} { The VNC server should then Reverse connect to: - $listening_name + $ln - To stop the Viewer: right click on the VNC Icon in the taskbar + To stop the Viewer: right click on the VNC Icon in the tray and select 'Close listening daemon' (or similar). You will then return to this GUI. + Click OK now to start the Listening VNC Viewer. " global use_ssh use_sshssl if {$use_ssh || $use_sshssl} { @@ -957,7 +982,7 @@ proc do_viewer_windows {n} { set wll_done 0 - eval text .wll.t -width 60 -height 18 $help_font + eval text .wll.t -width 60 -height 19 $help_font button .wll.d -text "OK" -command {destroy .wll; set wll_done 1} pack .wll.t .wll.d -side top -fill x @@ -973,7 +998,11 @@ proc do_viewer_windows {n} { vwait wll_done } } else { - append cmd " localhost:$n" + if [regexp {^[0-9][0-9]*$} $n] { + append cmd " localhost:$n" + } else { + append cmd " $n" + } } mesg $cmd @@ -2178,6 +2207,10 @@ proc direct_connect_msg {} { } if {$msg != ""} { set msg "Direct connect via vnc://hostname\nThe following options will be disabled:\n\n$msg" + global is_windows + if {0 && $is_windows} { + set msg "Direct connect mode: vnc://host:disp is not supported on Windows." + } raise . tk_messageBox -type ok -icon info -message $msg } @@ -2297,6 +2330,9 @@ proc fetch_cert_unix {hp} { } proc fetch_cert_windows {hp} { + + regsub {^vnc.*://} $hp "" hp + set hpnew [get_ssh_hp $hp] set proxy [get_ssh_proxy $hp] @@ -3048,6 +3084,22 @@ proc launch {{hp ""}} { } ############################################################## + if [regexp {vnc://} $hp] { + direct_connect_msg + regsub {vnc://} $hp "" hp + direct_connect_windows $hp + return + } elseif [regexp {vncs://} $hp] { + set use_ssl 1 + regsub {vncs://} $hp "" hp + } elseif [regexp {vncssl://} $hp] { + set use_ssl 1 + regsub {vncssl://} $hp "" hp + } elseif [regexp {vncssh://} $hp] { + set use_ssh 1 + regsub {vncssh://} $hp "" hp + } + check_ssh_needed if {! $use_ssh} { @@ -3366,6 +3418,120 @@ proc launch {{hp ""}} { } } +proc direct_connect_windows {{hp ""}} { + global tcl_platform is_windows + global env use_listen + + set proxy [get_ssh_proxy $hp] + + set did_port_knock 0 + + global listening_name + set listening_name "" + + set list [split $hp ":"] + + set host [lindex $list 0] + if {$host == ""} { + set host "localhost" + } + + if [regexp {^.*@} $host match] { + catch {raise .; update} + mesg "Trimming \"$match\" from hostname" + after 1000 + regsub {^.*@} $host "" host + } + + set disp [lindex $list 1] + set disp [string trim $disp] + regsub { .*$} $disp "" disp + if {[regexp {^-[0-9][0-9]*$} $disp]} { + ; + } elseif {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} { + set disp 0 + } + + if {$disp < 0} { + set port [expr "- $disp"] + } elseif {$disp < 200} { + if {$use_listen} { + set port [expr "$disp + 5500"] + } else { + set port [expr "$disp + 5900"] + } + } else { + set port $disp + } + + if {$proxy != ""} { + if [regexp {@} $proxy] { + bell + catch {raise .; update} + mesg "WARNING: SSL proxy contains \"@\" sign" + after 2000 + } + set n2 45 + + set env(SSVNC_PROXY) $proxy + set env(SSVNC_LISTEN) [expr "$n2 + 5900"] + set env(SSVNC_DEST) "$host:$port" + + set port [expr $n2 + 5900] + set host "localhost" + } + + set fail 0 + if {! $did_port_knock} { + if {! [do_port_knock $host start]} { + set fail 1 + } + set did_port_knock 1 + } + + if {$fail} { + return + } + + set proxy_pid "" + if {$proxy != ""} { + mesg "Starting TCP helper on port $port ..." + after 600 + set proxy_pid [exec "connect_br.exe" &] + unset -nocomplain env(SSVNC_PROXY) + unset -nocomplain env(SSVNC_LISTEN) + unset -nocomplain env(SSVNC_DEST) + } + + catch {destroy .o} + catch {destroy .oa} + wm withdraw . + + if {$use_listen} { + set n $port + if {$n >= 5500} { + set n [expr $n - 5500] + } + do_viewer_windows "$n" + } else { + if {$port >= 5900} { + set port [expr $port - 5900] + } + do_viewer_windows "$host:$port" + } + + wm deiconify . + + mesg "Disconnected from $hp." + + global port_knocking_list + if [regexp {FINISH} $port_knocking_list] { + do_port_knock $host finish + } + + mesg "Disconnected from $hp." +} + proc get_idir_certs {str} { global is_windows env set idir "" @@ -4599,7 +4765,7 @@ proc load_include {include dir} { } } -proc load_profile {{parent "."}} { +proc load_profile {{parent "."} {infile ""}} { global profdone global vncdisplay @@ -4607,8 +4773,12 @@ proc load_profile {{parent "."}} { set dir [get_profiles_dir] - set file [tk_getOpenFile -parent $parent -defaultextension ".vnc" \ - -initialdir $dir -title "Load VNC Profile"] + if {$infile != ""} { + set file $infile + } else { + set file [tk_getOpenFile -parent $parent -defaultextension \ + ".vnc" -initialdir $dir -title "Load VNC Profile"] + } if {$file == ""} { set profdone 1 return @@ -6637,7 +6807,7 @@ proc change_vncviewer_dialog {} { wm title .chviewer "Change VNC Viewer" global help_font - eval text .chviewer.t -width 90 -height 24 $help_font + eval text .chviewer.t -width 90 -height 29 $help_font apply_bg .chviewer.t set msg { @@ -6662,6 +6832,12 @@ proc change_vncviewer_dialog {} { Since the command line options differ between them greatly, if you know it is of the RealVNC 4.x flavor, indicate on the check box. Otherwise we guess. + + To have SSVNC act as a general STUNNEL redirector (no VNC) set the viewer to + be "xmessage OK" or "xmessage <port>" or "sleep n" or "sleep n <port>" (or + "NOTEPAD" on Windows). The default listen port is 5930. The destination is + set in "VNC Host:Display" (for a remote port less then 200 use the negative + of the port value). } .chviewer.t insert end $msg @@ -7625,8 +7801,9 @@ proc set_options {} { incr i checkbutton .o.b$i -anchor w -variable use_listen -text \ - "Reverse VNC Connection (-listen)" -command {listen_adjust} + "Reverse VNC Connection (-listen)" -command {listen_adjust; if {$vncdisplay == ""} {set vncdisplay ":0"}} #if {$is_windows} {.o.b$i configure -state disabled} + if {$darwin_cotvnc} {.o.b$i configure -state disabled} incr i checkbutton .o.b$i -anchor w -variable use_viewonly -text \ @@ -7868,6 +8045,7 @@ label .f2.l -width $wl -anchor w -text "Proxy/Gateway:" -relief ridge entry .f2.e -width $we -textvariable vncproxy pack .f2.l -side left pack .f2.e -side left -expand 1 -fill x +bind .f2.e <Return> launch frame .f3 label .f3.l -width $wl -anchor w -text "Remote SSH Command:" -relief ridge @@ -7876,6 +8054,7 @@ pack .f3.l -side left pack .f3.e -side left -expand 1 -fill x .f3.l configure -state disabled .f3.e configure -state disabled +bind .f3.e <Return> launch set remote_ssh_cmd_list {.f3.e .f3.l} @@ -7941,3 +8120,31 @@ bind .l <ButtonPress> {set button_gui_top 1} bind .f0.l <ButtonPress> {set button_gui_top 1} update + +if {$argc > 0} { + set item [lindex $argv 0] + if {$item != ""} { + if [file exists $item] { + load_profile . $item + } else { + set ok 0 + set dir [get_profiles_dir] + set try "$dir/$item" + foreach try [list $dir/$item $dir/$item.vnc] { + if [file exists $try] { + load_profile . $try + set ok 1 + break; + } + } + if {! $ok && [regexp {:} $item]} { + global vncdisplay + set vncdisplay $item + update + after 750 + launch + } + } + } +} + diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf index 8e5dd50..327327a 100644 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf +++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf @@ -6,6 +6,9 @@ # to manually start up stunnel using it. # (e.g. /path/to/stunnel stunnel-server.conf) # +# NOTE: You MUST specify a cert = PEM file line for server mode. +# SSVNC or x11vnc can be used to create one if you like. +# # This is just an example and is not used by the tools in this package. # It is here in case you wanted to see how to add SSL support to any # VNC server you have. @@ -18,7 +21,8 @@ RNDoverwrite = yes # CApath = /path/to/.../crt-dir # CAfile = /path/to/.../foo.crt # verify = 2 -# My server cert could go here: +# +# The server cert goes here (**IT MUST BE SPECIFIED IN SERVER MODE**): # cert = /path/to/.../my.pem # [vnc] |