diff options
Diffstat (limited to 'x11vnc/misc')
5 files changed, 0 insertions, 7712 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_tightvncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_tightvncviewer deleted file mode 100755 index 3f0de56..0000000 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_tightvncviewer +++ /dev/null @@ -1,158 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com> -# -# ssl_tightvncviewer: -# -# A wrapper that calls ssl_vncviewer to use the enhanced TightVNC viewer. -# -# The enhanced TightVNC viewer features are: -# -# - SSL support for connections using the co-bundled stunnel program. -# - rfbNewFBSize VNC support (screen resizing) -# - cursor alphablending with x11vnc at 32bpp -# - xgrabserver support for fullscreen mode (for old window mgrs) -# -# -# Your platform (e.g. Linux.i686) is autodetected and enhanced -# vncviewer and stunnel binaries for it are used (see the ./bin directory). -# -# See the build.unix script if your platform is not in this package. -# You can also set the env. var. UNAME=os.arch to any "os.arch" you want -# to override the autodetetion. -# -# Usage: -# -# ssl_tightvncviewer [ssl_vncviewer-args] hostname:N [tightvncviewer-args] -# -# "hostname:N" is the host and VNC display to connect to, e.g. snoopy:0 -# -# See the script util/ssl_vncviewer for details about its arguments: -# -# -verify pemfile -# -mycert pemfile -# -proxy phost:pport -# -alpha -# -grab -# -# -# If the *very first* argument is "-cotvnc" then it is assumed you are on -# Darwin and want to run the Chicken of the VNC viewer via our wrapper. -# -# -# See the TightVNC viewer documentation for on its cmdline arguments. -# -# For convenience, here is the current (7/2006) TightVNC viewer -help output: -# -# TightVNC viewer version 1.3dev5 -# -# Usage: vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>] -# vncviewer [<OPTIONS>] [<HOST>][::<PORT#>] -# vncviewer [<OPTIONS>] -listen [<DISPLAY#>] -# vncviewer -help -# -# <OPTIONS> are standard Xt options, or: -# -via <GATEWAY> -# -shared (set by default) -# -noshared -# -viewonly -# -fullscreen -# -noraiseonbeep -# -passwd <PASSWD-FILENAME> (standard VNC authentication) -# -user <USERNAME> (Unix login authentication) -# -encodings <ENCODING-LIST> (e.g. "tight copyrect") -# -bgr233 -# -owncmap -# -truecolour -# -depth <DEPTH> -# -compresslevel <COMPRESS-VALUE> (0..9: 0-fast, 9-best) -# -quality <JPEG-QUALITY-VALUE> (0..9: 0-low, 9-high) -# -nojpeg -# -nocursorshape -# -x11cursor -# -autopass -# -# Option names may be abbreviated, e.g. -bgr instead of -bgr233. -# See the manual page for more information. -# - -if [ "X$1" = "X-h" -o "X$1" = "X-help" -o "X$1" = "X--help" ]; then - head -76 "$0" | grep -v bin/sh - exit -fi - -# Include /usr/bin... to be sure to get regular utilities: -# -PATH=$PATH:/usr/bin:/bin -export PATH - -# Set this for ssl_vncviewer to pick up: -# -use_ours=0 -if [ "X$1" = "X-cotvnc" ]; then - shift - DARWIN_COTVNC=1 - export DARWIN_COTVNC -fi -if [ "X$VNCVIEWERCMD" = "X" ]; then - VNCVIEWERCMD="vncviewer" - export VNCVIEWERCMD - if [ "X$DARWIN_COTVNC" = "X" ]; then - use_ours=1 - fi -fi - -# work out os.arch platform string and check for binaries: -# -name=$UNAME -if [ "X$name" = "X" ]; then - name=`uname -sm | sed -e 's/ /./g'` -fi - -f="$0" -for t in 1 2 3 4 5 -do - if [ -L "$f" ]; then - f0="$f" - f=`ls -l "$f" | sed -e 's/^.* -> //'` - if echo "$f" | grep '^/' > /dev/null; then - : - else - f="`dirname "$f0"`/$f" - fi - else - break - fi -done -dir=`dirname "$f"` - -if [ ! -d "$dir/$name" ]; then - echo "cannot find platform dir: $dir/$name for your OS:" - uname -sm - echo "you can set the \$UNAME env. var. to override the setting." - exit 1 -fi - -# Put our os.arch and other utils dirs at head of PATH to be sure to -# pick them up: -# -PATH="$dir:$dir/$name:$dir/util:$PATH" -if echo "$dir" | grep '^/' > /dev/null; then - : -else - dir=`pwd`/$dir - PATH="$dir:$dir/$name:$dir/util:$PATH" -fi - -STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"} -export STUNNEL_EXTRA_OPTS - -# If ours (and not cotvnc), force the use of tight encoding for localhost -# redir connection: -# -# -if [ $use_ours = 1 ]; then - ssl_vncviewer "$@" -encodings 'copyrect tight zrle zlib hextile' -else - ssl_vncviewer "$@" -fi diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_vnc_gui b/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_vnc_gui deleted file mode 100755 index a077054..0000000 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/ssl_vnc_gui +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com> -# -# ssl_vnc_gui: -# -# A wrapper for ssl_tightvncviewer using a tcl/tk gui. -# -# See ssl_tightvncviewer for details. -# -if [ "X$XTERM_PRINT" != "X" ]; then - XTERM_PRINT="" - cat > /dev/null -fi -if [ "X$1" = "X-bg" ]; then - shift - $0 "$@" & - exit 0 -fi - -PATH=$PATH:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin -export PATH - - -SSL_VNC_GUI_CMD="$0 $*" -export SSL_VNC_GUI_CMD -SSL_VNC_LAUNCH=$SSL_VNC_GUI_CMD -export SSL_VNC_LAUNCH - -# work out os.arch platform string and check for binaries: -# -name=$UNAME -if [ "X$name" = "X" ]; then - name=`uname -sm | sed -e 's/ /./g'` -fi - -f="$0" -for t in 1 2 3 4 5 -do - if [ -L "$f" ]; then - f0="$f" - f=`ls -l "$f" | sed -e 's/^.* -> //'` - if echo "$f" | grep '^/' > /dev/null; then - : - else - f="`dirname "$f0"`/$f" - fi - else - break - fi -done -dir=`dirname "$f"` - -if [ ! -d "$dir/$name" ]; then - echo "cannot find platform dir: $dir/$name for your OS:" - uname -sm - echo "you can set the \$UNAME env. var. to override the setting." - exit 1 -fi - -# Put our os.arch and other utils dirs at head of PATH to be sure to -# pick them up: -# -PATH="$dir:$dir/$name:$dir/util:$PATH" -if echo "$dir" | grep '^/' > /dev/null; then - : -else - dir=`pwd`/$dir - PATH="$dir:$dir/$name:$dir/util:$PATH" -fi - -SSL_VNC_BASEDIR="$dir" -export SSL_VNC_BASEDIR - -STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"} -export STUNNEL_EXTRA_OPTS - -exec ssl_tightvncviewer.tcl "$@" diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/tightvncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/tightvncviewer deleted file mode 100755 index e4be75d..0000000 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/tightvncviewer +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com> -# -# tightvncviewer: -# -# A wrapper that calls the enhanced TightVNC viewer. -# -# The enhanced TightVNC viewer features are: -# -# - SSL support for connections using the co-bundled stunnel program. -# - rfbNewFBSize VNC support (screen resizing) -# - cursor alphablending with x11vnc at 32bpp -# - xgrabserver support for fullscreen mode (for old window mgrs) -# -# -# Your platform (e.g. Linux.i686) is autodetected and enhanced -# vncviewer and stunnel binaries for it are used (see the ./bin directory). -# -# See the build.unix script if your platform is not in this package if -# you want to build one. -# -# See the build.unix script if your platform is not in this package if you want to build one. -# You can also set the env. var. UNAME=os.arch to any "os.arch" you want -# to override the autodetetion. -# -# Usage: -# -# tightvncviewer [tightvncviewer-args] hostname:N -# or -# tightvncviewer -ssl hostname:N [tightvncviewer-args] -# -# "hostname:N" is the host and VNC display to connect to, e.g. snoopy:0 -# -# If the *very first* argument is "-cotvnc" then it is assumed you are on -# Darwin and want to run the Chicken of the VNC viewer via our wrapper. -# -# If the next argument is "-ssl" then ssl_tightvncviewer is called -# instead. See that script for details. -# -# See the TightVNC viewer documentation for on its cmdline arguments. -# -# For convenience, here is the current (7/2006) TightVNC viewer -help output: -# -# TightVNC viewer version 1.3dev5 -# -# Usage: vncviewer [<OPTIONS>] [<HOST>][:<DISPLAY#>] -# vncviewer [<OPTIONS>] [<HOST>][::<PORT#>] -# vncviewer [<OPTIONS>] -listen [<DISPLAY#>] -# vncviewer -help -# -# <OPTIONS> are standard Xt options, or: -# -via <GATEWAY> -# -shared (set by default) -# -noshared -# -viewonly -# -fullscreen -# -noraiseonbeep -# -passwd <PASSWD-FILENAME> (standard VNC authentication) -# -user <USERNAME> (Unix login authentication) -# -encodings <ENCODING-LIST> (e.g. "tight copyrect") -# -bgr233 -# -owncmap -# -truecolour -# -depth <DEPTH> -# -compresslevel <COMPRESS-VALUE> (0..9: 0-fast, 9-best) -# -quality <JPEG-QUALITY-VALUE> (0..9: 0-low, 9-high) -# -nojpeg -# -nocursorshape -# -x11cursor -# -autopass -# -# Option names may be abbreviated, e.g. -bgr instead of -bgr233. -# See the manual page for more information. -# - -if [ "X$1" = "X-h" -o "X$1" = "X-help" -o "X$1" = "X--help" ]; then - head -76 "$0" | grep -v bin/sh - exit -fi - -# Include /usr/bin... to be sure to get regular utilities: -# -PATH=$PATH:/usr/bin:/bin -export PATH - -# Set this for ssl_vncviewer to pick up: -# -use_ours=0 -if [ "X$1" = "X-cotvnc" ]; then - shift - DARWIN_COTVNC=1 - export DARWIN_COTVNC -fi -if [ "X$VNCVIEWERCMD" = "X" ]; then - VNCVIEWERCMD="vncviewer" - export VNCVIEWERCMD - if [ "X$DARWIN_COTVNC" = "X" ]; then - use_ours=1 - fi -fi - -# work out os.arch platform string and check for binaries: -# -name=$UNAME -if [ "X$name" = "X" ]; then - name=`uname -sm | sed -e 's/ /./g'` -fi - -f="$0" -for t in 1 2 3 4 5 -do - if [ -L "$f" ]; then - f0="$f" - f=`ls -l "$f" | sed -e 's/^.* -> //'` - if echo "$f" | grep '^/' > /dev/null; then - : - else - f="`dirname "$f0"`/$f" - fi - else - break - fi -done -dir=`dirname "$f"` - -if [ ! -d "$dir/$name" ]; then - echo "cannot find platform dir: $dir/$name for your OS:" - uname -sm - echo "you can set the \$UNAME env. var. to override the setting." - exit 1 -fi - -# Put our os.arch and other utils dirs at head of PATH to be sure to -# pick them up: -# -PATH="$dir:$dir/$name:$dir/util:$PATH" -if echo "$dir" | grep '^/' > /dev/null; then - : -else - dir=`pwd`/$dir - PATH="$dir:$dir/$name:$dir/util:$PATH" -fi - -STUNNEL_EXTRA_OPTS=${STUNNEL_EXTRA_OPTS:-"maxconn = 1"} -export STUNNEL_EXTRA_OPTS - -if [ "X$1" = "X-ssl" ]; then - shift - ssl_tightvncviewer "$@" - exit $? -fi - -# Force the use of tight encoding for localhost redir connection: -# -# If ours (and not doing cotvnc), force the use of tight encoding for -# the connection: -# -if [ $use_ours = 1 ]; then - "$VNCVIEWERCMD" -encodings 'copyrect tight zrle zlib hextile' "$@" -else - "$VNCVIEWERCMD" "$@" -fi diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl deleted file mode 100755 index b7a083a..0000000 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_tightvncviewer.tcl +++ /dev/null @@ -1,6675 +0,0 @@ -#!/bin/sh -# the next line restarts using wish \ -exec wish "$0" "$@" - -# -# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com> -# -# ssl_tightvncviewer.tcl: gui wrapper to the , etc. programs in this -# ssl_tightvncviewerpackage. Also sets up service port forwarding. -# - -set buck_zero $argv0 - -proc center_win {w} { - set W [winfo screenwidth $w] - set W [expr $W + 1] - wm geometry $w +$W+0 - update - set x [expr [winfo screenwidth $w]/2 - [winfo width $w]/2] - set y [expr [winfo screenheight $w]/2 - [winfo height $w]/2] - wm geometry $w +$x+$y - update -} - -proc apply_bg {w} { - global is_windows system_button_face - if {$is_windows && $system_button_face != ""} { - catch {$w configure -bg "$system_button_face"} - } -} - -proc scroll_text {fr {w 80} {h 35}} { - global help_font is_windows scroll_text_focus - - catch {destroy $fr} - - frame $fr -bd 0 - - eval text $fr.t -width $w -height $h $help_font \ - -setgrid 1 -bd 2 -yscrollcommand {"$fr.y set"} -relief ridge - - apply_bg $fr.t - - scrollbar $fr.y -orient v -relief sunken -command "$fr.t yview" - pack $fr.y -side right -fill y - pack $fr.t -side top -fill both -expand 1 - - if {$scroll_text_focus} { - focus $fr.t - } -} - -proc scroll_text_dismiss {fr {w 80} {h 35}} { - global help_font - - scroll_text $fr $w $h - - set up $fr - regsub {\.[^.]*$} $up "" up - - button $up.d -text "Dismiss" -command "destroy $up" - bind $up <Escape> "destroy $up" - pack $up.d -side bottom -fill x - pack $fr -side top -fill both -expand 1 -} - -proc help {} { - catch {destroy .h} - toplevel .h - - scroll_text_dismiss .h.f - - center_win .h - wm title .h "SSL TightVNC Viewer Help" - - set msg { - Enter the VNC host and display in the 'VNC Host:Display' entry box. - - It is of the form "host:number", where "host" is the hostname of the - machine running the VNC Server and "number" is the VNC display number; - it is often "0". Examples: - - snoopy:0 - far-away.east:0 - sunray-srv1.west:17 - 24.67.132.27:0 - - Then click on "Connect". When you do so the STUNNEL program will be - started locally to provide you with an outgoing SSL tunnel. - - Once the STUNNEL is running, the TightVNC Viewer will be automatically - started directed to the local SSL tunnel which, in turn, encrypts and - redirects the connection to the remote VNC server. - - The remote VNC server must support an initial SSL handshake before - using the VNC protocol (i.e. VNC is tunnelled through the SSL channel - after it is established). "x11vnc -ssl ..." does this, and any VNC - server can be made to do this by using, e.g., STUNNEL on the remote side. - - Click on "Options ..." if you want to use an *SSH* tunnel instead of - SSL (then the VNC Server does not need to speak SSL or use STUNNEL). - - - Note that on Windows when the Viewer connection is finished you may - need to terminate STUNNEL manually from the System Tray (right click - on dark green icon) and selecting "Exit". - - - Proxies: If an intermediate proxy is needed to make the SSL connection - (e.g. web gateway out of a firewall), supply both hosts separated - by spaces (with the proxy second): - - host:number gwhost:port - - E.g.: far-away.east:0 mygateway.com:8080 - - If the "double proxy" case is required (e.g. coming out of a web - proxied firewall environment), separate them via a comma, e.g.: - - far-away:0 local-proxy:8080,mygateway.com:443 - - See the ssl_vncviewer description and x11vnc FAQ for info on proxies: - - http://www.karlrunge.com/x11vnc/#ssl_vncviewer - http://www.karlrunge.com/x11vnc/#faq-ssl-java-viewer-proxy - - - If you want to use a SSL Certificate (PEM) file to authenticate yourself - to the VNC server ("MyCert") or to verify the identity of the VNC Server - ("ServerCert" or "CertsDir") select the certificate file by clicking - the "Certs ..." button before connecting. - - Certificate verification is needed to prevent Man In the Middle attacks. - See the x11vnc documentation: - - http://www.karlrunge.com/x11vnc/ssl.html - - for how to create and use PEM SSL certificate files. An easy way is: - - x11vnc -ssl SAVE ... - - where it will print out its automatically generated certificate to - the screen and that can be safely copied to the viewer side. - - You can also use the "Create Certificate" feature of this program - under "Certs ...". Just click on it and follow the instructions in - the dialog. Then copy the cert file to the VNC Server and specify the - other one in the "Certs ..." dialog. Alternatively you can use the - "Import Certificate" action to paste in a certificate or read one in - from a file. - - - To set other Options, e.g. to use SSH instead of STUNNEL SSL, - click on the "Options ..." button and read the Help there. - - To load in a saved Options profile, click on the "Load" button. - - See these links for more information: - - http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-ext - http://www.stunnel.org - http://www.tightvnc.com - - - Tips and Tricks: - - 1) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N - on the GUI. If only the xterm window is visible you can press - Ctrl-N or try Ctrl-LeftButton -> New SSL_VNC_GUI. On Windows you - will have to manually Start a new one: Start -> Run ..., etc. - - 2) If you use "user@hostname cmd=SHELL" then you get an SSH shell only: - no VNC viewer will be launched. On Windows "user@hostname cmd=PUTTY" - will try to use putty.exe (better terminal emulation than - plink.exe). A shortcut for this is Ctrl-S as long as user@hostname - is present in the entry box. - - 3) If you use "user@hostname cmd=KNOCK" then only the port-knocking - is performed. A shortcut for this is Ctrl-P as long as hostname - is present in the entry box. If it matches cmd=KNOCKF, i.e. an - extra "F", then the port-knocking "FINISH" sequence is sent, if any. - A shortcut for this Shift-Ctrl-P as long as hostname is present. - - 4) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right - mouse button on the main GUI will invoke the Load Profile dialog. - - 5) If you want to do a Direct VNC connection, with *NO* SSL or SSH - encryption, use the "vnc://" prefix, e.g. vnc://far-away.east:0 - -} - - .h.f.t insert end $msg -} - -proc help_certs {} { - catch {destroy .ch} - toplevel .ch - - scroll_text_dismiss .ch.f 90 33 - - center_win .ch - wm resizable .ch 1 0 - - wm title .ch "SSL Certificates Help" - - set msg { - Only with SSL Certificate verification can Man In the Middle attacks be - prevented. Otherwise, only passive snooping attacks are prevented with SSL. - - The SSL Certificate files described below can have been created externally - (e.g. by x11vnc), you can import it via "Import Certificate" if you like. - OR you can click on "Create Certificate ..." to use this program to generate a - Certificate + Private Key pair. In that case you will need to distribute one - of the generated files to the VNC Server. - - - Your Certificate + Key: - - You can specify your own SSL certificate (PEM) file in "MyCert" in which case it - is used to authenticate you (the viewer) to the remote VNC Server. If this fails - the remote VNC Server will drop the connection. - - - Server Certificates: - - Server certs can be specified in one of two ways: - - - A single certificate (PEM) file for a single server - or a single Certificate Authority (CA) - - - A directory of certificate (PEM) files stored in - the special OpenSSL hash fashion. - - The former is set via "ServerCert" in this gui. - The latter is set via "CertsDir" in this gui. - - The former corresponds to the "CAfile" STUNNEL parameter. - The latter corresponds to the "CApath" STUNNEL parameter. - See stunnel(8) or www.stunnel.org for more information. - - If the remote VNC Server fails to authenticate itself with respect to the specified - certificate(s), then the VNC Viewer (your side) will drop the connection. - - - Select which file or directory by clicking on the appropriate "Browse..." button. - Once selected, if you click the Right Mouse button on the "Browse..." button then - information about the certificate will be displayed. - - If "Use SSH instead" has been selected then SSL certs are disabled. - - See the x11vnc and STUNNEL documentation for how to create and use PEM - certificate files: - - http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-ext - http://www.karlrunge.com/x11vnc/ssl.html - http://www.stunnel.org - - A common way to create and use a VNC Server certificate is: - - x11vnc -ssl SAVE ... - - and then copy the Server certificate to the local (viewer-side) machine. - x11vnc prints out to the screen the Server certificate it generates. - You can set "ServerCert" to it directly or use the "Import Certificate" - action to save it to a file. - - x11vnc also has command line utilities to create server, client, and CA - (Certificate Authority) certificates. See the above URLs. -} - - .ch.f.t insert end $msg -} - -proc help_opts {} { - catch {destroy .oh} - toplevel .oh - - scroll_text_dismiss .oh.f - - center_win .oh - - wm title .oh "SSL Viewer Options Help" - -set msg { - Use SSH: Instead of using STUNNEL SSL, use ssh(1) for the encrypted - tunnel. You must be able to log in via ssh to the remote host. - - On Unix the cmdline ssh(1) program will be run in an xterm - for passphrase authentication, etc. On Windows the cmdline - plink.exe program will be launched in a Windows Console window. - - You can set the "VNC Host:Display" to "user@host:disp" to indicate - ssh should log in as "user" on "host". NOTE: On Windows you MUST - always supply the "user@" part (due to a plink deficiency). E.g.: - - fred@far-away.east:0 - - If an intermediate gateway machine must be used (e.g. to enter - a firewall; the VNC Server is not running on it), put something - like this in the "VNC Host:Display" entry box: - - workstation:0 user@gateway-host:port - - ssh is used to login to user@gateway-host and then a -L port - redirection is set up to go to workstation:0 from gateway-host. - ":port" is optional, use it if the gateway-host SSH port is - not the default value 22. - - One can also do a "double ssh", i.e. a first SSH to the - gateway login machine then a 2nd ssh to the destination machine - (presumably it is running the vnc server). Unlike the above - example, the "last leg" (gateway-host -> workstation) is also - encrypted by SSH this way. Do this by splitting the gateway - in two with a comma, the part before it is the first SSH: - - :0 user@gateway-host:port,user@workstation:port - - - At the very end of the entry box, you can also append a - cmd=... string to indicate that command should be run via ssh - on the remote machine instead of the default "sleep 15". E.g.: - - user@host:0 cmd=x11vnc -nopw -display :0 - - (if a gateway is also needed, put it just before the cmd=...) - - - Trick: If you use "cmd=SHELL" then you get an SSH shell only: - no VNC viewer will be launched. On Windows "cmd=PUTTY" will - try to use putty.exe (better terminal emulation than plink.exe) - A shortcut for this is Ctrl-S as long as user@hostname is present. - - Use SSH and SSL: Tunnel the SSL connection through a SSH tunnel. Use this - if you want end-to-end SSL and must use a SSH gateway (e.g. to - enter a firewall) or if additional SSH port redirs are required - (CUPS, Sound, SMB tunnelling: See Advanced options). - - - Putty PW: On Windows only: use the supplied password for plink SSH logins. - Unlike the other options the value is not saved when 'Save - Profile' is performed. This feature useful when options under - "Advanced" are set that require TWO SSH's: you just have - to type the password once in this entry box. The bundled - pagent.exe and puttygen.exe programs can also be used to avoid - repeatedly entering passwords (note this requires setting up - and distributing SSH keys). Start up pagent.exe or puttygen.exe - and read the instructions there. - - ssh-agent: On Unix only: restart the GUI in the presence of ssh-agent(1) - (e.g. in case you forgot to start your agent before starting - this GUI). An xterm will be used to enter passphrases, etc. - This can avoid repeatedly entering passphrases for the - SSH logins (note this requires setting up and distributing - SSH keys). - - - View Only: Have VNC Viewer ignore mouse and keyboard input. - - Fullscreen: Start the VNC Viewer in fullscreen mode. - - Raise On Beep: Deiconify viewer when bell rings. - - Use 8bit color: Request a very low-color pixel format. - - Cursor Alphablending: Use the x11vnc alpha hack for translucent cursors - (requires Unix, 32bpp and same endianness) - - Use XGrabServer: On Unix only, use the XGrabServer workaround for - old window managers. - - Do not use JPEG: Do not use the jpeg aspect of the tight encoding. - - Compress Level/Quality: Set TightVNC encoding parameters. - - Save and Load: You can Save the current settings by clicking on Save - Profile (.vnc file) and you can also read in a saved one - with Load Profile. Use the Browse... button to select - the filename via the GUI. - - Pressing Ctrl-L or Clicking the Right mouse button on - the main GUI will invoke the Load Profile dialog. - - Note: On Windows since the TightVNC Viewer will save - its own settings in the registry, some unexpected - behavior is possible because the viewer is nearly - always directed to the VNC host "localhost:30". E.g. if - you specify "View Only" in this gui once but not next - time the Windows VNC Viewer may remember the setting. - Unfortunately there is not a /noreg option for the Viewer. - - - Clear Options: Set all options to their defaults (i.e. unset). - - Advanced: Bring up the Advanced options dialog. -} - .oh.f.t insert end $msg -} - -proc win_nokill_msg {} { - global help_font is_windows system_button_face - catch {destroy .w} - toplevel .w - - eval text .w.t -width 60 -height 11 $help_font - button .w.d -text "Dismiss" -command {destroy .w} - pack .w.t .w.d -side top -fill x - - apply_bg .w.t - - center_win .w - wm resizable .w 1 0 - - wm title .w "SSL Viewer: Warning" - - set msg { - The TightVNC Viewer has exited. - - You will need to terminate STUNNEL manually. - - To do this go to the System Tray and right-click on the STUNNEL - icon (dark green). Then click "Exit". - - You can also double click on the STUNNEL icon to view the log - for error messages and other information. -} - .w.t insert end $msg -} - -proc win_kill_msg {pids} { - global terminate_pids - global help_font - catch {destroy .w} - toplevel .w - - eval text .w.t -width 72 -height 19 $help_font - button .w.d -text "Dismiss" -command {destroy .w; set terminate_pids no} - button .w.k -text "Terminate STUNNEL" -command {destroy .w; set terminate_pids yes} - pack .w.t .w.k .w.d -side top -fill x - - apply_bg .w.t - - center_win .w - wm resizable .w 1 0 - - wm title .w "SSL Viewer: Warning" - - set msg { - The TightVNC Viewer has exited. - - We can terminate the following still running STUNNEL process(es): - -} - append msg " $pids\n" - - append msg { - Click on the "Terminate STUNNEL" button below to do so. - - Before terminating STUNNEL you can double click on the STUNNEL - Tray icon to view its log for error messages and other information. - - Note: You may STILL need to terminate STUNNEL manually if we are - unable to kill it. To do this go to the System Tray and right-click - on the STUNNEL icon (dark green). Then click "Exit". You will - probably also need to hover the mouse over the STUNNEL Tray Icon to - make the Tray notice STUNNEL is gone... -} - .w.t insert end $msg -} - -proc win9x_plink_msg {file} { - catch {destroy .pl} - global help_font win9x_plink_msg_done - toplevel .pl - - eval text .pl.t -width 90 -height 26 $help_font - button .pl.d -text "OK" -command {destroy .pl; set win9x_plink_msg_done 1} - wm protocol .pl WM_DELETE_WINDOW {catch {destroy .pl}; set win9x_plink_msg_done 1} - pack .pl.t .pl.d -side top -fill x - - apply_bg .pl.t - - center_win .pl - wm resizable .pl 1 0 - - wm title .pl "SSL Viewer: Win9x Warning" - - set msg { - Due to limitations on Window 9x you will have to manually start up - a COMMAND.COM terminal and paste in the following command: - -} - set pwd [pwd] - regsub -all {/} $pwd "\\" pwd - append msg " $pwd\\$file\n" - - append msg { - The reason for this is a poor Console application implementation that - affects many text based applications. - - To start up a COMMAND.COM terminal, click on the Start -> Run, and then - type COMMAND in the entry box and hit Return or click OK. - - To select the above command, highlight it with the mouse and then press - Ctrl-C. Then go over to the COMMAND.COM window and click on the - Clipboard paste button. Once pasted in, press Return to run the script. - - This will start up a PLINK.EXE ssh login to the remote computer, - and after you log in successfully and indicate (QUICKLY!!) that the - connection is OK by clicking OK in this dialog. If the SSH connection - cannot be autodetected you will ALSO need to click "Success" in the - "plink ssh status?" dialog, the VNC Viewer will be started going - through the SSH tunnel. -} - .pl.t insert end $msg - wm deiconify .pl -} - -proc mesg {str} { - set maxx 53 - if {[string length $str] > $maxx} { - set str [string range $str 0 $maxx] - append str " ..." - } - .l configure -text $str - update -} - -proc get_ssh_hp {str} { - set str [string trim $str] - regsub {[ ].*$} $str "" str - return $str -} - -proc get_ssh_cmd {str} { - set str [string trim $str] - if [regexp {cmd=(.*$)} $str m cmd] { - set cmd [string trim $cmd] - regsub -nocase {^%x11vncr$} $cmd "x11vnc -nopw -display none -rawfb rand" cmd - regsub -nocase {^%x11vnc$} $cmd "x11vnc -nopw -display none -rawfb null" cmd - return $cmd - } else { - return "" - } -} - -proc get_ssh_proxy {str} { - set str [string trim $str] - regsub {cmd=(.*$)} $str "" str - set str [string trim $str] - if { ![regexp {[ ]} $str]} { - return "" - } - regsub {^.*[ ][ ]*} $str "" str - return $str -} - -proc set_defaults {} { - global defs - - global mycert svcert crtdir - global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233 - global use_nojpeg use_raise_on_beep use_compresslevel use_quality - global compresslevel_text quality_text - global use_cups use_sound use_smbmnt - global cups_local_server cups_remote_port cups_manage_rcfile - global cups_local_smb_server cups_remote_smb_port - global change_vncviewer change_vncviewer_path vncviewer_realvnc4 - global additional_port_redirs additional_port_redirs_list - global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart - global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start - global smb_su_mode smb_mount_list - global use_port_knocking port_knocking_list - global include_list - - set defs(use_ssh) 0 - set defs(use_sshssl) 0 - - set defs(use_viewonly) 0 - set defs(use_fullscreen) 0 - set defs(use_raise_on_beep) 0 - set defs(use_bgr233) 0 - set defs(use_alpha) 0 - set defs(use_grab) 0 - set defs(use_nojpeg) 0 - set defs(use_compresslevel) "default" - set defs(use_quality) "default" - set defs(compresslevel_text) "Compress Level: default" - set defs(quality_text) "Quality: default" - - set defs(mycert) "" - set defs(svcert) "" - set defs(crtdir) "" - - set defs(use_cups) 0 - set defs(use_sound) 0 - set defs(use_smbmnt) 0 - - set defs(change_vncviewer) 0 - set defs(change_vncviewer_path) "" - set defs(cups_manage_rcfile) 0 - set defs(vncviewer_realvnc4) 0 - - set defs(additional_port_redirs) 0 - set defs(additional_port_redirs_list) "" - - set defs(cups_local_server) "" - set defs(cups_remote_port) "" - set defs(cups_local_smb_server) "" - set defs(cups_remote_smb_port) "" - - set defs(smb_su_mode) "su" - set defs(smb_mount_list) "" - - set defs(sound_daemon_remote_cmd) "" - set defs(sound_daemon_remote_port) "" - set defs(sound_daemon_kill) 0 - set defs(sound_daemon_restart) 0 - - set defs(sound_daemon_local_cmd) "" - set defs(sound_daemon_local_port) "" - set defs(sound_daemon_local_start) 0 - set defs(sound_daemon_local_kill) 0 - - set defs(use_port_knocking) 0 - set defs(port_knocking_list) "" - - set defs(include_list) "" - - foreach var [array names defs] { - set $var $defs($var) - } - - putty_pw_entry check -} - -proc do_viewer_windows {n} { - global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233 - global use_nojpeg use_raise_on_beep use_compresslevel use_quality - global change_vncviewer change_vncviewer_path vncviewer_realvnc4 - - set cmd "vncviewer" - if {$change_vncviewer && $change_vncviewer_path != ""} { - set cmd [string trim $change_vncviewer_path] - regsub -all {\\} $cmd {/} cmd - if {[regexp {[ \t]} $cmd]} { - if {[regexp -nocase {\.exe$} $cmd]} { - if {! [regexp {["']} $cmd]} { #" - # hmmm, not following instructions, are they? - set cmd "\"$cmd\"" - } - } - } - } - if {$use_viewonly} { - if {$vncviewer_realvnc4} { - append cmd " viewonly=1" - } else { - append cmd " /viewonly" - } - } - if {$use_fullscreen} { - if {$vncviewer_realvnc4} { - append cmd " fullscreen=1" - } else { - append cmd " /fullscreen" - } - } - if {$use_bgr233} { - if {$vncviewer_realvnc4} { - append cmd " lowcolourlevel=1" - } else { - append cmd " /8bit" - } - } - if {$use_nojpeg} { - if {! $vncviewer_realvnc4} { - append cmd " /nojpeg" - } - } - if {$use_raise_on_beep} { - if {! $vncviewer_realvnc4} { - append cmd " /belldeiconify" - } - } - if {$use_compresslevel != "" && $use_compresslevel != "default"} { - if {$vncviewer_realvnc4} { - append cmd " zliblevel=$use_compresslevel" - } else { - append cmd " /compresslevel $use_compresslevel" - } - } - if {$use_quality != "" && $use_quality != "default"} { - if {! $vncviewer_realvnc4} { - append cmd " /quality $use_quality" - } - } - append cmd " localhost:$n" - - mesg $cmd - set emess "" - set rc [catch {eval exec $cmd} emess] - if {$rc != 0} { - tk_messageBox -type ok -icon error -message $emess -title "Error: $cmd" - } -} - -proc get_netstat {} { - set ns "" - catch {set ns [exec netstat -an]} - return $ns -} - -proc get_ipconfig {} { - global is_win9x - set ip "" - if {! $is_win9x} { - catch {set ip [exec ipconfig]} - return $ip - } - - set file "ip" - append file [pid] - append file ".txt" - - catch {[exec winipcfg /Batch $file]} - - if [file exists $file] { - set fh [open $file "r"] - while {[gets $fh line] > -1} { - append ip "$line\n" - } - close $fh - catch {file delete $file} - } - return $ip -} - -proc guess_nat_ip {} { - global save_nat last_save_nat - set s "" - - if {! [info exists save_nat]} { - set save_nat "" - set last_save_nat 0 - } - if {$save_nat != ""} { - set now [clock seconds] - if {$now < $last_save_nat + 45} { - return $save_nat - } - } - set s "" - catch {set s [socket "www.whatismyip.com" 80]} - set ip "unknown" - if {$s != ""} { - fconfigure $s -buffering none - puts $s "GET / HTTP/1.1" - puts $s "Host: www.whatismyip.com" - puts $s "Connection: close" - puts $s "" - flush $s - set on 0 - while { [gets $s line] > -1 } { - if {! $on && [regexp {<HEAD>} $line]} {set on 1} - if {! $on && [regexp {<HTML>} $line]} {set on 1} - if {! $on && [regexp {<TITLE>} $line]} {set on 1} - if {! $on} { - continue; - } - if [regexp {([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*)} $line ip] { - break - } - } - close $s - } - if {$ip != "unknown"} { - set save_nat $ip - set last_save_nat [clock seconds] - } - return $ip -} - -proc guess_ip {} { - global is_windows - if {! $is_windows} { - set out "" - set out [get_hostname] - if {$out != ""} { - set hout "" - catch {set hout [exec host $out]} - if {$hout != ""} { - if [regexp {has address ([.0-9][.0-9]*)} $hout mvar ip] { - set ip [string trim $ip] - return $ip - } - } - } - return "" - } else { - set out [get_ipconfig] - set out [string trim $out] - if {$out == ""} { - return "" - } - foreach line [split $out "\n\r"] { - if {[regexp -nocase {IP Address.*:[ \t]*([.0-9][.0-9]*)} $line mvar ip]} { - set ip [string trim $ip] - if [regexp {^[.0]*$} $ip] { - continue - } - if [regexp {127\.0\.0\.1} $ip] { - continue - } - if {$ip != ""} { - return $ip - } - } - } - } -} - -proc windows_start_sound_daemon {file} { - global env - global use_sound sound_daemon_local_cmd sound_daemon_local_start - - regsub {\.bat} $file "snd.bat" file2 - set fh2 [open $file2 "w"] - - puts $fh2 $sound_daemon_local_cmd - puts $fh2 "del $file2" - close $fh2 - - mesg "Starting SOUND daemon..." - if [info exists env(COMSPEC)] { - exec $env(COMSPEC) /c $file2 & - } else { - exec cmd.exe /c $file2 & - } - after 1500 -} - -proc windows_stop_sound_daemon {} { - global is_win9x - global use_sound sound_daemon_local_cmd sound_daemon_local_start - - set cmd [string trim $sound_daemon_local_cmd] - - regsub {[ \t].*$} $cmd "" cmd - regsub {^.*\\} $cmd "" cmd - regsub {^.*/} $cmd "" cmd - - if {$cmd == ""} { - return - } - - set output [get_task_list] - - foreach line [split $output "\n\r"] { - if [regexp "$cmd" $line] { - if [regexp {(-?[0-9][0-9]*)} $line m p] { - set pids($p) $line - } - } - } - - set count 0 - foreach pid [array names pids] { - mesg "Stopping SOUND pid: $pid" - if {$is_win9x} { - catch {exec w98/kill.exe /f $pid} - } else { - catch {exec tskill.exe $pid} - } - if {$count == 0} { - after 1200 - } else { - after 500 - } - incr count - } -} - -proc contag {} { - global concount - if {! [info exists concount]} { - set concount 0 - } - incr concount - set str [pid] - set str "-$str-$concount" -} - -proc make_plink {} { - catch {destroy .plink} - toplevel .plink - #wm geometry .plink +700+500 - wm geometry .plink -40-40 - wm title .plink "plink SSH status?" - set wd 37 - label .plink.l1 -anchor w -text "Login via plink/ssh to the remote server" -width $wd - label .plink.l2 -anchor w -text "(supply username and password as needed)." -width $wd - label .plink.l3 -anchor w -text "" -width $wd - label .plink.l4 -anchor w -text "After ssh is set up, AND if the connection" -width $wd - label .plink.l5 -anchor w -text "success is not autodetected, please click" -width $wd - label .plink.l6 -anchor w -text "one of these buttons:" -width $wd - global plink_status - button .plink.fail -text "Failed" -command {destroy .plink; set plink_status no} - button .plink.ok -text "Success" -command {destroy .plink; set plink_status yes} - pack .plink.l1 .plink.l2 .plink.l3 .plink.l4 .plink.l5 .plink.l6 .plink.fail .plink.ok -side top -fill x - - update -} - -proc ssh_split {str} { - if {! [regexp {:} $str]} { - append str ":22" - } - regsub {:.*$} $str "" ssh_host - regsub {^.*:} $str "" ssh_port - if {$ssh_port == ""} { - set ssh_port 22 - } - if [regexp {@} $ssh_host] { - regsub {@.*$} $ssh_host "" ssh_user - regsub {^.*@} $ssh_host "" ssh_host - } else { - set ssh_user "" - } - return [list $ssh_user $ssh_host $ssh_port] -} - -proc launch_windows_ssh {hp file n} { - global is_win9x env - global use_sshssl use_ssh putty_pw - global port_knocking_list - - set hpnew [get_ssh_hp $hp] - set proxy [get_ssh_proxy $hp] - set sshcmd [get_ssh_cmd $hp] - - set vnc_host "localhost" - set vnc_disp $hpnew - regsub {^.*:} $vnc_disp "" vnc_disp - - if {![regexp {^[0-9][0-9]*$} $vnc_disp]} { - if {[regexp {cmd=SHELL} $hp]} { - ; - } elseif {[regexp {cmd=PUTTY} $hp]} { - ; - } else { - mesg "Bad vncdisp, missing :0 ?, $vnc_disp" - bell - return 0 - } - } - - set vnc_port 5900 - if {![regexp {^[0-9][0-9]*$} $vnc_disp]} { - ; - } elseif {$vnc_disp < 200} { - set vnc_port [expr $vnc_disp + 5900] - } else { - set vnc_port $vnc_disp - } - - set ssh_port 22 - set ssh_host $hpnew - regsub {:.*$} $ssh_host "" ssh_host - - set double_ssh "" - set p_port "" - if {$proxy != ""} { - if [regexp {,} $proxy] { - if {$is_win9x} { - mesg "Double proxy does not work on Win9x" - bell - return 0 - } - # user1@gateway:port1,user2@workstation:port2 - set proxy1 "" - set proxy2 "" - set s [split $proxy ","] - set proxy1 [lindex $s 0] - set proxy2 [lindex $s 1] - - set p_port [expr 3000 + 1000 * rand()] - set p_port [expr round($p_port)] - - set s [ssh_split $proxy1] - set ssh_user1 [lindex $s 0] - set ssh_host1 [lindex $s 1] - set ssh_port1 [lindex $s 2] - - set s [ssh_split $proxy2] - set ssh_user2 [lindex $s 0] - set ssh_host2 [lindex $s 1] - set ssh_port2 [lindex $s 2] - - set u1 "" - if {$ssh_user1 != ""} { - set u1 "${ssh_user1}@" - } - set u2 "" - if {$ssh_user2 != ""} { - set u2 "${ssh_user2}@" - } - - set double_ssh "-L $p_port:$ssh_host2:$ssh_port2 -P $ssh_port1 $u1$ssh_host1" - set proxy_use "${u2}localhost:$p_port" - - } else { - # user1@gateway:port1 - set proxy_use $proxy - } - - set ssh_host $proxy_use - regsub {:.*$} $ssh_host "" ssh_host - set ssh_port $proxy_use - regsub {^.*:} $ssh_port "" ssh_port - if {$ssh_port == ""} { - set ssh_port 22 - } - - set vnc_host $hpnew - regsub {:.*$} $vnc_host "" vnc_host - if {$vnc_host == ""} { - set vnc_host "localhost" - } - } - - if {![regexp {^[^ ][^ ]*@} $ssh_host]} { - mesg "You must supply a username: user@host..." - bell - return 0 - } - - set verb "-v" - - set pwd "" - if {$is_win9x} { - set pwd [pwd] - regsub -all {/} $pwd "\\" pwd - } - if {! [regexp {^[0-9][0-9]*$} $n]} { - set n 0 - } - - set use [expr $n + 5900] - - set_smb_mounts - - global use_smbmnt use_sound sound_daemon_kill - set do_pre 0 - if {$use_smbmnt} { - set do_pre 1 - } elseif {$use_sound && $sound_daemon_kill} { - set do_pre 1 - } - - global skip_pre - if {$skip_pre} { - set do_pre 0 - set skip_pre 0 - } - - set pw "" - if {$putty_pw != ""} { - if {! [regexp {"} $putty_pw]} { #" - set pw " -pw \"$putty_pw\"" - } - } - - set tag [contag] - - set file_double "" - - set file_pre "" - set file_pre_cmd "" - if {$do_pre} { - set setup_cmds [ugly_setup_scripts pre $tag] - - if {$setup_cmds != ""} { - regsub {\.bat} $file "pre.cmd" file_pre_cmd - set fh [open $file_pre_cmd "w"] - puts $fh "$setup_cmds sleep 10; " - close $fh - - regsub {\.bat} $file "pre.bat" file_pre - set fh [open $file_pre "w"] - set plink_str "plink.exe -ssh -C -P $ssh_port -m $file_pre_cmd $verb -t" - - global smb_redir_0 - if {$smb_redir_0 != ""} { - append plink_str " $smb_redir_0" - } - - append plink_str "$pw $ssh_host" - - if {$pw != ""} { - puts $fh "echo off" - } - puts $fh $plink_str - - if {$file_pre_cmd != ""} { - puts $fh "del $file_pre_cmd" - } - puts $fh "del $file_pre" - - close $fh - } - } - - if {$is_win9x} { - set sleep 35 - } else { - set sleep 20 - } - - set setup_cmds [ugly_setup_scripts post $tag] - - set do_shell 0 - if {$sshcmd == "SHELL"} { - set setup_cmds "" - set sshcmd {$SHELL} - set do_shell 1 - } elseif {$sshcmd == "PUTTY"} { - set setup_cmds "" - set do_shell 1 - } - - set file_cmd "" - if {$setup_cmds != ""} { - regsub {\.bat} $file ".cmd" file_cmd - set fh_cmd [open $file_cmd "w"] - - set str $setup_cmds - if {$sshcmd != ""} { - append str " $sshcmd; " - } else { - append str " sleep $sleep; " - } - puts $fh_cmd $str - close $fh_cmd - - set sshcmd $setup_cmds - } - - if {$sshcmd == ""} { - set pcmd "echo; echo SSH connected OK.; echo If this state is not autodetected,; echo Go Click the Success button." - set sshcmd "$pcmd; sleep $sleep" - } - - global use_sound sound_daemon_local_cmd sound_daemon_local_start - if {! $do_shell && ! $is_win9x && $use_sound && $sound_daemon_local_start && $sound_daemon_local_cmd != ""} { - windows_start_sound_daemon $file - } - - set fh [open $file "w"] - if {$is_win9x} { - puts $fh "cd $pwd" - if {$file_pre != ""} { - puts $fh "echo Press Ctrl-C --HERE-- when done with the Pre-Command shell work." - puts $fh "start /w command.com /c $file_pre" - } - } - - global use_cups use_smbmnt - set extra_redirs "" - if {$use_cups} { - append extra_redirs [get_cups_redir] - } - if {$use_sound} { - append extra_redirs [get_sound_redir] - } - global additional_port_redirs - if {$additional_port_redirs} { - append extra_redirs [get_additional_redir] - } - - if {$vnc_host == ""} { - set vnc_host "localhost" - } - - set plink_str "plink.exe -ssh -P $ssh_port $verb -L $use:$vnc_host:$vnc_port $extra_redirs -t" - if {$extra_redirs != ""} { - regsub {exe} $plink_str "exe -C" plink_str - } - if {$do_shell} { - if {$sshcmd == "PUTTY"} { - if {$is_win9x} { - set plink_str "putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" - } else { - set plink_str "start \"putty $ssh_host\" putty.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" - if [regexp {FINISH} $port_knocking_list] { - regsub {start} $plink_str "start /wait" plink_str - } - } - } else { - set plink_str "plink.exe -ssh -C -P $ssh_port $extra_redirs -t $pw $ssh_host" - append plink_str { "$SHELL"} - } - } elseif {$file_cmd != ""} { - append plink_str " -m $file_cmd$pw $ssh_host" - } else { - append plink_str "$pw $ssh_host \"$sshcmd\"" - } - - if {$pw != ""} { - puts $fh "echo off" - } - puts $fh $plink_str - if {$file_cmd != ""} { - puts $fh "del $file_cmd" - } - puts $fh "del $file" - close $fh - - catch {destroy .o} - catch {destroy .oa} - - if { ![do_port_knock $ssh_host start]} { - catch {file delete $file} - if {$file_cmd != ""} { - catch {file delete $file_cmd} - } - if {$file_pre != ""} { - catch {file delete $file_pre} - } - return 0 - } - - if {$double_ssh != ""} { - set plink_str_double_ssh "plink.exe -ssh -t $pw $double_ssh \"echo sleep 60 ...; sleep 60; echo done.\"" - - regsub {\.bat} $file "dob.bat" file_double - set fhdouble [open $file_double "w"] - puts $fhdouble $plink_str_double_ssh - puts $fhdouble "del $file_double" - close $fhdouble - - set com "cmd.exe" - if [info exists env(COMSPEC)] { - set com $env(COMSPEC) - } - - exec $com /c $file_double & - - set waited 0 - set gotit 0 - while {$waited < 30000} { - after 500 - update - set ns [get_netstat] - set re ":$p_port" - append re {[ ][ ]*[0:.][0:.]*[ ][ ]*LISTEN} - if [regexp $re $ns] { - set gotit 1 - break - } - set waited [expr "$waited + 500"] - } - if {! $gotit} { - after 5000 - } - } - - if {$is_win9x} { - wm withdraw . - update - win9x_plink_msg $file - global win9x_plink_msg_done - set win9x_plink_msg_done 0 - vwait win9x_plink_msg_done - } else { - set com "cmd.exe" - if [info exists env(COMSPEC)] { - set com $env(COMSPEC) - } - - if {$file_pre != ""} { - set sl 0 - if {$use_smbmnt} { - global smb_su_mode - if {$smb_su_mode == "su"} { - set sl [expr $sl + 15] - } elseif {$smb_su_mode == "sudo"} { - set sl [expr $sl + 15] - } else { - set sl [expr $sl + 3] - } - } - if {$pw == ""} { - set sl [expr $sl + 5] - } - - set sl [expr $sl + 5] - set st [clock seconds] - set dt 0 - global entered_gui_top button_gui_top - set entered_gui_top 0 - set button_gui_top 0 - - catch {wm geometry . "-40-40"} - catch {wm withdraw .; update; wm deiconify .; raise .; update} - mesg "Click on *This* Label when done with 1st SSH 0/$sl" - after 600 - - exec $com /c $file_pre & - - catch {lower .; update; raise .; update} - - while {$dt < $sl} { - after 100 - set dt [clock seconds] - set dt [expr $dt - $st] - mesg "Click on *This* Label when done with 1st SSH $dt/$sl" - update - update idletasks - if {$dt <= 1} { - set button_gui_top 0 - } - if {$button_gui_top != 0 && $dt >= 3} { - mesg "Running 2nd SSH now ..." - after 1000 - break - } - } - mesg "Running 2nd SSH ..." - } - - if {! $do_shell} { - make_plink - } - wm withdraw . - update - if {$do_shell && [regexp {FINISH} $port_knocking_list]} { - catch {exec $com /c $file} - } else { - exec $com /c $file & - } - after 1000 - } - - if {$do_shell} { - wm deiconify . - update - if {[regexp {FINISH} $port_knocking_list]} { - do_port_knock $ssh_host finish - } - return 1 - } - if {$is_win9x} { - make_plink - } - global plink_status - set plink_status "" - set waited 0 - set cnt 0 - while {$waited < 30000} { - after 500 - update - set ns [get_netstat] - set re ":$use" - append re {[ ][ ]*[0:.][0:.]*[ ][ ]*LISTEN} - if [regexp $re $ns] { - set plink_status yes - } - if {$plink_status != ""} { - catch {destroy .plink} - break - } - - if {$waited == 0} { - #wm deiconify .plink - } - set waited [expr "$waited + 500"] - - incr cnt - if {$cnt >= 12} { - set cnt 0 - } - } - if {$plink_status == ""} { - vwait plink_status - } - - if {$use_sshssl} { - global launch_windows_ssh_files - if {$file != ""} { - append launch_windows_ssh_files "$file " - } - if {$file_pre != ""} { - append launch_windows_ssh_files "$file_pre " - } - if {$file_pre_cmd != ""} { - append launch_windows_ssh_files "$file_pre_cmd " - } - regsub { *$} $launch_windows_ssh_files "" launch_windows_ssh_files - return 1 - } - - if {$plink_status != "yes"} { - wm deiconify . - } else { - after 1000 - do_viewer_windows $n - wm deiconify . - mesg "Disconnected from $hp" - } - update - if [regexp {FINISH} $port_knocking_list] { - do_port_knock $ssh_host finish - } - - if {$file != ""} { - catch {file delete $file} - } - if {$file_pre != ""} { - catch {file delete $file_pre} - } - if {$file_pre_cmd != ""} { - catch {file delete $file_pre_cmd} - } - if {$file_double != ""} { - catch {file delete $file_double} - } - - global sound_daemon_local_kill - if {! $is_win9x && $use_sound && $sound_daemon_local_kill && $sound_daemon_local_cmd != ""} { - windows_stop_sound_daemon - } - return 1 -} - -proc check_ssh_needed {} { - globalize - - if {$use_ssh || $use_sshssl} { - return - } - set must 0 - if {$use_cups} { - if {$cups_local_server != ""} {set must 1} - if {$cups_remote_port != ""} {set must 1} - if {$cups_local_smb_server != ""} {set must 1} - if {$cups_remote_smb_port != ""} {set must 1} - if {$cups_manage_rcfile != ""} {set must 1} - } - if {$use_sound} { - if {$sound_daemon_remote_cmd != ""} {set must 1} - if {$sound_daemon_remote_port != ""} {set must 1} - if {$sound_daemon_kill} {set must 1} - if {$sound_daemon_restart} {set must 1} - if {$sound_daemon_local_cmd != ""} {set must 1} - if {$sound_daemon_local_port != ""} {set must 1} - if {$sound_daemon_local_kill} {set must 1} - if {$sound_daemon_local_start} {set must 1} - } - if {$use_smbmnt} { - if {[regexp {//} $smb_mount_list]} {set must 1} - } - if {$must} { - set use_sshssl 1 - putty_pw_entry check - mesg "Enabling \"Use SSH and SSL\" mode for port redir" - update - bell - after 4000 - } -} - -proc set_smb_mounts {} { - global smb_redir_0 smb_mounts use_smbmnt - - set smb_redir_0 "" - set smb_mounts "" - if {$use_smbmnt} { - set l2 [get_smb_redir] - set smb_redir_0 [lindex $l2 0] - set smb_redir_0 [string trim $smb_redir_0] - set smb_mounts [lindex $l2 1] - } -} - -proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} { - global darwin_terminal - - set tries "" - lappend tries "/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal" - - if {! [info exists darwin_terminal]} { - foreach try $tries { - if [file exists $try] { - if [file executable $try] { - set darwin_terminal $try - break - } - } - } - if {! [info exists darwin_terminal]} { - set fh "" - catch {set fh [open "| find /Applications -type f -name Terminal" "r"]} - if {$fh != ""} { - while {[gets $fh line] > -1} { - if {! [file exists $line]} { - continue - } - if {[file isdirectory $line]} { - continue - } - if {! [regexp {/Terminal$} $line]} { - continue - } - if {! [file executable $line]} { - continue - } - set darwin_terminal $line - break - } - close $fh - } - } - } - if {! [info exists darwin_terminal]} { - tk_messageBox -type ok -icon error -message "Cannot find Darwin Terminal program." -title "Cannot find Terminal program" - return - } - - global darwin_terminal_cnt - set tmp /tmp/darwin_terminal_cmd.[pid] - if {! [info exists darwin_terminal_cnt]} { - set darwin_terminal_cnt 0 - } - incr darwin_terminal_cnt - append tmp ".$darwin_terminal_cnt" - - set fh "" - catch {set fh [open $tmp w 0755]} - if {$fh == ""} { - tk_messageBox -type ok -icon error -message "Cannot open temporary file: $tmp" -title "Cannot open file" - return - } - global env - puts $fh "#!/bin/sh" - puts $fh "PATH=$env(PATH)" - puts $fh "export PATH" - puts $fh "tmp=$tmp" - puts $fh "sleep 1" - puts $fh {if [ "X$DDDBG" != "X" ]; then ps www; fi} - puts $fh {termpid=`ps www | grep -w Terminal | grep $tmp | grep -v grep | awk '{print $1}' | sort -n | tail -1`} - puts $fh {echo try-1: termpid=$termpid mypid=$$} - puts $fh {if [ "X$termpid" = "X" ]; then} - puts $fh { termpid=`ps www | grep -w Terminal | grep -v grep | awk '{print $1}' | sort -n | tail -1`} - puts $fh { echo try-2: termpid=$termpid mypid=$$} - puts $fh {fi} - puts $fh {if [ "X$termpid" = "X" ]; then} - puts $fh { termpid=$$} - puts $fh { echo termpid-find-fail: termpid=$termpid mypid=$$} - puts $fh {fi} - puts $fh {trap "rm -f $tmp; kill -TERM $termpid; kill -TERM $mypid; kill -KILL $mypid; exit 0" 0 2 15} - puts $fh "$cmd" - puts $fh "sleep 1" - puts $fh {rm -f $tmp} - puts $fh {kill -TERM $termpid} - puts $fh {kill -TERM $mypid} - puts $fh {kill -KILL $mypid} - puts $fh "exit 0" - close $fh - if {$bg} { - catch {exec $darwin_terminal $tmp &} - } else { - catch {exec $darwin_terminal $tmp} - } -} - -proc unix_terminal_cmd {{geometry "+100+100"} {title "xterm-command"} {cmd "echo test"} {bg 0} {xrm1 ""} {xrm2 ""} {xrm3 ""}} { - global uname - if {$uname == "Darwin"} { - global env - set doX 0; - if [info exists env(DISPLAY)] { - if {[in_path "xterm"] != ""} { - set doX 1 - } - } - if {! $doX} { - darwin_terminal_cmd $title $cmd $bg - return - } - } - if {$bg} { - if {$xrm1 == ""} { - exec xterm -geometry "$geometry" -title "$title" -e sh -c "$cmd" & - } else { - exec xterm -geometry "$geometry" -title "$title" -xrm "$xrm1" -xrm "$xrm2" -xrm "$xrm3" -e sh -c "$cmd" & - } - } else { - if {$xrm1 == ""} { - exec xterm -geometry "$geometry" -title "$title" -e sh -c "$cmd" - } else { - exec xterm -geometry "$geometry" -title "$title" -xrm "$xrm1" -xrm "$xrm2" -xrm "$xrm3" -e sh -c "$cmd" - } - } -} - -proc xterm_center_geometry {} { - set sh [winfo screenheight .] - set sw [winfo screenwidth .] - set gw 500 - set gh 300 - set x [expr $sw/2 - $gw/2] - set y [expr $sh/2 - $gh/2] - if {$x < 0} { - set x 10 - } - if {$y < 0} { - set y 10 - } - - return "+$x+$y" -} - -proc smbmnt_wait {tee} { - if {$tee != ""} { - set start [clock seconds] - set cut 30 - while {1} { - set now [clock seconds] - if {$now > $start + $cut} { - break; - } - if [file exists $tee] { - set sz 0 - catch {set sz [file size $tee]} - if {$sz > 50} { - set cut 50 - } - } - set g "" - catch {set g [exec grep vnc-helper-exiting $tee]} - if [regexp {vnc-helper-exiting} $g] { - break - } - after 1000 - } - catch {file delete $tee} - } else { - global smb_su_mode - if {$smb_su_mode == "su"} { - after 15000 - } elseif {$smb_su_mode == "sudo"} { - after 10000 - } - } -} - -proc do_unix_pre {tag proxy hp pk_hp} { - global env smb_redir_0 use_smbmnt - global did_port_knock - - set setup_cmds [ugly_setup_scripts pre $tag] - set c "ssl_vncviewer -ssh" - - if {$proxy == ""} { - set pxy $hp - regsub {:.*$} $pxy "" pxy - set c "$c -proxy '$pxy'" - } else { - set c "$c -proxy '$proxy'" - } - - if {$setup_cmds != ""} { - set env(SSL_VNCVIEWER_SSH_CMD) "$setup_cmds sleep 10" - set env(SSL_VNCVIEWER_SSH_ONLY) 1 - if {$smb_redir_0 != ""} { - set c "$c -sshargs '$smb_redir_0'" - } - - if {! [do_port_knock $pk_hp start]} { - return - } - set did_port_knock 1 - - if {$use_smbmnt} { - set title "SSL VNC Viewer $hp -- SMB MOUNTS" - } else { - set title "SSL VNC Viewer $hp -- Pre Commands" - } - - set tee "" - if {$use_smbmnt} { - set tee $env(HOME) - append tee "/.tee-etv$tag" - set fh "" - catch {set fh [open $tee "w"]} - if {$fh == ""} { - set tee "" - } else { - close $fh - set c "$c | tee $tee" - } - } - -# exec xterm -geometry "80x25+100+100" \ -# -title "$title" \ -# -e sh -c "set -xv; $c" & - - unix_terminal_cmd "80x25+100+100" "$title" "set -xv; $c" 1 - - set env(SSL_VNCVIEWER_SSH_CMD) "" - set env(SSL_VNCVIEWER_SSH_ONLY) "" - - if {$use_smbmnt} { - smbmnt_wait $tee - } else { - after 2000 - } - } -} - -proc port_knock_only {hp {mode KNOCK}} { - if {$hp == ""} { - global vncdisplay - set hp $vncdisplay - if {$hp == ""} { - mesg "No host port found" - bell - return - } - } - set hpnew [get_ssh_hp $hp] - set proxy [get_ssh_proxy $hp] - set sshcmd [get_ssh_cmd $hp] - set hp $hpnew - - set pk_hp "" - if {$proxy != ""} { - set pk_hp $proxy - } - if {$pk_hp == ""} { - set pk_hp $hp - } - if {$mode == "KNOCK"} { - do_port_knock $pk_hp start - } elseif {$mode == "FINISH"} { - do_port_knock $pk_hp finish - } -} - -proc direct_connect_msg {} { - set msg "" - globalize - if {$use_sshssl} { - append msg " - SSH + SSL tunnelling\n" - } elseif {$use_ssh} { - append msg " - SSH tunnelling\n" - } else { - append msg " - SSL tunnelling\n" - } - if {$use_smbmnt} { - append msg " - SMB Mount Port Redirection\n" - } - if {$use_sound} { - append msg " - ESD Sound Port Redirection\n" - } - if {$use_cups} { - append msg " - CUPS Port Redirection\n" - } - if {$additional_port_redirs} { - append msg " - Additional Port Redirections\n" - } - if {$mycert != "" || $svcert != "" || $crtdir != ""} { - append msg " - SSL certificate authentication\n" - } - if {$msg != ""} { - set msg "Direct connect via vnc://hostname\nThe following options will be disabled:\n\n$msg" - tk_messageBox -type ok -icon info -message $msg - } -} - -proc launch_unix {hp} { - global smb_redir_0 smb_mounts env - - globalize - - set cmd "" - - if [regexp {cmd=} $hp] { - if {! $use_ssh && ! $use_sshssl} { - set use_ssh 1 - } - } - check_ssh_needed - - set_smb_mounts - - global did_port_knock - set did_port_knock 0 - set pk_hp "" - - set skip_ssh 0 - if [regexp {vnc://} $hp] { - set skip_ssh 1 - direct_connect_msg - } - - if {$use_ssh || $use_sshssl} { - if {$skip_ssh} { - set cmd "ssl_vncviewer" - } elseif {$use_ssh} { - set cmd "ssl_vncviewer -ssh" - } else { - set cmd "ssl_vncviewer -sshssl" - if {$mycert != ""} { - set cmd "$cmd -mycert '$mycert'" - } - if {$svcert != ""} { - set cmd "$cmd -verify '$svcert'" - } elseif {$crtdir != ""} { - set cmd "$cmd -verify '$crtdir'" - } - } - set hpnew [get_ssh_hp $hp] - set proxy [get_ssh_proxy $hp] - set sshcmd [get_ssh_cmd $hp] - set hp $hpnew - - if {$proxy != ""} { - set cmd "$cmd -proxy '$proxy'" - set pk_hp $proxy - } - if {$pk_hp == ""} { - set pk_hp $hp - } - - set do_pre 0 - if {$use_smbmnt} { - set do_pre 1 - } elseif {$use_sound && $sound_daemon_kill} { - set do_pre 1 - } - global skip_pre - if {$skip_pre || $skip_ssh} { - set do_pre 0 - set skip_pre 0 - } - - set tag [contag] - - if {$do_pre} { - do_unix_pre $tag $proxy $hp $pk_hp - } - - - set setup_cmds [ugly_setup_scripts post $tag] - if {$skip_ssh} { - set setup_cmds "" - } - - if {$sshcmd == "SHELL"} { - set env(SSL_VNCVIEWER_SSH_CMD) {$SHELL} - set env(SSL_VNCVIEWER_SSH_ONLY) 1 - } elseif {$setup_cmds != ""} { - set env(SSL_VNCVIEWER_SSH_CMD) "$setup_cmds$sshcmd" - } else { - if {$sshcmd != ""} { - set cmd "$cmd -sshcmd '$sshcmd'" - } - } - - set sshargs "" - if {$use_cups} { - append sshargs [get_cups_redir] - } - if {$use_sound} { - append sshargs [get_sound_redir] - } - if {$additional_port_redirs} { - append sshargs [get_additional_redir] - } - - set sshargs [string trim $sshargs] - if {$skip_ssh} { - set sshargs "" - } - if {$sshargs != ""} { - set cmd "$cmd -sshargs '$sshargs'" - set env(SSL_VNCVIEWER_USE_C) 1 - } - if {$sshcmd == "SHELL"} { - set env(SSL_VNCVIEWER_SSH_ONLY) 1 - if {$proxy == ""} { - set hpt $hpnew - regsub {:[0-9]*$} $hpt "" hpt - set cmd "$cmd -proxy '$hpt'" - } - set geometry [xterm_center_geometry] - if {$pk_hp == ""} { - set pk_hp $hp - } - if {! $did_port_knock} { - if {! [do_port_knock $pk_hp start]} { - return - } - set did_port_knock 1 - } - - if {[regexp {FINISH} $port_knocking_list]} { - wm withdraw . - update -# exec xterm -geometry $geometry \ -# -title "SHELL to $hp" -e sh -c "$cmd" - unix_terminal_cmd $geometry "SHELL to $hp" "$cmd" - wm deiconify . - update - do_port_knock $pk_hp finish - } else { -# exec xterm -geometry $geometry \ -# -title "SHELL to $hp" -e sh -c "$cmd" & - unix_terminal_cmd $geometry "SHELL to $hp" "$cmd" 1 - } - set env(SSL_VNCVIEWER_SSH_CMD) "" - set env(SSL_VNCVIEWER_SSH_ONLY) "" - set env(SSL_VNCVIEWER_USE_C) "" - return - } - } else { - set cmd "ssl_tightvncviewer" - set hpnew [get_ssh_hp $hp] - set proxy [get_ssh_proxy $hp] - if {$mycert != ""} { - set cmd "$cmd -mycert '$mycert'" - } - if {$svcert != ""} { - set cmd "$cmd -verify '$svcert'" - } elseif {$crtdir != ""} { - set cmd "$cmd -verify '$crtdir'" - } - if {$proxy != ""} { - set cmd "$cmd -proxy '$proxy'" - } - set hp $hpnew - } - - if {$use_alpha} { - set cmd "$cmd -alpha" - } - if {$use_grab} { - set cmd "$cmd -grab" - } - - global darwin_cotvnc - if {$darwin_cotvnc} { - set env(DARWIN_COTVNC) 1 - } - - set cmd "$cmd $hp" - - if {$use_viewonly} { - if {$darwin_cotvnc} { - set cmd "$cmd --ViewOnly" - } else { - set cmd "$cmd -viewonly" - } - } - if {$use_fullscreen} { - if {$darwin_cotvnc} { - set cmd "$cmd --FullScreen" - } else { - set cmd "$cmd -fullscreen" - } - } - if {$use_bgr233} { - if {$vncviewer_realvnc4} { - set cmd "$cmd -lowcolourlevel 1" - } else { - set cmd "$cmd -bgr233" - } - } - if {$use_nojpeg} { - if {$darwin_cotvnc} { - ; - } elseif {! $vncviewer_realvnc4} { - set cmd "$cmd -nojpeg" - } - } - if {! $use_raise_on_beep} { - if {$darwin_cotvnc} { - ; - } elseif {! $vncviewer_realvnc4} { - set cmd "$cmd -noraiseonbeep" - } - } - if {$use_compresslevel != "" && $use_compresslevel != "default"} { - if {$vncviewer_realvnc4} { - set cmd "$cmd -zliblevel '$use_compresslevel'" - } else { - set cmd "$cmd -compresslevel '$use_compresslevel'" - } - } - if {$use_quality != "" && $use_quality != "default"} { - if {$darwin_cotvnc} { - ; - } elseif {! $vncviewer_realvnc4} { - set cmd "$cmd -quality '$use_quality'" - } - } - if {$use_ssh || $use_sshssl} { - # realvnc4 -preferredencoding zrle - if {$darwin_cotvnc} { - ; - } elseif {$vncviewer_realvnc4} { - set cmd "$cmd -preferredencoding zrle" - } else { - set cmd "$cmd -encodings 'copyrect tight zrle zlib hextile'" - } - } - - if {$change_vncviewer && $change_vncviewer_path != ""} { - set env(VNCVIEWERCMD) $change_vncviewer_path - } else { - set env(VNCVIEWERCMD) "" - } - - catch {destroy .o} - catch {destroy .oa} - update - - if {$sound_daemon_local_start && $sound_daemon_local_cmd != ""} { - mesg "running: $sound_daemon_local_cmd" - exec sh -c "$sound_daemon_local_cmd" >& /dev/null </dev/null & - update - after 500 - } - - if {$pk_hp == ""} { - set pk_hp $hp - } - if {! $did_port_knock} { - if {! [do_port_knock $pk_hp start]} { - wm deiconify . - update - return - } - set did_port_knock 1 - } - wm withdraw . - update - - set geometry [xterm_center_geometry] - set xrm1 "*.srinterCommand:true" - set xrm2 $xrm1 - set xrm3 $xrm1 - if {[info exists env(SSL_VNC_GUI_CMD)]} { - set xrm1 "*.printerCommand:env XTERM_PRINT=1 $env(SSL_VNC_GUI_CMD)" - set xrm2 "XTerm*VT100*translations:#override Shift<Btn3Down>:print()\\nCtrl<Key>N:print()" - set xrm3 "*mainMenu*print*Label: New SSL_VNC_GUI" - } -# exec xterm -geometry $geometry -xrm "$xrm1" -xrm "$xrm2" -xrm "$xrm3" \ -# -title "SSL VNC Viewer $hp" \ -# -e sh -c "set -xv; $cmd; set +xv; echo; echo Done. You Can X-out or Ctrl-C this Terminal if you like.; echo; echo sleep 15; echo; sleep 15" - set m "Done. You Can X-out or Ctrl-C this Terminal if you like." - global uname - if {$uname == "Darwin"} { - regsub {X-out or } $m "" m - } - unix_terminal_cmd $geometry "SSL VNC Viewer $hp" \ - "set -xv; $cmd; set +xv; echo; echo $m; echo; echo sleep 15; echo; sleep 15" 0 $xrm1 $xrm2 $xrm3 - - set env(SSL_VNCVIEWER_SSH_CMD) "" - set env(SSL_VNCVIEWER_USE_C) "" - - if {$sound_daemon_local_kill && $sound_daemon_local_cmd != ""} { - set daemon [string trim $sound_daemon_local_cmd] - regsub {^gw[ \t]*} $daemon "" daemon - regsub {[ \t].*$} $daemon "" daemon - regsub {^.*/} $daemon "" daemon - mesg "killing sound daemon: $daemon" - if {$daemon != ""} { - catch {exec sh -c "killall $daemon" >/dev/null 2>/dev/null </dev/null &} - catch {exec sh -c "pkill -x $daemon" >/dev/null 2>/dev/null </dev/null &} - } - } - wm deiconify . - mesg "Disconnected from $hp" - if {[regexp {FINISH} $port_knocking_list]} { - do_port_knock $pk_hp finish - } -} - -proc kill_stunnel {pids} { - global is_win9x - - set count 0 - foreach pid $pids { - mesg "killing STUNNEL pid: $pid" - if {$is_win9x} { - catch {exec w98/kill.exe /f $pid} - } else { - catch {exec tskill.exe $pid} - } - if {$count == 0} { - after 1200 - } else { - after 500 - } - incr count - } -} - -proc get_task_list {} { - global is_win9x - - set output1 "" - set output2 "" - if {! $is_win9x} { - # try for tasklist on XP pro - catch {set output1 [exec tasklist.exe]} - } - catch {set output2 [exec w98/tlist.exe]} - - set output $output1 - append output "\n" - append output $output2 - - return $output -} - -proc note_stunnel_pids {when} { - global is_win9x pids_before pids_after pids_new - - if {$when == "before"} { - array unset pids_before - array unset pids_after - set pids_new {} - set pids_before(none) "none" - set pids_after(none) "none" - } - - set output [get_task_list] - - foreach line [split $output "\n\r"] { - if [regexp -nocase {stunnel} $line] { - if [regexp {(-?[0-9][0-9]*)} $line m p] { - if {$when == "before"} { - set pids_before($p) $line - } else { - set pids_after($p) $line - } - } - } - } - if {$when == "after"} { - foreach new [array names pids_after] { - if {! [info exists pids_before($new)]} { - lappend pids_new $new - } - } - } -} - -proc del_launch_windows_ssh_files {} { - global launch_windows_ssh_files - - if {$launch_windows_ssh_files != ""} { - foreach tf [split $launch_windows_ssh_files] { - if {$tf == ""} { - continue - } - catch {file delete $tf} - } - } -} - -proc launch_shell_only {} { - global vncdisplay is_windows - global skip_pre - - set hp $vncdisplay - regsub {cmd=.*$} $vncdisplay "" hp - set hp [string trim $hp] - if {$is_windows} { - append hp " cmd=PUTTY" - } else { - append hp " cmd=SHELL" - } - set skip_pre 1 - launch $hp -} - -proc launch {{hp ""}} { - global vncdisplay tcl_platform is_windows - global mycert svcert crtdir - global pids_before pids_after pids_new - global env - global use_ssh use_sshssl - - set debug 0 - if {$hp == ""} { - set hp [string trim $vncdisplay] - } - - if {[regexp {^[ ]*$} $hp]} { - mesg "No host:disp supplied." - bell - catch {raise .} - return - } - if {! [regexp ":" $hp]} { - if {! [regexp {cmd=} $hp]} { - append hp ":0" - } - } - - mesg "Using: $hp" - after 600 - - set sc [get_ssh_cmd $hp] - if {[regexp {^KNOCK} $sc]} { - if [regexp {^KNOCKF} $sc] { - port_knock_only $hp "FINISH" - } else { - port_knock_only $hp "KNOCK" - } - return - } - - if {$debug} { - mesg "\"$tcl_platform(os)\" | \"$tcl_platform(osVersion)\"" - after 1000 - } - if {! $is_windows} { - launch_unix $hp - return - } - - if [regexp {cmd=} $hp] { - if {! $use_ssh && ! $use_sshssl} { - set use_ssh 1 - } - } - check_ssh_needed - - if {! $use_ssh} { - if {$mycert != ""} { - if {! [file exists $mycert]} { - mesg "MyCert does not exist: $mycert" - bell - return - } - } - if {$svcert != ""} { - if {! [file exists $svcert]} { - mesg "ServerCert does not exist: $svcert" - bell - return - } - } elseif {$crtdir != ""} { - if {! [file exists $crtdir]} { - mesg "CertsDir does not exist: $crtdir" - bell - return - } - } - } - - set prefix "stunnel-vnc" - set suffix "conf" - if {$use_ssh || $use_sshssl} { - set prefix "plink-vnc" - set suffix "bat" - } - - set file "" - set n "" - set file2 "" - set n2 "" - set now [clock seconds] - - set proxy [get_ssh_proxy $hp] - if {$use_sshssl} { - set proxy "" - } - - for {set i 30} {$i < 90} {incr i} { - set try "$prefix-$i.$suffix" - if {[file exists $try]} { - set mt [file mtime $try] - set age [expr "$now - $mt"] - set week [expr "7 * 3600 * 24"] - if {$age > $week} { - catch {file delete $file} - } - } - if {! [file exists $try]} { - if {$use_sshssl || $proxy != ""} { - if {$file != ""} { - set file2 $try - set n2 $i - break - } - } - set file $try - set n $i - if {! $use_sshssl && $proxy == ""} { - break - } - } - } - - if {$file == ""} { - mesg "could not find free stunnel file" - bell - return - } - - global launch_windows_ssh_files - set launch_windows_ssh_files "" - - set did_port_knock 0 - - if {$use_sshssl} { - set rc [launch_windows_ssh $hp $file2 $n2] - if {$rc == 0} { - catch {file delete $file} - catch {file delete $file2} - del_launch_windows_ssh_files - return - } - set did_port_knock 1 - } elseif {$use_ssh} { - launch_windows_ssh $hp $file $n - return - } - - set list [split $hp ":"] - - set host [lindex $list 0] - if {$host == ""} { - set host "localhost" - } - - set disp [lindex $list 1] - set disp [string trim $disp] - regsub { .*$} $disp "" disp - if {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} { - set disp 0 - } - set port [expr "$disp + 5900"] - - if {$proxy != ""} { - set env(SSL_VNC_PROXY) $proxy - set env(SSL_VNC_LISTEN) [expr "$n2 + 5900"] - set env(SSL_VNC_DEST) "$host:$port" - } - - if {$debug} { - mesg "file: $file" - after 1000 - } - - set fail 0 - - set fh [open $file "w"] - - puts $fh "client = yes" - puts $fh "options = ALL" - puts $fh "taskbar = yes" - puts $fh "RNDbytes = 2048" - puts $fh "RNDfile = bananarand.bin" - puts $fh "RNDoverwrite = yes" - puts $fh "debug = 6" - if {$mycert != ""} { - if {! [file exists $mycert]} { - mesg "MyCert does not exist: $mycert" - bell - set fail 1 - } - puts $fh "cert = $mycert" - } - if {$svcert != ""} { - if {! [file exists $svcert]} { - mesg "ServerCert does not exist: $svcert" - bell - set fail 1 - } - puts $fh "CAfile = $svcert" - puts $fh "verify = 2" - } elseif {$crtdir != ""} { - if {! [file exists $crtdir]} { - mesg "CertsDir does not exist: $crtdir" - bell - set fail 1 - } - puts $fh "CApath = $crtdir" - puts $fh "verify = 2" - } - - if {$n == ""} { - set n 10 - } - if {$n2 == ""} { - set n2 11 - } - puts $fh "\[vnc$n\]" - set port2 [expr "$n + 5900"] - puts $fh "accept = localhost:$port2" - - if {$use_sshssl || $proxy != ""} { - set port [expr "$n2 + 5900"] - puts $fh "connect = localhost:$port" - } else { - puts $fh "connect = $host:$port" - } - - puts $fh "delay = no" - puts $fh "" - close $fh - - if {! $did_port_knock} { - if {! [do_port_knock $host start]} { - set fail 1 - } - set did_port_knock 1 - } - - if {$fail} { - catch {file delete $file} - return - } - - set proxy_pid "" - if {$proxy != ""} { - mesg "Starting TCP helper on port $port ..." - after 600 - set proxy_pid [exec "connect_br.exe" &] - unset -nocomplain env(SSL_VNC_PROXY) - unset -nocomplain env(SSL_VNC_LISTEN) - unset -nocomplain env(SSL_VNC_DEST) - } - - mesg "Starting STUNNEL on port $port2 ..." - after 600 - - note_stunnel_pids "before" - - set pids [exec stunnel $file &] - - after 1300 - - note_stunnel_pids "after" - - if {$debug} { - after 1000 - mesg "pids $pids" - after 1000 - } else { - catch {destroy .o} - catch {destroy .oa} - wm withdraw . - } - - do_viewer_windows $n - - del_launch_windows_ssh_files - - catch {file delete $file} - - if {$debug} { - ; - } else { - wm deiconify . - } - mesg "Disconnected from $hp." - - global port_knocking_list - if [regexp {FINISH} $port_knocking_list] { - do_port_knock $host finish - } - - if {[llength $pids_new] > 0} { - set plist [join $pids_new ", "] - global terminate_pids - set terminate_pids "" - win_kill_msg $plist - update - vwait terminate_pids - if {$terminate_pids == "yes"} { - kill_stunnel $pids_new - } - } else { - win_nokill_msg - } - mesg "Disconnected from $hp." - - global is_win9x use_sound sound_daemon_local_kill sound_daemon_local_cmd - if {! $is_win9x && $use_sound && $sound_daemon_local_kill && $sound_daemon_local_cmd != ""} { - windows_stop_sound_daemon - } -} - -proc get_idir_certs {str} { - global is_windows env - set idir "" - if {$str != ""} { - if [file isdirectory $str] { - set idir $str - } else { - set idir [file dirname $str] - } - } - if {$idir == ""} { - if {$is_windows} { - set t [file dirname [pwd]] - set t "$t/certs" - if [file isdirectory $t] { - set idir $t - } - } - if {$idir == ""} { - if [info exists env(HOME)] { - set t "$env(HOME)/.vnc/certs" - if [file isdirectory $t] { - set idir $t - } - } - } - } - if {$idir == ""} { - if {$is_windows} { - set idir [get_profiles_dir] - } - if {$idir == ""} { - set idir [pwd] - } - } - return $idir -} - -proc set_mycert {} { - global mycert - set idir [get_idir_certs $mycert] - set t "" - if {$idir != ""} { - set t [tk_getOpenFile -initialdir $idir] - } else { - set t [tk_getOpenFile] - } - if {$t != ""} { - set mycert $t - } - catch {wm deiconify .c} - v_mycert - update -} - - -proc show_cert {crt} { - if {$crt == ""} { - bell - return - } - if {! [file exists $crt]} { - bell - return - } - set info "" - catch {set info [get_x509_info $crt]} - if {$info == ""} { - bell - return - } - - set w .show_certificate - catch {destroy $w} - toplevel $w - scroll_text $w.f - button $w.b -text Dismiss -command "destroy $w" - bind $w <Escape> "destroy $w" - $w.f.t insert end $info - - pack $w.b -side bottom -fill x - pack $w.f -side top -fill both -expand 1 - center_win $w - catch {raise $w} -} - -proc v_svcert {} { - global svcert - if {$svcert == "" || ! [file exists $svcert]} { - catch {.c.svcert.i configure -state disabled} - } else { - catch {.c.svcert.i configure -state normal} - } - return 1 -} - -proc v_mycert {} { - global mycert - if {$mycert == "" || ! [file exists $mycert]} { - catch {.c.mycert.i configure -state disabled} - } else { - catch {.c.mycert.i configure -state normal} - } - return 1 -} - -proc show_mycert {} { - global mycert - show_cert $mycert -} - -proc show_svcert {} { - global svcert - show_cert $svcert -} - -proc set_svcert {} { - global svcert crtdir - set idir [get_idir_certs $svcert] - set t "" - if {$idir != ""} { - set t [tk_getOpenFile -initialdir $idir] - } else { - set t [tk_getOpenFile] - } - if {$t != ""} { - set crtdir "" - set svcert $t - } - catch {wm deiconify .c} - v_svcert - update -} - -proc set_crtdir {} { - global svcert crtdir - set idir [get_idir_certs $crtdir] - set t "" - if {$idir != ""} { - set t [tk_chooseDirectory -initialdir $idir] - } else { - set t [tk_chooseDirectory] - } - if {$t != ""} { - set svcert "" - set crtdir $t - } - catch {wm deiconify .c} - update -} - -proc set_createcert_file {} { - global ccert - if {[info exists ccert(FILE)]} { - set idir [get_idir_certs $ccert(FILE)] - } - if {$idir != ""} { - set t [tk_getSaveFile -defaultextension ".pem" -initialdir $idir] - } else { - set t [tk_getSaveFile -defaultextension ".pem"] - } - if {$t != ""} { - set ccert(FILE) $t - } - catch {raise .ccrt} - update -} - -proc check_pp {} { - global ccert - if {$ccert(ENC)} { - catch {.ccrt.pf.e configure -state normal} - catch {focus .ccrt.pf.e} - catch {.ccrt.pf.e icursor end} - } else { - catch {.ccrt.pf.e configure -state disabled} - } -} - -proc get_openssl {} { - global is_windows - if {$is_windows} { - set ossl "openssl.exe" - } else { - set ossl "openssl" - } -} - -proc get_x509_info {crt} { - set ossl [get_openssl] - set info "" - update - set ph [open "| $ossl x509 -text -in \"$crt\"" "r"] - while {[gets $ph line] > -1} { - append info "$line\n" - } - close $ph - return $info -} - -proc do_oss_create {} { - global is_windows is_win9x - - set cfg { -[ req ] -default_bits = 2048 -encrypt_key = yes -distinguished_name = req_distinguished_name - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = %CO -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = %ST - -localityName = Locality Name (eg, city) -localityName_default = %LOC - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = %ON - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = %OUN - -commonName = Common Name (eg, YOUR name) -commonName_default = %CN -commonName_max = 64 - -emailAddress = Email Address -emailAddress_default = %EM -emailAddress_max = 64 -} - - global ccert - - if {$ccert(FILE) == ""} { - catch {destroy .c} - mesg "No output cert file supplied" - bell - return - } - if {! [regexp {\.pem$} $ccert(FILE)]} { - append ccert(FILE) ".pem" - } - set pem $ccert(FILE) - regsub {\.pem$} $ccert(FILE) ".crt" crt - - if {$ccert(ENC)} { - if {[string length $ccert(PASS)] < 4} { - catch {destroy .c} - mesg "Passphrase must be at least 4 characters long." - bell - return - } - } - if {[string length $ccert(CO)] != 2} { - catch {destroy .c} - mesg "Country Name must be at exactly 2 characters long." - bell - return - } - if {[string length $ccert(CN)] > 64} { - catch {destroy .c} - mesg "Common Name must be less than 65 characters long." - bell - return - } - if {[string length $ccert(EM)] > 64} { - catch {destroy .c} - mesg "Email Address must be less than 65 characters long." - bell - return - } - - foreach t {EM CN OUN ON LOC ST CO} { - - set val $ccert($t) - if {$val == ""} { - set val "none" - } - regsub "%$t" $cfg "$val" cfg - } - - global is_windows - - if {$is_windows} { - set tmp "cert.cfg" - } else { - set tmp "/tmp/cert.cfg." - append tmp [clock clicks -milliseconds] - catch {file delete $tmp} - if {[file exists $tmp]} { - catch {destroy .c} - mesg "file still exists: $tmp" - bell - return - } - catch {set fh [open $tmp "w"]} - catch {exec chmod 600 $tmp} - if {! [file exists $tmp]} { - catch {destroy .c} - mesg "cannot create: $tmp" - bell - return - } - } - set fh "" - catch {set fh [open $tmp "w"]} - if {$fh == ""} { - catch {destroy .c} - mesg "cannot create: $tmp" - bell - catch {file delete $tmp} - return - } - - puts $fh $cfg - close $fh - - set ossl [get_openssl] - - set cmd "$ossl req -config $tmp -nodes -new -newkey rsa:2048 -x509 -batch" - if {$ccert(DAYS) != ""} { - set cmd "$cmd -days $ccert(DAYS)" - } - if {$is_windows} { - set cmd "$cmd -keyout {$pem} -out {$crt}" - } else { - set cmd "$cmd -keyout \"$pem\" -out \"$crt\"" - } - - if {$is_windows} { - set emess "" - if {$is_win9x} { - catch {file delete $pem} - catch {file delete $crt} - update - eval exec $cmd & - catch {raise .} - set sl 0 - set max 100 - #if {$ccert(ENC)} { - # set max 100 - #} - set maxms [expr $max * 1000] - while {$sl < $maxms} { - set s2 [expr $sl / 1000] - mesg "running openssl ... $s2/$max" - if {[file exists $pem] && [file exists $crt]} { - after 2000 - break - } - after 500 - set sl [expr $sl + 500] - } - mesg "" - } else { - update - set rc [catch {eval exec $cmd} emess] - if {$rc != 0 && [regexp -nocase {error:} $emess]} { - tk_messageBox -type ok -icon error -message $emess -title "OpenSSL req command failed" - return - } - } - } else { - set geometry [xterm_center_geometry] - update -# exec xterm -geometry $geometry -title "Running OpenSSL" -e sh -c "$cmd" - unix_terminal_cmd $geometry "Running OpenSSL" "$cmd" - catch {file attributes $pem -permissions go-rw} - catch {file attributes $crt -permissions go-w} - } - catch {file delete $tmp} - - set bad "" - if {! [file exists $pem]} { - set bad "$pem " - } - if {! [file exists $crt]} { - set bad "$crt" - } - if {$bad != ""} { - tk_messageBox -type ok -icon error -message "Not created: $bad" -title "OpenSSL could not create cert" - catch {raise .c} - return - } - - if {$ccert(ENC) && $ccert(PASS) != ""} { - set cmd "$ossl rsa -in \"$pem\" -des3 -out \"$pem\" -passout stdin" - set ph "" - set emess "" - update - set rc [catch {set ph [open "| $cmd" "w"]} emess] - if {$rc != 0 || $ph == ""} { - tk_messageBox -type ok -icon error -message $emess -title "Count not encrypt private key" - catch {file delete $pem} - catch {file delete $crt} - return - } - puts $ph $ccert(PASS) - set emess "" - set rc [catch {close $ph} emess] - #puts $emess - #puts $rc - } - - set in [open $crt "r"] - set out [open $pem "a"] - while {[gets $in line] > -1} { - puts $out $line - } - close $in - close $out - - catch {raise .c} - set p . - if [winfo exists .c] { - set p .c - } - set reply [tk_messageBox -parent $p -type yesno -title "View Cert" -message "View Certificate and Info?"] - catch {raise .c} - if {$reply == "yes"} { - set w .view_cert - catch {destroy $w} - toplevel $w - scroll_text $w.f - set cert "" - set fh "" - catch {set fh [open $crt "r"]} - if {$fh != ""} { - while {[gets $fh line] > -1} { - append cert "$line\n" - } - catch {close $fh} - } - - global yegg - set yegg "" - button $w.b -text Dismiss -command "destroy $w; set yegg 1" - pack $w.b -side bottom -fill x - bind $w <Escape> "destroy $w; set yegg 1" - - $w.f.t insert end "\n" - $w.f.t insert end "$crt:\n" - $w.f.t insert end "\n" - $w.f.t insert end $cert - $w.f.t insert end "\n" - - set info [get_x509_info $crt] - $w.f.t insert end $info - - pack $w.f -side top -fill both -expand 1 - center_win $w - catch {raise $w} - vwait yegg - catch {raise .c} - } - - set p . - if [winfo exists .c] { - set p .c - } - set reply [tk_messageBox -parent $p -type yesno -title "View Private Key" -message "View Private Key?"] - catch {raise .c} - if {$reply == "yes"} { - set w .view_key - catch {destroy $w} - toplevel $w - scroll_text $w.f - set key "" - set fh [open $pem "r"] - while {[gets $fh line] > -1} { - append key "$line\n" - } - close $fh - - global yegg - set yegg "" - button $w.b -text Dismiss -command "destroy $w; set yegg 1" - pack $w.b -side bottom -fill x - bind $w <Escape> "destroy $w; set yegg 1" - - $w.f.t insert end "\n" - $w.f.t insert end "$pem:\n" - $w.f.t insert end "\n" - $w.f.t insert end $key - $w.f.t insert end "\n" - - pack $w.f -side top -fill both -expand 1 - center_win $w - catch {raise $w} - vwait yegg - catch {raise .c} - } -} - -proc create_cert {} { - - catch {destroy .ccrt} - toplevel .ccrt - wm title .ccrt "Create SSL Certificate" - - global uname - if {$uname == "Darwin"} { - scroll_text .ccrt.f 80 20 - } else { - scroll_text .ccrt.f 80 30 - } - - set msg { - This dialog helps you to create a simple self-signed SSL certificate. - - On Unix the openssl(1) program must be installed and in $PATH. - On Windows, a copy of the openssl program is provided for convenience. - - The resulting certificate files can be used for either: - - 1) authenticating yourself (VNC Viewer) to a VNC Server - or 2) your verifying the identity of a remote VNC Server. - - In either case you will need to safely copy one of the generated - certificate files to the remote VNC Server and have the VNC Server use - it. Or you could send it to the system administrator of the VNC Server. - - For the purpose of description, assume that the filename selected in the - "Save to file" entry is "vnccert.pem". That file will be generated - by this process and so will the "vnccert.crt" file. "vnccert.pem" - contains both the Private Key and the Public Certificate. "vnccert.crt" - only contains the Public Certificate. - - For case 1) you would copy "vnccert.crt" to the VNC Server side and - instruct the server to use it. For x11vnc it would be for example: - - x11vnc -sslverify /path/to/vnccert.crt -ssl SAVE ... - - (it is also possible to handle many client certs at once in a directory, - see the -sslverify documentation). Then you would use "vnccert.pem" - as the MyCert entry in the Set SSL Certificates dialog. - - For case 2) you would copy "vnccert.pem" to the VNC Server side and - instruct the server to use it. For x11vnc it would be for example: - - x11vnc -ssl /path/to/vnccert.pem - - Then you would use "vnccert.crt" as the as the ServerCert entry in the - "Set SSL Certificates" dialog. - - - Creating the Certificate: - - Choose a output filename (ending in .pem) in the "Save to file" entry. - - Then fill in the identification information (Country, State or Province, - etc). - - The click on "Create" to generate the certificate files. - - Encrypting the Private Key: It is a very good idea to encrypt the - Private Key that goes in the "vnccert.pem". The downside is that - whenever that key is used (e.g. starting up x11vnc using it) then - the passphrase will need to be created. If you do not encrypt it and - somebody steals a copy of the "vnccert.pem" file then they can pretend - to be you. - - After you have created the certificate files, you must copy and import - either "vnccert.pem" or "vnccert.pem" to the remote VNC Server and - also select the other file in the "Set SSL Certificates" dialog. - See the description above. - - For more information see: - - http://www.karlrunge.com/x11vnc/ssl.html - http://www.karlrunge.com/x11vnc/#faq-ssl-tunnel-int - - The first one describes how to use x11vnc to create Certificate - Authority (CA) certificates in addition to self-signed ones. - - - Tip: if you choose the "Common Name" to be the internet hostname - (e.g. gateway.mydomain.com) that connections will be made to or - from that will avoid many dialogs when connecting mentioning that - the hostname does not match the Common Name. -} - .ccrt.f.t insert end $msg - - global ccert ccert_init tcert - - - if {! [info exists ccert_init]} { - set ccert_init 1 - set ccert(CO) "US" - set ccert(ST) "Massachusetts" - set ccert(LOC) "Boston" - set ccert(ON) "My Company" - set ccert(OUN) "Product Development" - set ccert(CN) "www.nowhere.none" - set ccert(EM) "admin@nowhere.none" - set ccert(DAYS) "365" - set ccert(FILE) "" - } - - set ccert(ENC) 0 - set ccert(PASS) "" - - set tcert(CO) "Country Name (2 letter code):" - set tcert(ST) "State or Province Name (full name):" - set tcert(LOC) "Locality Name (eg, city):" - set tcert(ON) "Organization Name (eg, company):" - set tcert(OUN) "Organizational Unit Name (eg, section):" - set tcert(CN) "Common Name (eg, YOUR name):" - set tcert(EM) "Email Address:" - set tcert(DAYS) "Days until expiration:" - - if {$ccert(FILE) == ""} { - set idir [get_idir_certs ""] - set ccert(FILE) "$idir/vnccert.pem" - } - - button .ccrt.cancel -text "Cancel" -command {destroy .ccrt; catch {raise .c}} - bind .ccrt <Escape> {destroy .ccrt; catch {raise .c}} - - button .ccrt.create -text "Generate Cert" -command {destroy .ccrt; catch {raise .c}; do_oss_create} - - pack .ccrt.cancel .ccrt.create -side bottom -fill x - - set ew 40 - - set w .ccrt.pf - frame $w - checkbutton $w.check -anchor w -variable ccert(ENC) -text \ - "Encrypt Key with Passphrase" -command {check_pp} - - entry $w.e -width $ew -textvariable ccert(PASS) -state disabled \ - -show * - - pack $w.e -side right - pack $w.check -side left -expand 1 -fill x - pack $w -side bottom -fill x - - set w .ccrt.fl - frame $w - label $w.l -anchor w -text "Save to file:" - - entry $w.e -width $ew -textvariable ccert(FILE) - button $w.b -text "Browse..." -command {set_createcert_file; catch {raise .ccrt}} - - pack $w.e -side right - pack $w.b -side right - pack $w.l -side left -expand 1 -fill x - pack $w -side bottom -fill x - - set i 0 - foreach t {DAYS EM CN OUN ON LOC ST CO} { - set w .ccrt.f$i - frame $w - label $w.l -anchor w -text "$tcert($t)" - entry $w.e -width $ew -textvariable ccert($t) - pack $w.e -side right - pack $w.l -side left -expand 1 -fill x - pack $w -side bottom -fill x - incr i - } - - pack .ccrt.f -side top -fill both -expand 1 - - center_win .ccrt -} - -proc import_check_mode {w} { - global import_mode - if {$import_mode == "paste"} { - $w.mf.b configure -state disabled - $w.mf.e configure -state disabled - $w.plab configure -state normal - $w.paste.t configure -state normal - } else { - $w.mf.b configure -state normal - $w.mf.e configure -state normal - $w.plab configure -state disabled - $w.paste.t configure -state disabled - } -} - -proc import_browse {} { - global import_file - - set idir "" - if {$import_file != ""} { - set idir [get_idir_certs $import_file] - } - if {$idir != ""} { - set t [tk_getOpenFile -initialdir $idir] - } else { - set t [tk_getOpenFile] - } - if {$t != ""} { - set import_file $t - } - catch {raise .icrt} - update -} - -proc import_save_browse {} { - global import_save_file - - set idir "" - if {$import_save_file != ""} { - set idir [get_idir_certs $import_save_file] - } - if {$idir == ""} { - set idir [get_idir_certs ""] - } - if {$idir != ""} { - set t [tk_getSaveFile -defaultextension ".crt" -initialdir $idir] - } else { - set t [tk_getSaveFile -defaultextension ".crt"] - } - if {$t != ""} { - set import_save_file $t - } - catch {raise .icrt} - update -} - -proc do_save {} { - global import_mode import_file import_save_file - - if {$import_save_file == ""} { - tk_messageBox -parent .icrt -type ok -icon error \ - -message "No Save File supplied" -title "Save File" - return - } - - set str "" - if {$import_mode == "paste"} { - set str [.icrt.paste.t get 1.0 end] - } else { - if {! [file exists $import_file]} { - tk_messageBox -parent .icrt -type ok -icon error \ - -message "Input file \"$import_file\" does not exist." -title "Import File" - return - } - set fh "" - set emess "" - set rc [catch {set fh [open $import_file "r"]} emess] - if {$rc != 0 || $fh == ""} { - tk_messageBox -parent .icrt -type ok -icon error \ - -message $emess -title "Import File: $import_file" - return - } - while {[gets $fh line] > -1} { - append str "$line\n" - } - close $fh - } - - if {! [regexp {BEGIN CERTIFICATE} $str]} { - tk_messageBox -parent .icrt -type ok -icon error \ - -message "Import Text does not contain \"BEGIN CERTIFICATE\"" -title "Imported Text" - return - } - if {! [regexp {END CERTIFICATE} $str]} { - tk_messageBox -parent .icrt -type ok -icon error \ - -message "Import Text does not contain \"END CERTIFICATE\"" -title "Imported Text" - return - } - - set fh "" - set emess "" - set rc [catch {set fh [open $import_save_file "w"]} emess] - if {$rc != 0 || $fh == ""} { - tk_messageBox -parent .icrt -type ok -icon error \ - -message $emess -title "Save File: $import_save_file" - return - } - global is_windows - if {! $is_windows} { - catch {file attributes $import_save_file -permissions go-w} - if {[regexp {PRIVATE} $str] || [regexp {\.pem$} $import_save_file]} { - catch {file attributes $import_save_file -permissions go-rw} - } - } - puts -nonewline $fh $str - close $fh - catch {destroy .icrt} - catch {raise .c} - tk_messageBox -parent .c -type ok -icon info \ - -message "Saved to file: $import_save_file" -title "Save File: $import_save_file" -} - -proc import_cert {} { - - catch {destroy .icrt} - toplevel .icrt - wm title .icrt "Import SSL Certificate" - - global scroll_text_focus - set scroll_text_focus 0 - global uname - if {$uname == "Darwin"} { - scroll_text .icrt.f 90 16 - } else { - scroll_text .icrt.f 90 20 - } - set scroll_text_focus 1 - - set msg { - This dialog lets you import a SSL Certificate by either pasting one in or by - loading from another file. Choose which input mode you want to use by the toggle - "Paste / Read from File". - - There are two types of files we use 1) Certificate only, and 2) Private Key - and Certificate. - - Type 1) would be used to verify the identity of a remote VNC Server, whereas - type 2) would be used to authenticate ourselves to the remote VNC Server. - - A type 1) by convention ends with file suffix ".crt" and looks like: - ------BEGIN CERTIFICATE----- -MIID2jCCAsKgAwIBAgIJALKypfV8BItCMA0GCSqGSIb3DQEBBAUAMIGgMQswCQYD -(more lines) ... -TCQ+tbQ/DOiTXGKx1nlcKoPdkG+QVQVJthlQcpam ------END CERTIFICATE----- - - A type 2) by convention ends with file suffix ".pem" and looks like: - ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA4sApd7WaPKQRWnFe9T04D4pglQB0Ti0/dCVHxg8WEVQ8OdcW -(more lines) ... -9kBmNotUiTpvRM+e7E/zRemhvY9qraFooqMWzi9JrgYfeLfSvvFfGw== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIID2jCCAsKgAwIBAgIJALKypfV8BItCMA0GCSqGSIb3DQEBBAUAMIGgMQswCQYD -(more lines) ... -TCQ+tbQ/DOiTXGKx1nlcKoPdkG+QVQVJthlQcpam ------END CERTIFICATE----- - - You do not need to use the ".crt" or ".pem" convention if you do not want to. - - First, either paste in the text or set the "Read from File" filename. - - Next, set the "Save to File" name to the file where the imported certificate - will be saved. - - Then, click on "Save" to save the imported Certificate. - - After you have imported the Certificate (or Key + Certificate), select it to - use for a connection via the "MyCert" or "ServerCert" dialog. -} - .icrt.f.t insert end $msg - - global icert import_mode - - set import_mode "paste" - - set w .icrt.mf - frame $w - - radiobutton $w.p -pady 1 -anchor w -variable import_mode -value paste \ - -text "Paste" -command "import_check_mode .icrt" - - radiobutton $w.f -pady 1 -anchor w -variable import_mode -value file \ - -text "Read from File:" -command "import_check_mode .icrt" - - global import_file - set import_file "" - entry $w.e -width 40 -textvariable import_file - - button $w.b -pady 1 -anchor w -text "Browse..." -command import_browse - pack $w.b -side right - pack $w.p $w.f -side left - pack $w.e -side left -expand 1 -fill x - - $w.b configure -state disabled - $w.e configure -state disabled - - label .icrt.plab -anchor w -text "Paste Certificate here:" - if {$uname == "Darwin"} { - scroll_text .icrt.paste 90 11 - } else { - scroll_text .icrt.paste 90 22 - } - - button .icrt.cancel -text "Cancel" -command {destroy .icrt; catch {raise .c}} - bind .icrt <Escape> {destroy .icrt; catch {raise .c}} - - button .icrt.save -text "Save" -command {do_save} - - set w .icrt.sf - frame $w - - label $w.l -text "Save to File:" -anchor w - global import_save_file - set import_save_file "" - entry $w.e -width 40 -textvariable import_save_file - button $w.b -pady 1 -anchor w -text "Browse..." -command import_save_browse - - pack $w.b -side right - pack $w.l -side left - pack $w.e -side left -expand 1 -fill x - - pack .icrt.cancel .icrt.save .icrt.sf .icrt.mf -side bottom -fill x - pack .icrt.paste .icrt.plab -side bottom -fill x - - pack .icrt.f -side top -fill both -expand 1 - - .icrt.paste.t insert end "" - - focus .icrt.paste.t - - center_win .icrt -} - - -proc getcerts {} { - global mycert svcert crtdir - global use_ssh use_sshssl - catch {destroy .c} - toplevel .c - wm title .c "Set SSL Certificates" - frame .c.mycert - frame .c.svcert - frame .c.crtdir - label .c.mycert.l -anchor w -width 12 -text "MyCert:" - label .c.svcert.l -anchor w -width 12 -text "ServerCert:" - label .c.crtdir.l -anchor w -width 12 -text "CertsDir:" - - entry .c.mycert.e -width 32 -textvariable mycert -vcmd v_mycert - entry .c.svcert.e -width 32 -textvariable svcert -vcmd v_svcert - bind .c.mycert.e <Enter> {.c.mycert.e validate} - bind .c.mycert.e <Leave> {.c.mycert.e validate} - bind .c.svcert.e <Enter> {.c.svcert.e validate} - bind .c.svcert.e <Leave> {.c.svcert.e validate} - entry .c.crtdir.e -width 32 -textvariable crtdir - button .c.mycert.b -text "Browse..." -command {set_mycert; catch {raise .c}} - button .c.svcert.b -text "Browse..." -command {set_svcert; catch {raise .c}} - button .c.crtdir.b -text "Browse..." -command {set_crtdir; catch {raise .c}} - button .c.mycert.i -text "Info" -command {show_mycert} - button .c.svcert.i -text "Info" -command {show_svcert} - button .c.crtdir.i -text "Info" -command {} - .c.mycert.i configure -state disabled - .c.svcert.i configure -state disabled - .c.crtdir.i configure -state disabled - bind .c.mycert.b <B3-ButtonRelease> "show_mycert" - bind .c.svcert.b <B3-ButtonRelease> "show_svcert" - - button .c.create -text "Create Certificate ..." -command {create_cert} - button .c.import -text "Import Certificate ..." -command {import_cert} - - frame .c.b - button .c.b.done -text "Done" -command {catch {destroy .c}} - bind .c <Escape> {destroy .c} - button .c.b.help -text "Help" -command help_certs - pack .c.b.help .c.b.done -fill x -expand 1 -side left - - foreach w [list mycert svcert crtdir] { - pack .c.$w.l -side left - pack .c.$w.e -side left -expand 1 -fill x - pack .c.$w.b -side left - pack .c.$w.i -side left - bind .c.$w.e <Return> ".c.$w.b invoke" - if {$use_ssh} { - .c.$w.l configure -state disabled - .c.$w.e configure -state disabled - .c.$w.b configure -state disabled - } - } - - pack .c.mycert .c.svcert .c.crtdir .c.create .c.import .c.b -side top -fill x - center_win .c - wm resizable .c 1 0 - - focus .c -} - -proc get_profiles_dir {} { - global env is_windows - - set dir "" - if {$is_windows} { - set t [file dirname [pwd]] - set t "$t/profiles" - if [file isdirectory $t] { - set dir $t - } - } elseif [info exists env(HOME)] { - set t "$env(HOME)/.vnc" - if [file isdirectory $t] { - set dir $t - set s "$t/profiles" - if {! [file exists $s]} { - catch {file mkdir $s} - } - } - } - - if {$dir != ""} { - - } elseif [info exists env(SSL_VNC_BASEDIR)] { - set dir $env(SSL_VNC_BASEDIR) - } else { - set dir [pwd] - } - if [file isdirectory "$dir/profiles"] { - set dir "$dir/profiles" - } - return $dir -} - -proc globalize {} { - global defs - foreach var [array names defs] { - uplevel global $var - } -} - -proc load_include {include dir} { - global include_vars defs - - if [info exists include_vars] { - unset include_vars - } - - foreach inc [split $include ", "] { - set f [string trim $inc] -#puts "f=$f"; - if {$f == ""} { - continue - } - set try "" - if {[regexp {/} $f] || [regexp {\\} $f]} { - set try $f; - } else { - set try "$dir/$f" - } - if {! [file exists $try]} { - set try "$dir/$f.vnc" - } -#puts "try: $try" - if [file exists $try] { - set fh "" - catch {set fh [open $try "r"]} - if {$fh == ""} { - continue - } - while {[gets $fh line] > -1} { - append inc_str "$line\n" - if [regexp {^([^=]*)=(.*)$} $line m var val] { - if {! [info exists defs($var)]} { - continue - } - if {$var == "include_list"} { - continue - } - set pct 0 - if {$var == "smb_mount_list"} { - set pct 1 - } - if {$var == "port_knocking_list"} { - set pct 1 - } - if {$pct} { - regsub -all {%%%} $val "\n" val - } - if {$val != $defs($var)} { -#puts "include_vars $var $val" - set include_vars($var) $val - } - } - } - catch {close $fh} - } - } -} - -proc load_profile {} { - global profdone - global vncdisplay - - globalize - - set dir [get_profiles_dir] - - set file [tk_getOpenFile -defaultextension ".vnc" \ - -initialdir $dir -title "Load VNC Profile"] - if {$file == ""} { - set profdone 1 - return - } - set fh [open $file "r"] - if {! [info exists fh]} { - set profdone 1 - return - } - set str "" - set include "" - while {[gets $fh line] > -1} { - append str "$line\n" - if [regexp {^include_list=(.*)$} $line m val] { - set include $val - } - } - close $fh - - if {$include != ""} { - load_include $include $dir - } - - set_defaults - - global include_vars - if [info exists include_vars] { - foreach var [array names include_vars] { - set $var $include_vars($var) - } - } - - global defs - foreach line [split $str "\n"] { - set line [string trim $line] - if [regexp {^#} $line] { - continue - } - if [regexp {^([^=]*)=(.*)$} $line m var val] { - if {$var == "disp"} { - set vncdisplay $val - continue - } - if [info exists defs($var)] { - set pct 0 - if {$var == "smb_mount_list"} { - set pct 1 - } - if {$var == "port_knocking_list"} { - set pct 1 - } - if {$pct} { - regsub -all {%%%} $val "\n" val - } - set $var $val - } - } - } - - set compresslevel_text "Compress Level: $use_compresslevel" - set quality_text "Quality: $use_quality" - - set profdone 1 - putty_pw_entry check -} - -proc save_profile {} { - global is_windows uname - global vncdisplay - global profdone - global include_vars defs - - globalize - - set dir [get_profiles_dir] - - set disp [string trim $vncdisplay] - if {$disp != ""} { - regsub {[ ].*$} $disp "" disp - regsub -all {/} $disp "" disp - } - if {$is_windows || $uname == "Darwin"} { - regsub -all {:} $disp "_" disp - } - - set file [tk_getSaveFile -defaultextension ".vnc" \ - -initialdir $dir -initialfile "$disp" -title "Save VNC Profile"] - if {$file == ""} { - set profdone 1 - return - } - set fh [open $file "w"] - if {! [info exists fh]} { - set profdone 1 - return - } - set h [string trim $vncdisplay] - set p $h - regsub {:.*$} $h "" h - set host $h - regsub {[ ].*$} $p "" p - regsub {^.*:} $p "" p - regsub { .*$} $p "" p - if {$p == ""} { - set p 0 - } - if {$p < 200} { - set port [expr $p + 5900] - } else { - set port $p - } - - set h [string trim $vncdisplay] - regsub {cmd=.*$} $h "" h - set h [string trim $h] - if {! [regexp {[ ]} $h]} { - set h "" - } else { - regsub {^.*[ ]} $h "" h - } - if {$h == ""} { - set proxy "" - set proxyport "" - } else { - set p $h - regsub {:.*$} $h "" h - set proxy $h - regsub {[ ].*$} $p "" p - regsub {^.*:} $p "" p - if {$p == ""} { - set proxyport 0 - } else { - set proxyport $p - } - } - - puts $fh "\[connection\]" - puts $fh "host=$host" - puts $fh "port=$port" - puts $fh "proxyhost=$proxy" - puts $fh "proxyport=$proxyport" - puts $fh "disp=$vncdisplay" - puts $fh "\n\[options\]" - - if {$include_list != ""} { - load_include $include_list [get_profiles_dir] - } - - foreach var [lsort [array names defs]] { - eval set val \$$var - set pre "" - if {$val == $defs($var)} { - set pre "#" - } - set pct 0 - if {$var == "smb_mount_list"} { - set pct 1 - } - if {$var == "port_knocking_list"} { - set pct 1 - } - if {$include_list != "" && [info exists include_vars($var)]} { - if {$val == $include_vars($var)} { - if {$pct} { - regsub -all "\n" $val "%%%" val - } - puts $fh "#from include: $var=$val" - continue - } - } - if {$pct} { - regsub -all "\n" $val "%%%" val - } - puts $fh "$pre$var=$val" - } - - close $fh - set profdone 1 -} - -proc set_ssh {} { - global use_ssh use_sshssl - if {! $use_ssh && ! $use_sshssl} { - set use_ssh 1 - } - putty_pw_entry check -} - -proc expand_IP {redir} { - if {! [regexp {:IP:} $redir]} { - return $redir - } - if {! [regexp {(-R).*:IP:} $redir]} { - return $redir - } - - set ip [guess_ip] - set ip [string trim $ip] - if {$ip == ""} { - return $redir - } - - regsub -all {:IP:} $redir ":$ip:" redir - return $redir -} - -proc get_cups_redir {} { - global cups_local_server cups_remote_port - global cups_local_smb_server cups_remote_smb_port - set redir "$cups_remote_port:$cups_local_server" - regsub -all {['" ]} $redir {} redir; #" - set redir " -R $redir" - if {$cups_local_smb_server != "" && $cups_remote_smb_port != ""} { - set redir2 "$cups_remote_smb_port:$cups_local_smb_server" - regsub -all {['" ]} $redir2 {} redir2; #" - set redir "$redir -R $redir2" - } - set redir [expand_IP $redir] - return $redir -} - -proc get_additional_redir {} { - global additional_port_redirs additional_port_redirs_list - if {! $additional_port_redirs || $additional_port_redirs_list == ""} { - return "" - } - set redir [string trim $additional_port_redirs_list] - regsub -all {['"]} $redir {} redir; #" - set redir " $redir" - set redir [expand_IP $redir] - return $redir -} - -proc get_sound_redir {} { - global sound_daemon_remote_port sound_daemon_local_port - set loc $sound_daemon_local_port - if {! [regexp {:} $loc]} { - set loc "localhost:$loc" - } - set redir "$sound_daemon_remote_port:$loc" - regsub -all {['" ]} $redir {} redir; #" - set redir " -R $redir" - set redir [expand_IP $redir] - return $redir -} - -proc get_smb_redir {} { - global smb_mount_list - - set s [string trim $smb_mount_list] - if {$s == ""} { - return "" - } - - set did(0) 1 - set redir "" - set mntlist "" - - foreach line [split $s "\r\n"] { - set str [string trim $line] - if {$str == ""} { - continue - } - if {[regexp {^#} $str]} { - continue - } - - set port "" - if [regexp {^([0-9][0-9]*)[ \t][ \t]*(.*)} $str mvar port rest] { - # leading port - set str [string trim $rest] - } - - # grab: //share /dest [host[:port]] - set share "" - set dest "" - set hostport "" - foreach item [split $str] { - if {$item == ""} { - continue - } - if {$share == ""} { - set share [string trim $item] - } elseif {$dest == ""} { - set dest [string trim $item] - } elseif {$hostport == ""} { - set hostport [string trim $item] - } - } - - regsub {^~/} $dest {$HOME/} dest - - # work out the local host:port - set lhost "" - set lport "" - if {$hostport != ""} { - if [regexp {(.*):(.*)} $hostport mvar lhost lport] { - ; - } else { - set lhost $hostport - set lport 139 - } - } else { - if [regexp {//([^/][^/]*)/} $share mvar h] { - if [regexp {(.*):(.*)} $h mvar lhost lport] { - ; - } else { - set lhost $h - set lport 139 - } - } else { - set lhost localhost - set lport 139 - } - } - - if {$port == ""} { - if [info exists did("$lhost:$lport")] { - # reuse previous one: - set port $did("$lhost:$lport") - } else { - # choose one at random: - for {set i 0} {$i < 3} {incr i} { - set port [expr 20100 + 9000 * rand()] - set port [expr round($port)] - if { ! [info exists did($port)] } { - break - } - } - } - set did($port) 1 - } - - if {$mntlist != ""} { - append mntlist " " - } - append mntlist "$share,$dest,$port" - - if { ! [info exists did("$lhost:$lport")] } { - append redir " -R $port:$lhost:$lport" - set did("$lhost:$lport") $port - } - } - - regsub -all {['"]} $redir {} redir; #" - set redir [expand_IP $redir] - - regsub -all {['"]} $mntlist {} mntlist; #" - - set l [list] - lappend l $redir - lappend l $mntlist - return $l -} - -proc ugly_setup_scripts {mode tag} { - -set cmd(1) { - SSHD_PID="" - FLAG=$HOME/.vnc-helper-flag__PID__ - - if [ "X$USER" = "X" ]; then - USER=$LOGNAME - fi - - DO_CUPS=0 - cups_dir=$HOME/.cups - cups_cfg=$cups_dir/client.conf - cups_host=localhost - cups_port=NNNN - - DO_SMB=0 - DO_SMB_SU=0 - DO_SMB_WAIT=0 - smb_mounts= - DONE_PORT=NNNN - smb_script=$HOME/.smb-mounts__PID__.sh - - DO_SOUND=0 - DO_SOUND_KILL=0 - DO_SOUND_RESTART=0 - sound_daemon_remote_prog= - sound_daemon_remote_args= - - findpid() { - i=1 - back=10 - touch $FLAG - - if [ "X$TOPPID" = "X" ]; then - TOPPID=$$ - back=50 - fi - - while [ $i -lt $back ] - do - try=`expr $TOPPID - $i` - if ps $try 2>/dev/null | grep sshd >/dev/null; then - SSHD_PID="$try" - echo SSHD_PID=$try - echo - break - fi - i=`expr $i + 1` - done - echo MY_PID=$$ - tty - echo - } - - wait_til_ssh_gone() { - try_perl="" - if type perl >/dev/null 2>&1; then - try_perl=1 - fi - uname=`uname` - if [ "X$uname" != "XLinux" -a "X$uname" != "XSunOS" ]; then - try_perl="" - fi - if [ "X$try_perl" = "X1" ]; then - # try to avoid wasting pids: - perl -e "while (1) {if(! -e \"/proc/$SSHD_PID\"){exit} if(! -f \"$FLAG\"){exit} sleep 1;}" - else - while [ 1 ] - do - ps $SSHD_PID > /dev/null 2>&1 - if [ $? != 0 ]; then - break - fi - if [ ! -f $FLAG ]; then - break - fi - sleep 1 - done - fi - rm -f $FLAG - if [ "X$DO_SMB_WAIT" = "X1" ]; then - rm -f $smb_script - fi - } -}; - -set cmd(2) { - update_client_conf() { - mkdir -p $cups_dir - if [ -f $cups_cfg ]; then - cp -p $cups_cfg $cups_cfg.back - else - touch $cups_cfg.back - fi - sed -e "s/^ServerName/#-etv-#ServerName/" $cups_cfg.back > $cups_cfg - echo "ServerName $cups_host:$cups_port" >> $cups_cfg - echo - echo "--------------------------------------------------------------" - echo "The CUPS $cups_cfg config file has been set to:" - echo - cat $cups_cfg - echo - echo "If there are problems automatically restoring it, edit or" - echo "remove the file to go back to local CUPS settings." - echo - echo "A backup has been placed in: $cups_cfg.back" - echo - echo "See the help description for more details on printing." - echo - echo "done." - echo "--------------------------------------------------------------" - echo - } - - reset_client_conf() { - cp -p $cups_cfg $cups_cfg.tmp - grep -v "^ServerName" $cups_cfg.tmp | sed -e "s/^#-etv-#ServerName/ServerName/" > $cups_cfg - rm -f $cups_cfg.tmp - } - - cupswait() { - trap "" INT QUIT HUP - wait_til_ssh_gone - reset_client_conf - } -}; - -# if [ "X$DONE_PORT" != "X" ]; then -# if type perl >/dev/null 2>&1; then -# perl -e "use IO::Socket::INET; \$SIG{INT} = \"IGNORE\"; \$SIG{QUIT} = \"IGNORE\"; \$SIG{HUP} = \"INGORE\"; my \$client = IO::Socket::INET->new(Listen => 5, LocalAddr => \"localhost\", LocalPort => $DONE_PORT, Proto => \"tcp\")->accept(); \$line = <\$client>; close \$client; unlink \"$smb_script\";" </dev/null >/dev/null 2>/dev/null & -# if [ $? = 0 ]; then -# have_perl_done="1" -# fi -# fi -# fi - -set cmd(3) { - smbwait() { - trap "" INT QUIT HUP - wait_til_ssh_gone - } - do_smb_mounts() { - if [ "X$smb_mounts" = "X" ]; then - return - fi - echo > $smb_script - have_perl_done="" - echo "echo" >> $smb_script - dests="" - for mnt in $smb_mounts - do - smfs=`echo "$mnt" | awk -F, "{print \\\$1}"` - dest=`echo "$mnt" | awk -F, "{print \\\$2}"` - port=`echo "$mnt" | awk -F, "{print \\\$3}"` - dest=`echo "$dest" | sed -e "s,__USER__,$USER,g" -e "s,__HOME__,$HOME,g"` - if [ ! -d $dest ]; then - mkdir -p $dest - fi - echo "echo SMBMOUNT:" >> $smb_script - echo "echo smbmount $smfs $dest -o uid=$USER,ip=127.0.0.1,ttl=20000,port=$port" >> $smb_script - echo "smbmount \"$smfs\" \"$dest\" -o uid=$USER,ip=127.0.0.1,ttl=20000,port=$port" >> $smb_script - echo "echo; df \"$dest\"; echo" >> $smb_script - dests="$dests $dest" - done - #} -}; - -set cmd(4) { - echo "(" >> $smb_script - echo "trap \"\" INT QUIT HUP" >> $smb_script - - try_perl="" - if type perl >/dev/null 2>&1; then - try_perl=1 - fi - uname=`uname` - if [ "X$uname" != "XLinux" -a "X$uname" != "XSunOS" ]; then - try_perl="" - fi - - if [ "X$try_perl" = "X" ]; then - echo "while [ -f $smb_script ]" >> $smb_script - echo "do" >> $smb_script - echo " sleep 1" >> $smb_script - echo "done" >> $smb_script - else - echo "perl -e \"while (-f \\\\\"$smb_script\\\\\") {sleep 1;} exit 0;\"" >> $smb_script - fi - for dest in $dests - do - echo "echo smbumount $dest" >> $smb_script - echo "smbumount \"$dest\"" >> $smb_script - done - echo ") &" >> $smb_script - echo "--------------------------------------------------------------" - if [ "$DO_SMB_SU" = "0" ]; then - echo "We now run the smbmount script as user $USER" - echo - echo sh $smb_script - sh $smb_script - rc=0 - elif [ "$DO_SMB_SU" = "1" ]; then - echo "We now run the smbmount script via su(1)" - echo - echo "The first \"Password:\" will be for that of root to run the smbmount script." - echo - echo "Subsequent \"Password:\" will be for the SMB share(s) (hit Return if no passwd)" - echo - echo SU: - echo "su root -c \"sh $smb_script\"" - su root -c "sh $smb_script" - rc=$? - elif [ "$DO_SMB_SU" = "2" ]; then - echo "We now run the smbmount script via sudo(8)" - echo - echo "The first \"Password:\" will be for that of the sudo(8) password." - echo - echo "Subsequent \"Password:\" will be for the SMB shares (hit enter if no passwd)" - echo - echo SUDO: - echo sudo sh $smb_script - sudo sh $smb_script - rc=$? - fi -}; - -set cmd(5) { - #{ - echo - if [ "$rc" = 0 ]; then - if [ "X$have_perl_done" = "X1" -o 1 = 1 ] ; then - echo - echo "Your SMB shares will be unmounted when the VNC connection closes," - echo "*As Long As* No Applications have any of the share files opened or are" - echo "cd-ed into any of the share directories." - echo - echo "Try to make sure nothing is accessing the SMB shares before disconnecting" - echo "the VNC session. If you fail to do that follow these instructions:" - fi - echo - echo "To unmount your SMB shares make sure no applications are still using any of" - echo "the files and no shells are still cd-ed into the share area, then type:" - echo - echo " rm -f $smb_script" - echo - echo "In the worst case run: smbumount /path/to/mount/point for each mount as root" - echo "Even with the remote redirection gone the kernel should umount after a timeout." - else - echo - if [ "$DO_SMB_SU" = "1" ]; then - echo "su(1) to run smbmount(8) failed." - elif [ "$DO_SMB_SU" = "2" ]; then - echo "sudo(8) to run smbmount(8) failed." - fi - rm -f $smb_script - fi - echo - echo "done." - echo "--------------------------------------------------------------" - echo - } -}; - -set cmd(6) { - - setup_sound() { - dpid="" - d=$sound_daemon_remote_prog - if type pgrep >/dev/null 2>/dev/null; then - dpid=`pgrep -U $USER -x $d | head -1` - else - dpid=`env PATH=/usr/ucb:$PATH ps wwwwaux | grep -w $USER | grep -w $d | grep -v grep | head -1` - fi - echo "--------------------------------------------------------------" - echo "Setting up Sound: pid=$dpid" - if [ "X$dpid" != "X" ]; then - dcmd=`env PATH=/usr/ucb:$PATH ps wwwwaux | grep -w $USER | grep -w $d | grep -w $dpid | grep -v grep | head -1 | sed -e "s/^.*$d/$d/"` - if [ "X$DO_SOUND_KILL" = "X1" ]; then - echo "Stopping sound daemon: $sound_daemon_remote_prog $dpid" - echo "sound cmd: $dcmd" - kill -TERM $dpid - fi - fi - echo - echo "done." - echo "--------------------------------------------------------------" - echo - } - - reset_sound() { - if [ "X$DO_SOUND_RESTART" = "X1" ]; then - d=$sound_daemon_remote_prog - a=$sound_daemon_remote_args - echo "Restaring sound daemon: $d $a" - $d $a </dev/null >/dev/null 2>&1 & - fi - } - - soundwait() { - trap "" INT QUIT HUP - wait_til_ssh_gone - reset_sound - } - - findpid - - if [ $DO_SMB = 1 ]; then - do_smb_mounts - fi - - waiter=0 - - if [ $DO_CUPS = 1 ]; then - update_client_conf - cupswait </dev/null >/dev/null 2>/dev/null & - waiter=1 - fi - - if [ $DO_SOUND = 1 ]; then - setup_sound - soundwait </dev/null >/dev/null 2>/dev/null & - waiter=1 - fi - if [ $DO_SMB_WAIT = 1 ]; then - if [ $waiter != 1 ]; then - smbwait </dev/null >/dev/null 2>/dev/null & - waiter=1 - fi - fi - - - #FINMSG - echo - echo "--vnc-helper-exiting--" - echo - #cat $0 - rm -f $0 - exit 0 -}; - - set cmdall "" - - for {set i 1} {$i <= 6} {incr i} { - set v $cmd($i); - regsub -all "\n" $v "%" v - set cmd($i) $v - append cmdall "echo " - if {$i == 1} { - append cmdall {TOPPID=$$%} - } - append cmdall {'} - append cmdall $cmd($i) - append cmdall {' | tr '%' '\n'} - if {$i == 1} { - append cmdall {>} - } else { - append cmdall {>>} - } - append cmdall {$HOME/.vnc-helper-cmd__PID__; } - } - append cmdall {sh $HOME/.vnc-helper-cmd__PID__; } - - regsub -all {vnc-helper-cmd} $cmdall "vnc-helper-cmd-$mode" cmdall - if {$tag == ""} { - set tag [pid] - } - regsub -all {__PID__} $cmdall "$tag" cmdall - - set orig $cmdall - - global use_cups cups_local_server cups_remote_port cups_manage_rcfile - if {$use_cups && $cups_manage_rcfile} { - if {$mode == "post"} { - regsub {DO_CUPS=0} $cmdall {DO_CUPS=1} cmdall - regsub {cups_port=NNNN} $cmdall "cups_port=$cups_remote_port" cmdall - } - } - - global use_smbmnt smb_su_mode smb_mounts - if {$use_smbmnt} { - if {$smb_mounts != ""} { - set smbm $smb_mounts - regsub -all {%USER} $smbm "__USER__" smbm - regsub -all {%HOME} $smbm "__HOME__" smbm - if {$mode == "pre"} { - regsub {DO_SMB=0} $cmdall {DO_SMB=1} cmdall - if {$smb_su_mode == "su"} { - regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=1} cmdall - } elseif {$smb_su_mode == "sudo"} { - regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=2} cmdall - } elseif {$smb_su_mode == "none"} { - regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=0} cmdall - } else { - regsub {DO_SMB_SU=0} $cmdall {DO_SMB_SU=1} cmdall - } - regsub {smb_mounts=} $cmdall "smb_mounts=\"$smbm\"" cmdall - } elseif {$mode == "post"} { - regsub {DO_SMB_WAIT=0} $cmdall {DO_SMB_WAIT=1} cmdall - } - } - } - - global use_sound - if {$use_sound} { - if {$mode == "pre"} { - global sound_daemon_remote_cmd sound_daemon_kill sound_daemon_restart - if {$sound_daemon_kill} { - regsub {DO_SOUND_KILL=0} $cmdall {DO_SOUND_KILL=1} cmdall - regsub {DO_SOUND=0} $cmdall {DO_SOUND=1} cmdall - } - if {$sound_daemon_restart} { - regsub {DO_SOUND_RESTART=0} $cmdall {DO_SOUND_RESTART=1} cmdall - regsub {DO_SOUND=0} $cmdall {DO_SOUND=1} cmdall - } - set sp [string trim $sound_daemon_remote_cmd] - regsub {[ \t].*$} $sp "" sp - set sa [string trim $sound_daemon_remote_cmd] - regsub {^[^ \t][^ \t]*[ \t][ \t]*} $sa "" sa - regsub {sound_daemon_remote_prog=} $cmdall "sound_daemon_remote_prog=\"$sp\"" cmdall - regsub {sound_daemon_remote_args=} $cmdall "sound_daemon_remote_args=\"$sa\"" cmdall - } - } - - if {$mode == "pre"} { - set dopre 0 - if {$use_smbmnt && $smb_mounts != ""} { - set dopre 1 - } - if {$use_sound && $sound_daemon_kill} { - set dopre 1 - } - if {$dopre} { - global is_windows - if {$is_windows} { - regsub {#FINMSG} $cmdall {echo "Now Go Click on the Label to Start the 2nd SSH"} cmdall - } else { - regsub {#FINMSG} $cmdall {echo "Finished with the 1st SSH tasks, the 2nd SSH should start shortly..."} cmdall - } - } - } - - if {"$orig" == "$cmdall"} { - return "" - } else { - return $cmdall - } -} - -proc cups_dialog {} { - - catch {destroy .cups} - toplevel .cups - wm title .cups "CUPS Tunnelling" - global cups_local_server cups_remote_port cups_manage_rcfile - global cups_local_smb_server cups_remote_smb_port - - global uname - if {$uname == "Darwin"} { - scroll_text .cups.f 80 25 - } else { - scroll_text .cups.f - } - - - set msg { - CUPS Printing requires SSH be used to set up the Print service port - redirection. This will be either of the "Use SSH instead" or "Use - SSH and SSL" modes under "Options". Pure SSL tunnelling will not work. - - This method requires working CUPS software setups on both the remote - and local sides of the connection. - - (See Method #1 below for perhaps the easiest way to get applications to - print through the tunnel; it requires printing admin privileges however). - - You choose an actual remote CUPS port below under "Use Remote CUPS - Port:" (6631 is just our default and used in the examples below). - Note that the normal default CUPS server port is 631. - - The port you choose must be unused on the VNC server machine (n.b. no - checking is done). Print requests connecting to it are redirected to - your local machine through the SSH tunnel. Note: root permission is - needed for ports less than 1024 (this is not recommended). - - Then enter the VNC Viewer side (i.e. where you are sitting) CUPS server - under "Local CUPS Server". E.g. use "localhost:631" if there is one - on the viewer machine, or, say, "my-print-srv:631" for a nearby CUPS - print server. - - Several methods are now described for how to get applications to - print through the port redirected tunnel. - - Method #0: Create or edit the file $HOME/.cups/client.conf on the VNC - server side by putting in something like this in it: - - ServerName localhost:6631 - - based on the port you selected above. - - NOTE: For this client.conf ServerName setting to work with lp(1) - and lpr(1) CUPS 1.2 or greater is required. The cmdline option - "-h localhost:6631" can be used for older versions. For client.conf to - work in general (e.g. Openoffice, Firefox), a bugfix found in CUPS 1.2.3 - is required. Two Workarounds (Methods #1 and #2) are described below. - - After the remote VNC Connection is finished, to go back to the non-SSH - tunnelled CUPS server and either remove the client.conf file or comment - out the ServerName line. This restores the normal CUPS server for - you on the remote machine. - - Select "Manage ServerName in the $HOME/.cups/client.conf file for me" to - attempt to do this editing of the CUPS config file for you automatically. - - Method #1: If you have admin permission on the VNC Server machine you - can likely "Add a Printer" via a GUI dialog, wizard, lpadmin(8), etc. - This makes the client.conf ServerName parameter unnecessary. You will - need to tell the GUI dialog that the printer is at, e.g., localhost:6631, - and anything else needed to identify the printer (type, model, etc). - - Method #2: Restarting individual applications with the IPP_PORT - set will enable redirected printing for them, e.g.: - - env IPP_PORT=6631 firefox - - If you can only get Method #2 to work, an extreme application would - be to run the whole desktop, e.g. env IPP_PORT=6631 gnome-session, but - then you would need some sort of TCP redirector (ssh -L comes to mind), - to direct it to 631 when not connected remotely. - - Windows/SMB Printers: Under "Local SMB Print Server" you can set - a port redirection for a Windows (non-CUPS) SMB printer. E.g. port - 6632 -> localhost:139. If localhost:139 does not work, try IP:139, - etc. or put in the IP address manually. Then at the least you can - print using the smbspool(8) program like this: - - smbspool smb://localhost:6632/lp job user title 1 "" myfile.ps - - You could put this in a script, "myprinter". It appears for the URI, - only the number of copies ("1" above) and the file itself are important. - (XXX this might only work for Samba printers...) - - If you have root or print admin permission you can configure CUPS to - know about this printer via lpadmin(8), etc. You basically give it - the smb://... URI. - - For more info see: http://www.karlrunge.com/x11vnc/#faq-cups -} - .cups.f.t insert end $msg - - if {$cups_local_server == ""} { - set cups_local_server "localhost:631" - } - if {$cups_remote_port == ""} { - set cups_remote_port "6631" - } - if {$cups_local_smb_server == ""} { - global is_windows - if {$is_windows} { - set cups_local_smb_server "IP:139" - } else { - set cups_local_smb_server "localhost:139" - } - } - if {$cups_remote_smb_port == ""} { - set cups_remote_smb_port "6632" - } - - frame .cups.serv - label .cups.serv.l -anchor w -text "Local CUPS Server: " - entry .cups.serv.e -width 40 -textvariable cups_local_server - pack .cups.serv.e -side right - pack .cups.serv.l -side left -expand 1 -fill x - - frame .cups.port - label .cups.port.l -anchor w -text "Use Remote CUPS Port:" - entry .cups.port.e -width 40 -textvariable cups_remote_port - pack .cups.port.e -side right - pack .cups.port.l -side left -expand 1 -fill x - - frame .cups.smbs - label .cups.smbs.l -anchor w -text "Local SMB Print Server: " - entry .cups.smbs.e -width 40 -textvariable cups_local_smb_server - pack .cups.smbs.e -side right - pack .cups.smbs.l -side left -expand 1 -fill x - - frame .cups.smbp - label .cups.smbp.l -anchor w -text "Use Remote SMB Print Port:" - entry .cups.smbp.e -width 40 -textvariable cups_remote_smb_port - pack .cups.smbp.e -side right - pack .cups.smbp.l -side left -expand 1 -fill x - - checkbutton .cups.cupsrc -anchor w -variable cups_manage_rcfile -text \ - "Manage ServerName in the remote \$HOME/.cups/client.conf file for me" - - button .cups.cancel -text "Cancel" -command {destroy .cups; set use_cups 0} - bind .cups <Escape> {destroy .cups; set use_cups 0} - button .cups.done -text "Done" -command {destroy .cups; if {$use_cups} {set_ssh}} - - button .cups.guess -text "Help me decide ..." -command {} - .cups.guess configure -state disabled - - pack .cups.done .cups.cancel .cups.guess .cups.cupsrc .cups.smbp .cups.smbs .cups.port .cups.serv -side bottom -fill x - pack .cups.f -side top -fill both -expand 1 - - center_win .cups -} - -proc sound_dialog {} { - - global is_windows - - catch {destroy .snd} - toplevel .snd - wm title .snd "ESD/ARTSD Sound Tunnelling" - - global uname - if {$uname == "Darwin"} { - scroll_text .snd.f 80 20 - } else { - scroll_text .snd.f 80 30 - } - - set msg { - Sound tunnelling to a sound daemon requires SSH be used to set up the - service port redirection. This will be either of the "Use SSH instead" - or "Use SSH and SSL" modes under "Options". Pure SSL tunnelling will - not work. - - This method requires working Sound daemon (e.g. ESD or ARTSD) software - setups on both the remote and local sides of the connection. - - Often this means you want to run your ENTIRE remote desktop with ALL - applications instructed to use the sound daemon's network port. E.g. - - esddsp -s localhost:16001 startkde - esddsp -s localhost:16001 gnome-session - - and similarly for artsdsp, etc. You put this in your ~/.xession, - or other startup file. This is non standard. If you do not want to - do this you still can direct *individual* sound applications through - the tunnel, for example "esddsp -s localhost:16001 soundapp", where - "soundapp" is some application that makes noise (say xmms or mpg123). - - Also, usually the remote Sound daemon must be killed BEFORE the SSH port - redir is established (because it is listening on the port we want to use - for the SSH redir), and, presumably, restarted when the VNC connection - finished. - - One may also want to start and kill a local sound daemon that will - play the sound received over the network on the local machine. - - You can indicate the remote and local Sound daemon commands below and - how they should be killed and/or restart. Some examples: - - esd -promiscuous -as 5 -port 16001 -tcp -bind 127.0.0.1 - artsd -n -p 7265 -F 10 -S 4096 -n -s 5 -m artsmessage -l 3 -f - - or you can leave some or all blank and kill/start them manually. - - For convenience, a Windows port of ESD is provided in the util/esound - directory, and so this might work for a Local command: - - esound\esd -promiscuous -as 5 -port 16001 -tcp -bind 127.0.0.1 - - NOTE: If you indicate "Remote Sound daemon: Kill at start." below, - then THERE WILL BE TWO SSH'S: THE FIRST ONE TO KILL THE DAEMON. - So you may need to supply TWO SSH PASSWORDS, unless you are using - something like ssh-agent(1), the Putty PW setting, etc. - - You will also need to supply the remote and local sound ports for - the SSH redirs. For esd the default port is 16001, but you can choose - another one if you prefer. - - For "Local Sound Port" you can also supply "host:port" instead of just - a numerical port to specify non-localhost connections, e.g. to another - nearby machine. - - For more info see: http://www.karlrunge.com/x11vnc/#faq-sound -} - .snd.f.t insert end $msg - - global sound_daemon_remote_port sound_daemon_local_port sound_daemon_local_cmd - if {$sound_daemon_remote_port == ""} { - set sound_daemon_remote_port 16001 - } - if {$sound_daemon_local_port == ""} { - set sound_daemon_local_port 16001 - } - - if {$sound_daemon_local_cmd == ""} { - global is_windows - if {$is_windows} { - set sound_daemon_local_cmd {esound\esd -promiscuous -as 5 -port %PORT -tcp -bind 127.0.0.1} - } else { - set sound_daemon_local_cmd {esd -promiscuous -as 5 -port %PORT -tcp -bind 127.0.0.1} - } - regsub {%PORT} $sound_daemon_local_cmd $sound_daemon_local_port sound_daemon_local_cmd - } - - - frame .snd.remote - label .snd.remote.l -anchor w -text "Remote Sound daemon cmd: " - entry .snd.remote.e -width 45 -textvariable sound_daemon_remote_cmd - pack .snd.remote.e -side right - pack .snd.remote.l -side left -expand 1 -fill x - - frame .snd.local - label .snd.local.l -anchor w -text "Local Sound daemon cmd: " - entry .snd.local.e -width 45 -textvariable sound_daemon_local_cmd - pack .snd.local.e -side right - pack .snd.local.l -side left -expand 1 -fill x - - frame .snd.rport - label .snd.rport.l -anchor w -text "Remote Sound Port: " - entry .snd.rport.e -width 45 -textvariable sound_daemon_remote_port - pack .snd.rport.e -side right - pack .snd.rport.l -side left -expand 1 -fill x - - frame .snd.lport - label .snd.lport.l -anchor w -text "Local Sound Port: " - entry .snd.lport.e -width 45 -textvariable sound_daemon_local_port - pack .snd.lport.e -side right - pack .snd.lport.l -side left -expand 1 -fill x - - - checkbutton .snd.sdk -anchor w -variable sound_daemon_kill -text \ - "Remote Sound daemon: Kill at start." - - checkbutton .snd.sdr -anchor w -variable sound_daemon_restart -text \ - "Remote Sound daemon: Restart at end." - - checkbutton .snd.sdsl -anchor w -variable sound_daemon_local_start -text \ - "Local Sound daemon: Run at start." - - checkbutton .snd.sdkl -anchor w -variable sound_daemon_local_kill -text \ - "Local Sound daemon: Kill at end." - - button .snd.guess -text "Help me decide ..." -command {} - .snd.guess configure -state disabled - - global is_win9x - if {$is_win9x} { - .snd.local.e configure -state disabled - .snd.local.l configure -state disabled - .snd.sdsl configure -state disabled - .snd.sdkl configure -state disabled - } - - button .snd.cancel -text "Cancel" -command {destroy .snd; set use_sound 0} - bind .snd <Escape> {destroy .snd; set use_sound 0} - button .snd.done -text "Done" -command {destroy .snd; if {$use_sound} {set_ssh}} - - pack .snd.done .snd.cancel .snd.guess .snd.sdkl .snd.sdsl .snd.sdr .snd.sdk .snd.lport .snd.rport \ - .snd.local .snd.remote -side bottom -fill x - pack .snd.f -side bottom -fill both -expand 1 - - center_win .snd -} - -# Share ideas. -# -# Unix: -# -# if type smbclient -# first parse smbclient -L localhost -N -# and/or smbclient -L `hostname` -N -# Get Sharenames and Servers and Domain. -# -# loop over servers, doing smbclient -L server -N -# pile this into a huge list, sep by disk and printers. -# -# WinXP: -# -# parse "NET VIEW" output similarly. -# -# Have checkbox for each disk. Set default root to /var/tmp/${USER}-mnts -# Let them change that at once and have it populate. -# -# use //hostname/share /var/tmp/runge-mnts/hostname/share -# -# -# Printers, hmmm. Can't add to remote cups list... I guess have the list -# ready for CUPS dialog to suggest which SMB servers they want to redirect -# to... - -proc get_hostname {} { - global is_windows is_win9x - set str "" - if {$is_windows} { - if {1} { - catch {set str [exec hostname]} - regsub -all {[\r]} $str "" str - } else { - catch {set str [exec net config]} - if [regexp -nocase {Computer name[ \t]+\\\\([^ \t]+)} $str mv str] { - ; - } else { - set str "" - } - } - } else { - catch {set str [exec hostname]} - } - set str [string trim $str] - return $str -} - -proc smb_list_windows {smbhost} { - global smb_local smb_local_hosts smb_this_host - global is_win9x - set dbg 0 - - set domain "" - - if {$is_win9x} { - # exec net view ... doesn't work. - set smb_this_host "unknown" - return - } - - set this_host [get_hostname] - set This_host [string toupper $this_host] - set smb_this_host $This_host - - if {$smbhost == $smb_this_host} { - catch {set out0 [exec net view]} - regsub -all {[\r]} $out0 "" out0 - foreach line [split $out0 "\n"] { - if [regexp -nocase {in workgroup ([^ \t]+)} $line mv wg] { - regsub -all {[.]} $wg "" wg - set domain $wg - } elseif [regexp {^\\\\([^ \t]+)[ \t]*(.*)} $line mv host comment] { - set smb_local($smbhost:server:$host) $comment - } - } - } - - set out1 "" - set h "\\\\$smbhost" - catch {set out1 [exec net view $h]} - regsub -all {[\r]} $out1 "" out1 - - if {$dbg} {puts "SMBHOST: $smbhost"} - - set mode "" - foreach line [split $out1 "\n"] { - if [regexp {^[ \t]*---} $line] { - continue - } - if [regexp -nocase {The command} $line] { - continue - } - if [regexp -nocase {Shared resources} $line] { - continue - } - if [regexp -nocase {^[ \t]*Share[ \t]*name} $line] { - set mode "shares" - continue - } - set line [string trim $line] - if {$line == ""} { - continue - } - if {$mode == "shares"} { - if [regexp {^([^ \t]+)[ \t]+([^ \t]+)[ \t]*(.*)$} $line mv name type comment] { - if {$dbg} { - puts "SHR: $name" - puts "---: $type" - puts "---: $comment" - } - if [regexp -nocase {^Disk$} $type] { - set smb_local($smbhost:disk:$name) $comment - } elseif [regexp -nocase {^Print} $type] { - set smb_local($smbhost:printer:$name) $comment - } - } - } - } - - set smb_local($smbhost:domain) $domain -} - -proc smb_list_unix {smbhost} { - global smb_local smb_local_hosts smb_this_host - set smbclient [in_path smbclient] - if {[in_path smbclient] == ""} { - return "" - } - set dbg 0 - - set this_host [get_hostname] - set This_host [string toupper $this_host] - set smb_this_host $This_host - - set out1 "" - catch {set out1 [exec smbclient -N -L $smbhost 2>@ stdout]} - - if {$dbg} {puts "SMBHOST: $smbhost"} - if {$smbhost == $this_host || $smbhost == $This_host} { - if {$out1 == ""} { - catch {set out1 [exec smbclient -N -L localhost 2>@ stdout]} - } - } - - set domain "" - set mode "" - foreach line [split $out1 "\n"] { - if [regexp {^[ \t]*---} $line] { - continue - } - if [regexp {Anonymous login} $line] { - continue - } - if {$domain == "" && [regexp {Domain=\[([^\]]+)\]} $line mv domain]} { - if {$dbg} {puts "DOM: $domain"} - continue - } - if [regexp {^[ \t]*Sharename} $line] { - set mode "shares" - continue - } - if [regexp {^[ \t]*Server} $line] { - set mode "server" - continue - } - if [regexp {^[ \t]*Workgroup} $line] { - set mode "workgroup" - continue - } - set line [string trim $line] - if {$mode == "shares"} { - if [regexp {^([^ \t]+)[ \t]+([^ \t]+)[ \t]*(.*)$} $line mv name type comment] { - if {$dbg} { - puts "SHR: $name" - puts "---: $type" - puts "---: $comment" - } - if [regexp -nocase {^Disk$} $type] { - set smb_local($smbhost:disk:$name) $comment - } elseif [regexp -nocase {^Printer$} $type] { - set smb_local($smbhost:printer:$name) $comment - } - } - } elseif {$mode == "server"} { - if [regexp {^([^ \t]+)[ \t]*(.*)$} $line mv host comment] { - if {$dbg} { - puts "SVR: $host" - puts "---: $comment" - } - set smb_local($smbhost:server:$host) $comment - } - } elseif {$mode == "workgroup"} { - if [regexp {^([^ \t]+)[ \t]+(.*)$} $line mv work host] { - if {$dbg} { - puts "WRK: $work" - puts "---: $host" - } - if {$host != ""} { - set smb_local($smbhost:master:$work) $host - } - } - } - } - - set smb_local($smbhost:domain) $domain -} - -proc smb_list {} { - global is_windows smb_local smb_local_hosts - global smb_host_list - - set smb_local(null) "" - - if {! [info exists smb_host_list]} { - set smb_host_list "" - } - if [info exists smb_local] { - unset smb_local - } - if [info exists smb_local_hosts] { - unset smb_local_hosts - } - - set this_host [get_hostname] - set this_host [string toupper $this_host] - if {$is_windows} { - smb_list_windows $this_host - } else { - smb_list_unix $this_host - } - set did($this_host) 1 - set keys [array names smb_local] - foreach item [split $smb_host_list] { - if {$item != ""} { - set item [string toupper $item] - lappend keys "$this_host:server:$item" - } - } - foreach key $keys { - if [regexp "^$this_host:server:(.*)\$" $key mv host] { - if {$host == ""} { - continue - } - set smb_local_hosts($host) 1 - if {! [info exists did($host)]} { - if {$is_windows} { - smb_list_windows $host - } else { - smb_list_unix $host - } - set did($host) 1 - } - } - } -} - -proc smb_check_selected {} { - global smbmount_exists smbmount_sumode - global smb_selected smb_selected_mnt smb_selected_cb smb_selected_en - - set ok 0 - if {$smbmount_exists && $smbmount_sumode != "dontknow"} { - set ok 1 - } - set state disabled - if {$ok} { - set state normal - } - - foreach cb [array names smb_selected_cb] { - catch {$cb configure -state $state} - } - foreach en [array names smb_selected_en] { - catch {$en configure -state $state} - } -} - -proc make_share_widgets {w} { - - set share_label $w.f.hl - catch {$share_label configure -text "Share Name: PROBING ..."} - update - - smb_list - - set saw_f 0 - foreach child [winfo children $w] { - if {$child == "$w.f"} { - set saw_f 1 - continue - } - catch {destroy $child} - } - - set w1 47 - set w2 44 - - if {! $saw_f} { - set wf $w.f - frame $wf - label $wf.hl -width $w1 -text "Share Name:" -anchor w - label $wf.hr -width $w2 -text " Mount Point:" -anchor w - - pack $wf.hl $wf.hr -side left -expand 1 - pack $wf -side top -fill x - - .smbwiz.f.t window create end -window $w - } - - global smb_local smb_local_hosts smb_this_host smb_selected smb_selected_mnt - global smb_selected_host smb_selected_name - global smb_selected_cb smb_selected_en - global smb_host_list - if [info exists smb_selected] {array unset smb_selected } - if [info exists smb_selected_mnt] {array unset smb_selected_mnt} - if [info exists smb_selected_cb] {array unset smb_selected_cb} - if [info exists smb_selected_en] {array unset smb_selected_en} - if [info exists smb_selected_host] {array unset smb_selected_host} - if [info exists smb_selected_name] {array unset smb_selected_name} - - set hosts [list $smb_this_host] - lappend hosts [lsort [array names smb_local_hosts]] - - set smb_host_list "" - set i 0 - - global smb_mount_prefix - set smb_mount_prefix "/var/tmp/%USER-mnts" - - foreach host [lsort [array names smb_local_hosts]] { - - if [info exists did($host)] { - continue - } - set did($host) 1 - - append smb_host_list "$host " - - foreach key [lsort [array names smb_local]] { - if [regexp {^([^:]+):([^:]+):(.*)$} $key mv host2 type name] { - if {$host2 != $host} { - continue - } - if {$type != "disk"} { - continue - } - set wf $w.f$i - frame $wf - checkbutton $wf.c -anchor w -width $w1 -variable smb_selected($i) \ - -text "//$host/$name" -relief ridge - if {! [info exists smb_selected($i)]} { - set smb_selected($i) 0 - } - - entry $wf.e -width $w2 -textvariable smb_selected_mnt($i) - set smb_selected_mnt($i) "$smb_mount_prefix/$host/$name" - - set smb_selected_host($i) $host - set smb_selected_name($i) $name - - set smb_selected_cb($wf.c) $i - set smb_selected_en($wf.e) $i - set comment $smb_local($key) - - bind $wf.c <Enter> "$share_label configure -text {Share Name: $comment}" - bind $wf.c <Leave> "$share_label configure -text {Share Name:}" - - $wf.c configure -state disabled - $wf.e configure -state disabled - - pack $wf.c $wf.e -side left -expand 1 - pack $wf -side top -fill x - incr i - } - } - } - if {$i == 0} { - global is_win9x - $share_label configure -text {Share Name: No SMB Share Hosts were found!} - if {$is_win9x} { - .smbwiz.f.t insert end "\n(this feature does not work on Win9x you have have to enter them manually: //HOST/share /var/tmp/mymnt)\n" - } - } else { - $share_label configure -text "Share Name: Found $i SMB Shares" - } - smb_check_selected -} - -proc smb_help_me_decide {} { - global is_windows - global smb_local smb_local_hosts smb_this_host smb_selected smb_selected_mnt - global smb_selected_host smb_selected_name - global smb_selected_cb smb_selected_en - global smb_host_list - - catch {destroy .smbwiz} - toplevel .smbwiz - set title "SMB Filesystem Tunnelling -- Help Me Decide" - wm title .smbwiz $title - set id " " - - scroll_text .smbwiz.f 100 40 - - set msg { -For now you will have to verify the following information manually. - -You can do this by either logging into the remote machine to find the info or asking the sysadmin for it. - -} - - if {! $is_windows} { - .smbwiz.f.t configure -font {Helvetica -12 bold} - } - .smbwiz.f.t insert end $msg - - set w .smbwiz.f.t.f1 - frame $w -bd 1 -relief ridge -cursor {top_left_arrow} - - .smbwiz.f.t insert end "\n" - - .smbwiz.f.t insert end "1) Indicate the existence of the 'smbmount' command on the remote system:\n" - .smbwiz.f.t insert end "\n$id" - global smbmount_exists - set smbmount_exists 0 - - checkbutton $w.smbmount_exists -pady 1 -anchor w -variable smbmount_exists \ - -text "Yes, the 'smbmount' command exists on the remote system." \ - -command smb_check_selected - - pack $w.smbmount_exists - .smbwiz.f.t window create end -window $w - - .smbwiz.f.t insert end "\n\n\n" - - set w .smbwiz.f.t.f2 - frame $w -bd 1 -relief ridge -cursor {top_left_arrow} - - .smbwiz.f.t insert end "2) Indicate your authorization to run 'smbmount' on the remote system:\n" - .smbwiz.f.t insert end "\n$id" - global smbmount_sumode - set smbmount_sumode "dontknow" - - radiobutton $w.dk -pady 1 -anchor w -variable smbmount_sumode -value dontknow \ - -text "I do not know if I can mount SMB shares on the remote system via 'smbmount'" \ - -command smb_check_selected - pack $w.dk -side top -fill x - - radiobutton $w.su -pady 1 -anchor w -variable smbmount_sumode -value su \ - -text "I know the Password to run commands as root on the remote system via 'su'" \ - -command smb_check_selected - pack $w.su -side top -fill x - - radiobutton $w.sudo -pady 1 -anchor w -variable smbmount_sumode -value sudo \ - -text "I know the Password to run commands as root on the remote system via 'sudo'" \ - -command smb_check_selected - pack $w.sudo -side top -fill x - - radiobutton $w.ru -pady 1 -anchor w -variable smbmount_sumode -value none \ - -text "I do not need to be root on the remote system to mount SMB shares via 'smbmount'" \ - -command smb_check_selected - pack $w.ru -side top -fill x - - .smbwiz.f.t window create end -window $w - - global smb_wiz_done - set smb_wiz_done 0 - - button .smbwiz.cancel -text "Cancel" -command {set smb_wiz_done 1} - button .smbwiz.done -text "Done" -command {set smb_wiz_done 1} - pack .smbwiz.done -side bottom -fill x - pack .smbwiz.f -side top -fill both -expand 1 - - wm protocol .smbwiz WM_DELETE_WINDOW {set smb_wiz_done 1} - center_win .smbwiz - - wm title .smbwiz "Searching for Local SMB shares..." - update - wm title .smbwiz $title - - global smb_local smb_this_host - .smbwiz.f.t insert end "\n\n\n" - - set w .smbwiz.f.t.f3 - catch {destroy $w} - frame $w -bd 1 -relief ridge -cursor {top_left_arrow} - - .smbwiz.f.t insert end "3) Select SMB shares to mount and their mount point on the remote system:\n" - .smbwiz.f.t insert end "\n${id}" - - make_share_widgets $w - - .smbwiz.f.t insert end "\n(%USER will be expanded to the username on the remote system and %HOME the home directory)\n" - - .smbwiz.f.t insert end "\n\n\n" - - .smbwiz.f.t insert end "You can change the list of Local SMB hosts to probe and the mount point prefix here:\n" - .smbwiz.f.t insert end "\n$id" - set w .smbwiz.f.t.f4 - frame $w -bd 1 -relief ridge -cursor {top_left_arrow} - set wf .smbwiz.f.t.f4.f - frame $wf - label $wf.l -text "SMB Hosts: " -anchor w - entry $wf.e -textvariable smb_host_list -width 60 - button $wf.b -text "Apply" -command {make_share_widgets .smbwiz.f.t.f3} - bind $wf.e <Return> "$wf.b invoke" - pack $wf.l $wf.e $wf.b -side left - pack $wf - pack $w - - .smbwiz.f.t window create end -window $w - - .smbwiz.f.t insert end "\n$id" - - set w .smbwiz.f.t.f5 - frame $w -bd 1 -relief ridge -cursor {top_left_arrow} - set wf .smbwiz.f.t.f5.f - frame $wf - label $wf.l -text "Mount Prefix:" -anchor w - entry $wf.e -textvariable smb_mount_prefix -width 60 - button $wf.b -text "Apply" -command {apply_mount_point_prefix .smbwiz.f.t.f5.f.e} - bind $wf.e <Return> "$wf.b invoke" - pack $wf.l $wf.e $wf.b -side left - pack $wf - pack $w - - .smbwiz.f.t window create end -window $w - - .smbwiz.f.t insert end "\n\n\n" - - .smbwiz.f.t see 1.0 - .smbwiz.f.t configure -state disabled - update - - vwait smb_wiz_done - catch {destroy .smbwiz} - - if {! $smbmount_exists || $smbmount_sumode == "dontknow"} { - tk_messageBox -type ok -icon warning -message "Sorry we couldn't help out!\n'smbmount' info on the remote system is required for SMB mounting" -title "SMB mounting -- aborting" - global use_smbmnt - set use_smbmnt 0 - catch {raise .oa} - return - } - global smb_su_mode - set smb_su_mode $smbmount_sumode - - set max 0 - foreach en [array names smb_selected_en] { - set i $smb_selected_en($en) - set host $smb_selected_host($i) - set name $smb_selected_name($i) - - set len [string length "//$host/$name"] - if {$len > $max} { - set max $len - } - } - - set max [expr $max + 8] - - set strs "" - foreach en [array names smb_selected_en] { - set i $smb_selected_en($en) - if {! $smb_selected($i)} { - continue - } - set host $smb_selected_host($i) - set name $smb_selected_name($i) - set mnt $smb_selected_mnt($i) - - set share "//$host/$name" - set share [format "%-${max}s" $share] - - lappend strs "$share $mnt" - } - set text "" - foreach str [lsort $strs] { - append text "$str\n" - } - - global smb_mount_list - set smb_mount_list $text - - smb_dialog -} - -proc apply_mount_point_prefix {w} { - global smb_selected_host smb_selected_name - global smb_selected_en smb_selected_mnt - - set prefix "" - catch {set prefix [$w get]} - if {$prefix == ""} { - mesg "No mount prefix." - bell - return - } - - foreach en [array names smb_selected_en] { - set i $smb_selected_en($en) - set host $smb_selected_host($i) - set name $smb_selected_name($i) - set smb_selected_mnt($i) "$prefix/$host/$name" - } -} - -proc smb_dialog {} { - catch {destroy .smb} - toplevel .smb - wm title .smb "SMB Filesystem Tunnelling" - global smb_su_mode smb_mount_list - global use_smbmnt - - global help_font - - global uname - if {$uname == "Darwin"} { - scroll_text .smb.f 80 25 - } else { - scroll_text .smb.f - } - - set msg { - Windows/Samba Filesystem mounting requires SSH be used to set up the SMB - service port redirection. This will be either of the "Use SSH instead" - or "Use SSH and SSL" modes under "Options". Pure SSL tunnelling will - not work. - - This method requires a working Samba software setup on the remote - side of the connection (VNC server) and existing Samba or Windows file - server(s) on the local side (VNC viewer). - - The smbmount(8) program MUST be installed on the remote side. This - evidently limits the mounting to Linux systems. Let us know of similar - utilities on other Unixes. Mounting onto remote Windows machines is - currently not supported (our SSH mode with services setup only works - to Unix). - - Depending on how smbmount is configured you may be able to run it - as a regular user, or it may require running under su(1) or sudo(8) - (root password or user password required, respectively). You select - which one you want via the checkbuttons below. - - In addition to a possible su(1) or sudo(8) password, you may ALSO - need to supply passwords to mount each SMB share. This is an SMB passwd. - If it has no password just hit enter after the "Password:" prompt. - - The passwords are supplied when the 1st SSH connection starts up; - be prepared to respond to them. - - NOTE: USE OF SMB TUNNELLING MODE WILL REQUIRE TWO SSH'S, AND SO YOU - MAY NEED TO SUPPLY TWO LOGIN PASSWORDS UNLESS YOU ARE USING SOMETHING - LIKE ssh-agent(1) or the Putty PW setting. - %WIN - - To indicate the Windows/Samba shares to mount enter them one per line - in one of the forms: - - //machine1/share ~/Desktop/my-mount1 - //machine2/fubar /var/tmp/my-foobar2 192.168.100.53:3456 - 1139 //machine3/baz /var/tmp/baz [...] - - The first part is the standard SMB host and share name //hostname/dir - (note this share is on the local viewer-side not on the remote end). - A leading '#' will cause the entire line to be skipped. - - The second part, e.g. /var/tmp/my-foobar2, is the directory to mount - the share on the remote (VNC Server) side. You must be able to - write to this directory. It will be created if it does not exist. - A leading character ~ will be expanded to $HOME. So will the string - %HOME. The string %USER will get expanded to the remote username. - - An optional part like 192.168.100.53:3456 is used to specify the real - hostname or IP address, and possible non-standard port, on the local - side if for some reason the //hostname is not sufficient. - - An optional leading numerical value, 1139 in the above example, indicates - which port to use on the Remote side to SSH redirect to the local side. - Otherwise a random one is tried (a unique one is needed for each SMB - server:port combination). A fixed one is preferred: choose a free - remote port. - - The standard SMB service ports (local side) are 445 and 139. 139 is - used by this application. - - Sometimes "localhost" will not work on Windows machines for a share - hostname, and you will have to specify a different network interface - (e.g. the machine's IP address). If you use the literal string "IP" - it will be attempted to replace it with the numerical IP address, e.g.: - - //machine1/share ~/Desktop/my-mount1 IP - - VERY IMPORTANT: Before terminating the VNC Connection, make sure no - applications are using any of the SMB shares (or shells are cd-ed - into the share). This way the shares will be automatically unmounted. - Otherwise you will need to log in again, stop processes from using - the share, become root and umount the shares manually ("smbumount - /path/to/share", etc.) - - For more info see: http://www.karlrunge.com/x11vnc/#faq-smb-shares -} - - set msg2 { - To speed up moving to the next step, iconify the first SSH console - when you are done entering passwords, etc. and then click on the - main panel 'VNC Host:Display' label. -} - - global is_windows - if {! $is_windows} { - regsub { *%WIN} $msg "" msg - } else { - set msg2 [string trim $msg2] - regsub { *%WIN} $msg " $msg2" msg - } - .smb.f.t insert end $msg - - frame .smb.r - label .smb.r.l -text "smbmount(8) auth mode:" -relief ridge - radiobutton .smb.r.none -text "None" -variable smb_su_mode -value "none" - radiobutton .smb.r.su -text "su(1)" -variable smb_su_mode -value "su" - radiobutton .smb.r.sudo -text "sudo(8)" -variable smb_su_mode -value "sudo" - - pack .smb.r.l .smb.r.none .smb.r.sudo .smb.r.su -side left -fill x - - label .smb.info -text "Supply the mounts (one per line) below:" -anchor w -relief ridge - - eval text .smb.mnts -width 80 -height 5 $help_font - .smb.mnts insert end $smb_mount_list - - button .smb.guess -text "Help me decide ..." -command {destroy .smb; smb_help_me_decide} - - button .smb.cancel -text "Cancel" -command {set use_smbmnt 0; destroy .smb} - bind .smb <Escape> {set use_smbmnt 0; destroy .smb} - button .smb.done -text "Done" -command {if {$use_smbmnt} {set_ssh; set smb_mount_list [.smb.mnts get 1.0 end]}; destroy .smb} - - pack .smb.done .smb.cancel .smb.guess .smb.mnts .smb.info .smb.r -side bottom -fill x - pack .smb.f -side top -fill both -expand 1 - - center_win .smb -} - -proc help_advanced_opts {} { - catch {destroy .ah} - toplevel .ah - - scroll_text_dismiss .ah.f - - center_win .ah - - wm title .ah "Advanced Opts Help" - - set msg { - These Advanced options that may require extra software installed on - the VNC server-side (the remote server machine) and/or on the VNC - client-side (where this gui is running). - - The Service redirection options, CUPS, ESD/ARTSD, and SMB will require - that you use SSH for tunneling so that they can use the -R port - redirection will be enabled for each service. I.e. "Use SSH instead" - or "Use SSH and SSL" mode. - - These options may also require additional configuration to get them - to work properly. Please submit bug reports if it appears it should - be working for your setup but is not. - - Brief descriptions: - - CUPS Print tunnelling: redirect localhost:6631 (say) on the VNC - server to your local CUPS server. - - ESD/ARTSD Audio tunnelling: redirect localhost:16001 (say) on - the VNC server to your local ESD, etc. sound server. - - SMB mount tunnelling: redirect localhost:1139 (say) on the VNC - server and through that mount SMB file shares from your local - server. The remote machine must be Linux with smbmount installed. - - Change vncviewer: specify a non-bundled VNC Viewer (e.g. - UltraVNC or RealVNC) to run instead of the bundled TightVNC Viewer. - - Extra Redirs: specify additional -L port:host:port and - -R port:host:port cmdline options for SSH to enable additional - services. - - Port Knocking: for "closed port" services, first "knock" on the - firewall ports in a certain way to open the door for SSH or SSL. - The port can also be closed when the encrypted VNC connection - finishes. - - Include: Profile template(s) to load before loading a profile - (see Load Profile under "Options"). For example if you Save a - profile called "globals" that has some settings you use often, - then just supply "Include: globals" to have them applied. - You may supply a comma or space separated list of templates - to include. They can be full path names or basenames relative - to the profiles directory. You do not need to supply the .vnc - suffix. The non-default settings in them will be applied first, - and then any values in the loaded Profile will override them. - - - About the CheckButtons: - - Ahem, Well...., yes quite a klunky UI: you have to toggle the - CheckButton to pull up the Dialog box a 2nd, etc. time... don't - worry your settings will still be there! -} - - .ah.f.t insert end $msg -} - -proc set_viewer_path {} { - global change_vncviewer_path - set change_vncviewer_path [tk_getOpenFile] - catch {raise .chviewer} - update -} - -proc change_vncviewer_dialog {} { - global change_vncviewer change_vncviewer_path vncviewer_realvnc4 - - catch {destroy .chviewer} - toplevel .chviewer - wm title .chviewer "Change VNC Viewer" - - global help_font - eval text .chviewer.t -width 90 -height 16 $help_font - apply_bg .chviewer.t - - set msg { - To use your own VNC Viewer (i.e. one installed by you, not included in this - package), e.g. UltraVNC or RealVNC, type in the program name, or browse for - the full path to it. You can put command line arguments after the program. - - Note that due to incompatibilities with respect to command line options - there may be issues, especially if many command line options are supplied. - You can specify your own command line options below if you like (and try to - avoid setting any others in this GUI under "Options"). - - If the path to the program name has any spaces it in, please surround it with - double quotes, e.g. "C:\Program Files\My Vnc Viewer\VNCVIEWER.EXE" - - Since the command line options differ between them greatly, if you know it - is of the RealVNC 4.x flavor, indicate so on the check box. -} - .chviewer.t insert end $msg - - frame .chviewer.path - label .chviewer.path.l -text "VNC Viewer:" - entry .chviewer.path.e -width 40 -textvariable change_vncviewer_path - button .chviewer.path.b -text "Browse..." -command set_viewer_path - checkbutton .chviewer.path.r -anchor w -variable vncviewer_realvnc4 -text \ - "RealVNC 4.x" - - pack .chviewer.path.l -side left - pack .chviewer.path.e -side left -expand 1 -fill x - pack .chviewer.path.b -side left - pack .chviewer.path.r -side left - - button .chviewer.cancel -text "Cancel" -command {destroy .chviewer; set change_vncviewer 0} - bind .chviewer <Escape> {destroy .chviewer; set change_vncviewer 0} - button .chviewer.done -text "Done" -command {destroy .chviewer; catch {raise .oa}} - - pack .chviewer.t .chviewer.path .chviewer.cancel .chviewer.done -side top -fill x - - center_win .chviewer - wm resizable .chviewer 1 0 - - focus .chviewer.path.e -} - -proc port_redir_dialog {} { - global additional_port_redirs additional_port_redirs_list - - catch {destroy .redirs} - toplevel .redirs - wm title .redirs "Additional Port Redirections" - - global help_font uname - if {$uname == "Darwin"} { - eval text .redirs.t -width 80 -height 35 $help_font - } else { - eval text .redirs.t -width 80 -height 35 $help_font - } - apply_bg .redirs.t - - set msg { - Specify any additional SSH port redirections you desire for the - connection. Put as many as you want separated by spaces. These only - apply to SSH and SSH+SSL connections, they do not apply to Pure SSL - connections. - - -L port1:host:port2 will listen on port1 on the local machine (where - you are sitting) and redirect them to port2 on - "host". "host" is relative to the remote side - (VNC Server). Use "localhost" for the remote - machine itself. - - -R port1:host:port2 will listen on port1 on the remote machine - (where the VNC server is running) and redirect - them to port2 on "host". "host" is relative - to the local side (where you are sitting). - Use "localhost" for this machine. - - Perhaps you want a redir to a web server inside an intranet: - - -L 8001:web-int:80 - - Or to redir a remote port to your local SSH daemon: - - -R 5022:localhost:22 - - etc. There are many interesting possibilities. - - Sometimes, especially for Windows Shares, you cannot do a -R redir to - localhost, but need to supply the IP address of the network interface - (e.g. by default the Shares do not listen on localhost:139). As a - convenience you can do something like -R 1139:IP:139 (for any port - numbers) and the IP will be attempted to be expanded. If this fails - for some reason you will have to use the actual numerical IP address. -} - .redirs.t insert end $msg - - frame .redirs.path - label .redirs.path.l -text "Port Redirs:" - entry .redirs.path.e -width 40 -textvariable additional_port_redirs_list - - pack .redirs.path.l -side left - pack .redirs.path.e -side left -expand 1 -fill x - - button .redirs.cancel -text "Cancel" -command {set additional_port_redirs 0; destroy .redirs} - bind .redirs <Escape> {set additional_port_redirs 0; destroy .redirs} - button .redirs.done -text "Done" -command {destroy .redirs} - - pack .redirs.t .redirs.path .redirs.cancel .redirs.done -side top -fill x - - center_win .redirs - wm resizable .redirs 1 0 - - focus .redirs.path.e -} - -proc find_netcat {} { - global is_windows - - set nc "" - - if {! $is_windows} { - set nc [in_path "netcat"] - if {$nc == ""} { - set nc [in_path "nc"] - } - } else { - set try "netcat.exe" - if [file exists $try] { - set nc $try - } - } - return $nc -} - -proc pk_expand {cmd host} { - global tcl_platform - set secs [clock seconds] - set msecs [clock clicks -milliseconds] - set user $tcl_platform(user) - if [regexp {%IP} $cmd] { - set ip [guess_ip] - if {$ip == ""} { - set ip "unknown" - } - regsub -all {%IP} $cmd $ip cmd - } - if [regexp {%NAT} $cmd] { - set ip [guess_nat_ip] - regsub -all {%NAT} $cmd $ip cmd - } - regsub -all {%HOST} $cmd $host cmd - regsub -all {%USER} $cmd $user cmd - regsub -all {%SECS} $cmd $secs cmd - regsub -all {%MSECS} $cmd $msecs cmd - - return $cmd -} - -proc backtick_expand {str} { - set str0 $str - set collect "" - set count 0 - while {[regexp {^(.*)`([^`]+)`(.*)$} $str mv p1 cmd p2]} { - set out [eval exec $cmd] - set str "$p1$out$p2" - incr count - if {$count > 10} { - break - } - } - return $str -} - -proc read_from_pad {file} { - set fh "" - if {[catch {set fh [open $file "r"]}] != 0} { - return "FAIL" - } - - set accum "" - set match "" - while {[gets $fh line] > -1} { - if [regexp {^[ \t]*#} $line] { - append accum "$line\n" - } elseif [regexp {^[ \t]*$} $line] { - append accum "$line\n" - } elseif {$match == ""} { - set match $line - append accum "# $line\n" - } else { - append accum "$line\n" - } - } - - close $fh - - if {$match == ""} { - return "FAIL" - } - - if {[catch {set fh [open $file "w"]}] != 0} { - return "FAIL" - } - - puts -nonewline $fh $accum - - return $match -} - -proc do_port_knock {hp mode} { - global use_port_knocking port_knocking_list - global is_windows - - if {! $use_port_knocking} { - return 1 - } - if {$port_knocking_list == ""} { - return 1 - } - set list $port_knocking_list - - if {$mode == "finish"} { - if {! [regexp {FINISH} $list]} { - mesg "PortKnock(finish): done" - return 1 - } else { - regsub {^.*FINISH} $list "" list - } - } elseif {$mode == "start"} { - if {[regexp {FINISH} $list]} { - regsub {FINISH.*$} $list "" list - } - } - - set default_delay 150 - - set host [string trim $hp] - regsub {^vnc://} $host "" host - regsub {^.*@} $host "" host - regsub {:.*$} $host "" host - set host0 [string trim $host] - - if {$host0 == ""} { - bell - mesg "PortKnock: No host: $hp" - return 0 - } - - set m "" - - if [regexp {PAD=([^\n]+)} $list mv padfile] { - set tlist [read_from_pad $padfile] - set tlist [string trim $tlist] - if {$tlist == "" || $tlist == "FAIL"} { - tk_messageBox -type ok -icon error \ - -message "Failed to read entry from $padfile" \ - -title "Error: Padfile $padfile" - return 0 - } - regsub -all {PAD=([^\n]+)} $list $tlist list - } - - set spl ",\n\r" - if [regexp {CMD=} $list] {set spl "\n\r"} - if [regexp {CMDX=} $list] {set spl "\n\r"} - if [regexp {SEND=} $list] {set spl "\n\r"} - if [regexp {SENDX=} $list] {set spl "\n\r"} - - set i 0 - set pi 0 - - foreach line [split $list $spl] { - set line [string trim $line] - set line0 $line - - if {$line == ""} { - continue - } - if [regexp {^#} $line] { - continue - } - - if [regexp {^sleep[ \t][ \t]*([0-9][0-9]*)} $line mv sl] { - set m "PortKnock: sleep $sl" - mesg $m - after $sl - continue - } - if [regexp {^delay[ \t][ \t]*([0-9][0-9]*)} $line mv sl] { - set m "PortKnock: delay=$sl" - mesg $m - set default_delay $sl - continue - } - - if [regexp {^CMD=(.*)} $line mv cmd] { - set m "PortKnock: CMD: $cmd" - mesg $m - eval exec $cmd - continue - } - if [regexp {^CMDX=(.*)} $line mv cmd] { - set cmd [pk_expand $cmd $host0] - set m "PortKnock: CMDX: $cmd" - mesg $m - eval exec $cmd - continue - } - - if [regexp {`} $line] { - #set line [backtick_expand $line] - } - - set snd "" - if [regexp {^(.*)SEND=(.*)$} $line mv line snd] { - set line [string trim $line] - set snd [string trim $snd] - regsub -all {%NEWLINE} $snd "\n" snd - } elseif [regexp {^(.*)SENDX=(.*)$} $line mv line snd] { - set line [string trim $line] - set snd [string trim $snd] - set snd [pk_expand $snd $host0] - regsub -all {%NEWLINE} $snd "\n" snd - } - - set udp 0 - if [regexp -nocase {[/:]udp} $line] { - set udp 1 - regsub -all -nocase {[/:]udp} $line " " line - set line [string trim $line] - } - regsub -all -nocase {[/:]tcp} $line " " line - set line [string trim $line] - - set delay 0 - if [regexp {^(.*)[ \t][ \t]*([0-9][0-9]*)$} $line mv first delay] { - set line [string trim $first] - } - - if {[regexp {^(.*):(.*)$} $line mv host port]} { - ; - } else { - set host $host0 - set port $line - } - set host [string trim $host] - set port [string trim $port] - - if {$host == ""} { - set host $host0 - } - - if {$port == ""} { - bell - set m "PortKnock: No port found: \"$line0\"" - mesg $m - return 0 - } - if {! [regexp {^[0-9][0-9]*$} $port]} { - bell - set m "PortKnock: Invalid port: \"$port\"" - mesg $m - return 0 - } - regsub {,.*$} $host "" host - if {[regexp {[ \t]} $host]} { - bell - set m "PortKnock: Invalid host: \"$host\"" - mesg $m - return 0 - } - if {! [regexp {^[-A-z0-9_.][-A-z0-9_.]*$} $host]} { - bell - set m "PortKnock: Invalid host: \"$host\"" - mesg $m - return 0 - } - - set nc "" - if {$udp || $snd != ""} { - set nc [find_netcat] - if {$nc == ""} { - bell - set m "PortKnock: UDP: netcat(1) not found" - mesg $m - after 1000 - continue - } - } - - if {$snd != ""} { - global env - set pfile "payload$pi.txt" - if {! $is_windows} { - set pfile "$env(HOME)/.$pfile" - } - set pfiles($pi) $pfile - incr pi - set fh [open $pfile "w"] - puts -nonewline $fh "$snd" - close $fh - - set m "PortKnock: SEND: $host $port" - mesg $m - if {$is_windows} { - if {$udp} { - catch {exec $nc -d -u -w 1 "$host" "$port" < $pfile &} - } else { - catch {exec $nc -d -w 1 "$host" "$port" < $pfile &} - } - } else { - if {$udp} { - catch {exec $nc -u -w 1 "$host" "$port" < $pfile &} - } else { - catch {exec $nc -w 1 "$host" "$port" < $pfile &} - } - } - catch {after 50; file delete $pfile} - - } elseif {$udp} { - set m "PortKnock: UDP: $host $port" - mesg $m - if {! $is_windows} { - catch {exec echo a | $nc -u -w 1 "$host" "$port" &} - } else { - set fh [open "nc_in.txt" "w"] - puts $fh "a" - close $fh - catch {exec $nc -d -u -w 1 "$host" "$port" < "nc_in.txt" &} - } - } else { - set m "PortKnock: TCP: $host $port" - mesg $m - set s "" - set emess "" - set rc [catch {set s [socket -async $host $port]} emess] - if {$rc != 0} { - tk_messageBox -type ok -icon error -message $emess -title "Error: socket -async $host $port" - } - set socks($i) $s - # seems we have to close it immediately to avoid multiple SYN's. - # does not help on Win9x. - catch {after 30; close $s}; - incr i - } - - if {$delay == 0} { - if {$default_delay > 0} { - after $default_delay - } - } elseif {$delay > 0} { - after $delay - } - } - - if {0} { - for {set j 0} {$j < $i} {incr j} { - set $s $socks($j) - if {$s != ""} { - catch {close $s} - } - } - } - for {set j 0} {$j < $pi} {incr j} { - set f $pfiles($j) - if {$f != ""} { - if [file exists $f] { - after 100 - } - catch {file delete $f} - } - } - if {$is_windows} { - catch {file delete "nc_in.txt"} - } - if {$m != ""} { - set m "$m," - } - if {$mode == "finish"} { - mesg "PortKnock(finish): done" - } else { - mesg "PortKnock: done" - } - return 1 -} - -proc port_knocking_dialog {} { - catch {destroy .pk} - toplevel .pk - wm title .pk "Port Knocking" - global use_port_knocking port_knocking_list - - global help_font - - global uname - if {$uname == "Darwin"} { - scroll_text .pk.f 85 25 - } else { - scroll_text .pk.f 85 - } - - set msg { - Port Knocking is where a network connection to a service is not provided - to just any client, but rather only to those that immediately prior to - connecting send a more or less secret pattern of connections to other - ports on the firewall. - - Somewhat like "knocking" on the door with the correct sequence before it - being opened (but not necessarily letting you in yet). It is also possible - to have a single encrypted packet (e.g. UDP) payload communicate with the - firewall instead of knocking on a sequence of ports. - - Only after the correct sequence of ports is observed by the firewall does - it allow the IP address of the client to attempt to connect to the service. - - So, for example, instead of allowing any host on the internet to connect - to your SSH service and then try to login with a username and password, the - client first must "tickle" your firewall with the correct sequence of ports. - Only then will it be allowed to connect to your SSH service at all. - - This does not replace the authentication and security of SSH, it merely - puts another layer of protection around it. E.g., suppose an exploit for - SSH was discovered, you would most likely have more time to fix/patch - the problem than if any client could directly connect to your SSH server. - - For more information http://www.portknocking.org/ and - http://www.linuxjournal.com/article/6811 - - Tip: if you just want to use the Port Knocking for an SSH shell and not - for a VNC tunnel, then specify something like "user@hostname cmd=SHELL" - (or "user@hostname cmd=PUTTY" on Windows) in the VNC Host:Display entry box - on the main panel. This will do everything short of starting the viewer. - A shortcut for this is Ctrl-S as long as user@hostname is present. - - - Specifying the Knocks: - - In the text area below "Supply port knocking pattern" you put in the pattern - of "knocks" needed for this connection. You can separate the knocks by - commas or put them one per line. - - Each "knock" is of this form: - - [host:]port[/udp] [delay] - - In the simplest form just a numerical port, e.g. 5433, is supplied. - Items inside [...] are optional and described below. - - The packet is sent to the same host that the VNC (or SSH) connection will - be made to. If you want it to go to a different host or IP use the [host:] - prefix. It can be either a hostname or numerical IP. - - A TCP packet is sent by default. - - If you need to send a UDP packet, the netcat (aka "nc") program must be - installed on Unix (tcl/tk does not support udp connections). Indicate this - with "/udp" following the port number (you can also use "/tcp", but since - it is the default it is not necessary). (You can also use ":udp" to match - the knockd syntax). See the example below. For convenience a Windows netcat - binary is supplied. - - The last field, [delay], is an optional number of milliseconds to delay - before continuing on to the next knock. - - - Examples: - - 5433, 12321, 1661 - - fw.example.com:5433, 12321/udp 3000, 1661 2000 - - fw.example.com:5433 - 12321/udp 3000 - 1661 2000 - - Note how the first two examples separate their knocks via commas ",". - The 3rd example is equivalent to the 2nd and splits them up by new lines. - - Note for each knock any second number (e.g. the "2000" in "1661 2000") is - a DELAY in milliseconds, not a port number. If you had a comma separating - them: "1661, 2000" that would mean two separate knocks: one to port 1661 - followed by one to 2000 (with basically no delay between them). - - In examples 2 and 3, "fw.example.com" represents some machine other than - the VNC/SSH host. By default, the VNC/SSH host is the one the packet is - sent to. - - If one of the items is the string "FINISH", then the part before it is - used prior to connecting and the part after is used once the connection - is finished. This can be used, say, to close the firewall port. Example: - - 5433, 12321, FINISH, 7659, 2314 - - (or one can split them up via lines as above.) - - - Advanced port knock actions: - - If the string in the text field contains anywhere the strings "CMD=", "CMDX=", - or "SEND=", then splitting on commas is not done: it is only split on lines. - - Then, if a line begins CMD=... the string after the = is run as an - external command. The command could be anything you want, e.g. it could - be a port-knocking client that does the knocking, perhaps encrypting the - "knocks" pattern somehow or using a Single Packet Authorization method such - as http://www.cipherdyne.com/fwknop/ - - Extra quotes (sometimes "'foo bar'") may be needed to preserve spaces in - command line arguments because the tcl/tk eval(n) command is used. You - can also use {...} for quoting strings with spaces. - - If a line begins CMDX=... then before the command is run the following - tokens are expanded to strings: - - %IP Current machine's IP address (NAT may make this not useful). - %NAT Try to get effective IP by contacting http://www.whatismyip.com - %HOST The remote host of the connection. - %USER The current user. - %SECS The current time in seconds (platform dependent). - %MSECS Platform dependent time having at least millisecond granularity. - - Lines not matching CMD= or CMDX= are treated as normal port knocks but with - one exception. If a line ends in SEND=... (i.e. after the [host:]port, - etc., part) then the string after the = is sent as a payload for the tcp - or udp connection to [host:]port. netcat is used for these SEND cases - (and must be available on Unix). If newlines (\n) are needed in the - SEND string, use %NEWLINE. Sending binary data is not yet supported; - use CMD= with your own program. - - Examples: - - CMD=port_knock_client -password wombat33 - CMDX=port_knock_client -password wombat33 -host %HOST -src %NAT - - fw.example.com:5433/udp SEND=ASDLFKSJDF - - More tricks: - - To temporarily "comment out" a knock, insert a leading "#" character. - - Use "sleep N" to insert a raw sleep for N milliseconds (e.g. between - CMD=... items or at the very end of the knocks to wait). - - If a knock entry matches "delay N" the default delay is set to - N milliseconds (it is 150 initially). - - One Time Pads: - - If the text contains a (presumably single) line of the form: - - PAD=/path/to/a/one/time/pad/file - - then that file is opened and the first non-blank line not beginning - with "#" is used as the knock pattern. The pad file is rewritten - with that line starting with a "#" (so it will be skipped next time). - - The PAD=... string is replaced with the read-in knock pattern line. - So, if needed, one can preface the PAD=... with "delay N" to set the - default delay, and one can also put a "sleep N" after the PAD=... - line to indicate a final sleep. One can also surround the PAD= - line with other knock and CMD= CMDX= lines, but that usage sounds - a bit rare. Example: - - delay 1000 - PAD=C:\My Pads\work-pad1.txt - sleep 4000 - - - Port knock only: - - If, in the 'VNC Host:Display' entry, you use "user@hostname cmd=KNOCK" - then only the port-knocking is performed. A shortcut for this is - Ctrl-P as long as hostname is present in the entry box. If it - matches cmd=KNOCKF, i.e. an extra "F", then the port-knocking - "FINISH" sequence is sent, if any. A shortcut for this Shift-Ctrl-P - as long as hostname is present. -} - .pk.f.t insert end $msg - - label .pk.info -text "Supply port knocking pattern:" -anchor w -relief ridge - - eval text .pk.rule -width 80 -height 5 $help_font - .pk.rule insert end $port_knocking_list - - button .pk.cancel -text "Cancel" -command {set use_port_knocking 0; destroy .pk} - bind .pk <Escape> {set use_port_knocking 0; destroy .pk} - button .pk.done -text "Done" -command {if {$use_port_knocking} {set port_knocking_list [.pk.rule get 1.0 end]}; destroy .pk} - - pack .pk.done .pk.cancel .pk.rule .pk.info -side bottom -fill x - pack .pk.f -side top -fill both -expand 1 - - center_win .pk -} - - -proc set_advanced_options {} { - global use_cups use_sound use_smbmnt - global change_vncviewer - global use_port_knocking port_knocking_list - - catch {destroy .o} - catch {destroy .oa} - toplevel .oa - wm title .oa "Advanced options" - - set i 1 - - checkbutton .oa.b$i -anchor w -variable use_cups -text \ - "Enable CUPS Print tunnelling" \ - -command {if {$use_cups} {cups_dialog}} - incr i - - checkbutton .oa.b$i -anchor w -variable use_sound -text \ - "Enable ESD/ARTSD Audio tunnelling" \ - -command {if {$use_sound} {sound_dialog}} - incr i - - checkbutton .oa.b$i -anchor w -variable use_smbmnt -text \ - "Enable SMB mount tunnelling" \ - -command {if {$use_smbmnt} {smb_dialog}} - incr i - - - checkbutton .oa.b$i -anchor w -variable change_vncviewer -text \ - "Change VNC Viewer" \ - -command {if {$change_vncviewer} {change_vncviewer_dialog}} - incr i - - checkbutton .oa.b$i -anchor w -variable additional_port_redirs -text \ - "Additional Port Redirs" \ - -command {if {$additional_port_redirs} {port_redir_dialog}} - incr i - - checkbutton .oa.b$i -anchor w -variable use_port_knocking -text \ - "Port Knocking" \ - -command {if {$use_port_knocking} {port_knocking_dialog}} - incr i - - global include_list - frame .oa.b$i - label .oa.b$i.l -text "Include:" - entry .oa.b$i.e -width 10 -textvariable include_list - pack .oa.b$i.l -side left - pack .oa.b$i.e -side right -expand 1 -fill x - - incr i - - for {set j 1} {$j < $i} {incr j} { - pack .oa.b$j -side top -fill x - } - - button .oa.connect -text "Connect" -command launch - pack .oa.connect -side top -fill x - - frame .oa.b - button .oa.b.done -text "Done" -command {destroy .oa} - bind .oa <Escape> {destroy .oa} - button .oa.b.help -text "Help" -command help_advanced_opts - - pack .oa.b.help .oa.b.done -fill x -expand 1 -side left - - pack .oa.b -side top -fill x - - center_win .oa - wm resizable .oa 1 0 - focus .oa -} - -proc in_path {cmd} { - global env - set p $env(PATH) - foreach dir [split $p ":"] { - set try "$dir/$cmd" - if [file exists $try] { - return "$try" - } - } - return "" -} - -proc ssh_agent_restart {} { - global env - - set got_ssh_agent 0 - set got_ssh_add 0 - set got_ssh_agent2 0 - set got_ssh_add2 0 - - if {[in_path "ssh-agent"] != ""} {set got_ssh_agent 1} - if {[in_path "ssh-agent2"] != ""} {set got_ssh_agent2 1} - if {[in_path "ssh-add"] != ""} {set got_ssh_add 1} - if {[in_path "ssh-add2"] != ""} {set got_ssh_add2 1} - - set ssh_agent "" - set ssh_add "" - if {[info exists env(USER)] && $env(USER) == "runge"} { - if {$got_ssh_agent2} { - set ssh_agent "ssh-agent2" - } - if {$got_ssh_add2} { - set ssh_add "ssh-add2" - } - } - if {$ssh_agent == "" && $got_ssh_agent} { - set ssh_agent "ssh-agent" - } - if {$ssh_add == "" && $got_ssh_add} { - set ssh_add "ssh-add" - } - if {$ssh_agent == ""} { - bell - mesg "could not find ssh-agent in PATH" - return - } - if {$ssh_add == ""} { - bell - mesg "could not find ssh-add in PATH" - return - } - set tmp $env(HOME)/.vnc-sa[pid] - set fh "" - catch {set fh [open $tmp "w"]} - if {$fh == ""} { - bell - mesg "could not open tmp file $tmp" - return - } - - puts $fh "#!/bin/sh" - puts $fh "eval `$ssh_agent -s`" - puts $fh "$ssh_add" - puts $fh "SSL_VNC_GUI_CHILD=\"\"" - puts $fh "export SSL_VNC_GUI_CHILD" - - global buck_zero - set cmd $buck_zero - - if [info exists env(SSL_VNC_GUI_CMD)] { - set cmd $env(SSL_VNC_GUI_CMD) - } - #puts $fh "$cmd </dev/null 1>/dev/null 2>/dev/null &" - puts $fh "nohup $cmd &" - puts $fh "sleep 1" - puts $fh "#rm -f $tmp" - close $fh - - wm withdraw . - catch {wm withdraw .o} - catch {wm withdraw .oa} - -# exec xterm -geometry +200+200 -title "Restarting with ssh-agent/ssh-add" -e sh $tmp & - unix_terminal_cmd "+200+200" "Restarting with ssh-agent/ssh-add" "sh $tmp" 1 - after 10000 - destroy . - exit -} - -proc putty_pw_entry {mode} { - if {$mode == "check"} { - global use_sshssl use_ssh - if {$use_sshssl || $use_ssh} { - putty_pw_entry enable - } else { - putty_pw_entry disable - } - return - } - if {$mode == "disable"} { - catch {.o.pw.l configure -state disabled} - catch {.o.pw.e configure -state disabled} - } else { - catch {.o.pw.l configure -state normal} - catch {.o.pw.e configure -state normal} - } -} - -proc set_options {} { - global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233 - global use_nojpeg use_raise_on_beep use_compresslevel use_quality - global compresslevel_text quality_text - global env is_windows darwin_cotvnc - - catch {destroy .o} - toplevel .o - wm title .o "Set SSL VNC Viewer options" - - set i 1 - - checkbutton .o.b$i -anchor w -variable use_ssh -text \ - "Use SSH instead" \ - -command {if {$use_ssh} {set use_sshssl 0}; putty_pw_entry check} - incr i - - checkbutton .o.b$i -anchor w -variable use_sshssl -text \ - "Use SSH and SSL" \ - -command {if {$use_sshssl} {set use_ssh 0}; putty_pw_entry check} - set iss $i - incr i - - checkbutton .o.b$i -anchor w -variable use_viewonly -text \ - "View Only" - incr i - - checkbutton .o.b$i -anchor w -variable use_fullscreen -text \ - "Fullscreen" - incr i - - checkbutton .o.b$i -anchor w -variable use_raise_on_beep -text \ - "Raise On Beep" - if {$darwin_cotvnc} {.o.b$i configure -state disabled} - incr i - - checkbutton .o.b$i -anchor w -variable use_bgr233 -text \ - "Use 8bit color (-bgr233)" - if {$darwin_cotvnc} {.o.b$i configure -state disabled} - incr i - - checkbutton .o.b$i -anchor w -variable use_alpha -text \ - "Cursor alphablending (32bpp required)" - if {$darwin_cotvnc} {.o.b$i configure -state disabled} - set ia $i - incr i - - checkbutton .o.b$i -anchor w -variable use_grab -text \ - "Use XGrabServer" - if {$darwin_cotvnc} {.o.b$i configure -state disabled} - set ix $i - incr i - - checkbutton .o.b$i -anchor w -variable use_nojpeg -text \ - "Do not use JPEG (-nojpeg)" - if {$darwin_cotvnc} {.o.b$i configure -state disabled} - incr i - - menubutton .o.b$i -anchor w -menu .o.b$i.m -textvariable compresslevel_text - set compresslevel_text "Compress Level: $use_compresslevel" - if {$darwin_cotvnc} {.o.b$i configure -state disabled} - - menu .o.b$i.m -tearoff 0 - for {set j -1} {$j < 10} {incr j} { - set v $j - set l $j - if {$j == -1} { - set v "default" - set l "default" - } - .o.b$i.m add radiobutton -variable use_compresslevel \ - -value $v -label $l -command \ - {set compresslevel_text "Compress Level: $use_compresslevel"} - } - incr i - - menubutton .o.b$i -anchor w -menu .o.b$i.m -textvariable quality_text - set quality_text "Quality: $use_quality" - if {$darwin_cotvnc} {.o.b$i configure -state disabled} - - menu .o.b$i.m -tearoff 0 - for {set j -1} {$j < 10} {incr j} { - set v $j - set l $j - if {$j == -1} { - set v "default" - set l "default" - } - .o.b$i.m add radiobutton -variable use_quality \ - -value $v -label $l -command \ - {set quality_text "Quality: $use_quality"} - } - incr i - - for {set j 1} {$j < $i} {incr j} { - pack .o.b$j -side top -fill x - } - - if {$is_windows} { - .o.b$ia configure -state disabled - .o.b$ix configure -state disabled - } - - if {$is_windows} { - frame .o.pw - label .o.pw.l -text "Putty PW:" - entry .o.pw.e -width 10 -show * -textvariable putty_pw - pack .o.pw.l -side left - pack .o.pw.e -side left -expand 1 -fill x - pack .o.pw -side top -fill x - putty_pw_entry check - } else { - button .o.sa -text "Use ssh-agent" -command ssh_agent_restart - pack .o.sa -side top -fill x - } - - button .o.s_prof -text "Save Profile ..." -command {save_profile; raise .o} - button .o.l_prof -text " Load Profile ..." -command {load_profile; raise .o} - button .o.advanced -text "Advanced ..." -command set_advanced_options - button .o.connect -text "Connect" -command launch - button .o.clear -text "Clear Options" -command set_defaults - pack .o.s_prof -side top -fill x - pack .o.l_prof -side top -fill x - #pack .o.inc -side top -fill x - pack .o.clear -side top -fill x - pack .o.advanced -side top -fill x - pack .o.connect -side top -fill x - - frame .o.b - button .o.b.done -text "Done" -command {destroy .o} - bind .o <Escape> {destroy .o} - button .o.b.help -text "Help" -command help_opts - - pack .o.b.help .o.b.done -fill x -expand 1 -side left - - pack .o.b -side top -fill x - - center_win .o - wm resizable .o 1 0 - focus .o -} - -global env -set is_windows 0 -set help_font "-font fixed" -if { [regexp -nocase {Windows} $tcl_platform(os)]} { - cd util - set help_font "" - set is_windows 1 -} - -if {[regexp -nocase {Windows.9} $tcl_platform(os)]} { - set is_win9x 1 -} else { - set is_win9x 0 -} - -set uname "" -if {! $is_windows} { - catch {set uname [exec uname]} -} - -set darwin_cotvnc 0 -if {$uname == "Darwin"} { - if {! [info exists env(DISPLAY)]} { - set darwin_cotvnc 1 - } - if [info exists env(HOME)] { - set t "$env(HOME)/.vnc" - if {! [file exists $t]} { - catch {file mkdir $t} - } - } -} - -set putty_pw "" - -global scroll_text_focus -set scroll_text_focus 1 - -wm title . "SSL VNC Viewer" -wm resizable . 1 0 - -set_defaults -set skip_pre 0 - -set vncdisplay "" - -label .l -text "SSL TightVNC Viewer" -relief ridge - -set wl 21 -set we 40 -frame .f0 -#label .f0.l -width $wl -anchor w -text "VNC Host:Display" -relief ridge -label .f0.l -anchor w -text "VNC Host:Display" -relief ridge -entry .f0.e -width $we -textvariable vncdisplay -pack .f0.l -side left -pack .f0.e -side left -expand 1 -fill x -bind .f0.e <Return> launch - -frame .f1 -label .f1.l -width $wl -anchor w -text "Proxy/Gateway:" -relief ridge -entry .f1.e -width $we -textvariable vncdisplay -pack .f1.l -side left -pack .f1.e -side left -expand 1 -fill x - -frame .f2 -label .f2.l -width $wl -anchor w -text "Remote SSH Command:" -relief ridge -entry .f2.e -width $we -textvariable vncdisplay -pack .f2.l -side left -pack .f2.e -side left -expand 1 -fill x -.f2.l configure -state disabled -.f2.e configure -state disabled - -frame .f3 -# -command -checkbutton .f3.ssl -anchor w -variable use_ssl -text "Use SSL" -checkbutton .f3.ssh -anchor w -variable use_ssh -text "Use SSH" -checkbutton .f3.sshssl -anchor w -variable use_sshssl -text "Use SSH and SSL" -set use_ssl 1 -pack .f3.ssl .f3.ssh .f3.sshssl -side left -fill x - -frame .b -button .b.help -text "Help" -command help -button .b.certs -text "Certs ..." -command getcerts -button .b.opts -text "Options ..." -command set_options -button .b.load -text "Load" -command {load_profile} -button .b.conn -text "Connect" -command launch -button .b.exit -text "Exit" -command {destroy .; exit} - - -pack .b.certs .b.opts .b.load .b.conn .b.help .b.exit -side left -expand 1 -fill x - -#pack .l .f0 .f1 .f2 .f3 .b -side top -fill x -pack .l .f0 .b -side top -fill x -if {![info exists env(SSL_VNC_GUI_CHILD)] || $env(SSL_VNC_GUI_CHILD) == ""} { - center_win . -} -focus .f0.e - -global system_button_face -set system_button_face "" -foreach item [.b.help configure -bg] { - set system_button_face $item -} - -if {[info exists env(SSL_VNC_GUI_CMD)]} { - set env(SSL_VNC_GUI_CHILD) 1 - bind . <Control-n> "exec $env(SSL_VNC_GUI_CMD) &" -} -bind . <Control-q> "destroy .; exit" -bind . <Shift-Escape> "destroy .; exit" -bind . <Control-s> "launch_shell_only" -bind . <Control-p> {port_knock_only "" "KNOCK"} -bind . <Control-P> {port_knock_only "" "FINISH"} -bind . <Control-l> {load_profile} -bind . <B3-ButtonRelease> {load_profile} - -global entered_gui_top button_gui_top -set entered_gui_top 0 -set button_gui_top 0 -bind . <Enter> {set entered_gui_top 1} -bind .l <ButtonPress> {set button_gui_top 1} -bind .f0.l <ButtonPress> {set button_gui_top 1} - -update diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_vncviewer deleted file mode 100755 index 0477eee..0000000 --- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssl_vncviewer +++ /dev/null @@ -1,638 +0,0 @@ -#!/bin/sh -# -# ssl_vncviewer: wrapper for vncviewer to use an stunnel SSL tunnel -# or an SSH tunnel. -# -# Copyright (c) 2006 by Karl J. Runge <runge@karlrunge.com> -# -# You must have stunnel(8) installed on the system and in your PATH -# (however, see the -ssh option below, in which case you will need ssh(1) -# installed) Note: stunnel is usually installed in an "sbin" subdirectory. -# -# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..." -# already running as the VNC server on the remote machine. -# (or use stunnel on the server side for any other VNC server) -# -# -# Usage: ssl_vncviewer [cert-args] host:display <vncviewer-args> -# -# e.g.: ssl_vncviewer snoopy:0 -# ssl_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile" -# -# [cert-args] can be: -# -# -verify /path/to/cacert.pem -# -mycert /path/to/mycert.pem -# -proxy host:port -# -# -verify specifies a CA cert PEM file (or a self-signed one) for -# authenticating the VNC server. -# -# -mycert specifies this client's cert+key PEM file for the VNC server to -# authenticate this client. -# -# -proxy try host:port as a Web proxy to use the CONNECT method -# to reach the VNC server (e.g. your firewall requires a proxy). -# -# For the "double proxy" case use -proxy host1:port1,host2:port2 -# (the first CONNECT is done through host1:port1 to host2:port2 -# and then a 2nd CONNECT to the destination VNC server.) -# -# See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL -# certificates with VNC. -# -# A few other args (not related to SSL and certs): -# -# -ssh Use ssh instead of stunnel SSL. ssh(1) must be installed and you -# must be able to log into the remote machine via ssh. -# -# In this case "host:display" may be of the form "user@host:display" -# where "user@host" is used for the ssh login (see ssh(1) manpage). -# -# If -proxy is supplied it can be of the forms: "gwhost" "gwhost:port" -# "user@gwhost" or "user@gwhost:port". "gwhost" is an incoming ssh -# gateway machine (the VNC server is not running there), an ssh -L -# redir is used to "host" in "host:display" from "gwhost". Any "user@" -# part must be in the -proxy string (not in "host:display"). -# -# Under -proxy use "gwhost:port" if connecting to any ssh port -# other than the default (22). (even for the non-gateway case, -# -proxy must be used to specify a non-standard ssh port) -# -# A "double ssh" can be specified via a -proxy string with the two -# hosts separated by a comma: -# -# [user1@]host1[:port1],[user2@]host2[:port2] -# -# in which case a ssh to host1 and thru it via a -L redir a 2nd -# ssh is established to host2. -# -# Examples: -# -# ssl_vncviewer -ssh bob@bobs-home.net:0 -# ssl_vncviewer -ssh -sshcmd 'x11vnc -localhost' bob@bobs-home.net:0 -# -# ssl_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0 -# ssl_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0 -# -# ssl_vncviewer -ssh -proxy fred@gw-host,fred@peecee localhost:0 -# -# -sshcmd cmd Run "cmd" via ssh instead of the default "sleep 15" -# e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900' -# -# -sshargs "args" pass "args" to the ssh process, e.g. -L/-R port redirs. -# -# -sshssl Tunnel the SSL connection thru a SSH connection. The tunnel as -# under -ssh is set up and the SSL connection goes thru it. Use -# this if you want to have and end-to-end SSL connection but must -# go thru a SSH gateway host (e.g. not the vnc server). Or use -# this if you need to tunnel additional services via -R and -L -# (see -sshargs above). -# -# ssl_vncviewer -sshssl -proxy fred@mygate.com mymachine:0 -# -# -# -alpha turn on cursor alphablending hack if you are using the -# enhanced tightvnc vncviewer. -# -# -grab turn on XGrabServer hack if you are using the enhanced tightvnc -# vncviewer (e.g. for fullscreen mode in some windowmanagers like -# fvwm that do not otherwise work in fullscreen mode) -# -# -# set VNCVIEWERCMD to whatever vncviewer command you want to use. -# -VNCIPCMD=${VNCVIEWERCMD:-vncip} -VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer} -# -# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc. -# - -PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH - -if [ "X$STUNNEL" = "X" ]; then - type stunnel4 > /dev/null 2>&1 - if [ $? = 0 ]; then - STUNNEL=stunnel4 - else - STUNNEL=stunnel - fi -fi - -help() { - tail +2 "$0" | sed -e '/^$/ q' -} - -gotalpha="" -use_ssh="" -use_sshssl="" -direct_connect="" -ssh_sleep=15 -ssh_cmd="sleep $ssh_sleep" -if [ "X$SSL_VNCVIEWER_SSH_CMD" != "X" ]; then - ssh_cmd="$SSL_VNCVIEWER_SSH_CMD" -fi -ssh_args="" - -# grab our cmdline options: -while [ "X$1" != "X" ] -do - case $1 in - "-verify") shift; verify="$1" - ;; - "-mycert") shift; mycert="$1" - ;; - "-proxy") shift; proxy="$1" - ;; - "-ssh") use_ssh=1 - ;; - "-sshssl") use_ssh=1 - use_sshssl=1 - ;; - "-sshcmd") shift; ssh_cmd="$1" - ;; - "-sshargs") shift; ssh_args="$1" - ;; - "-alpha") gotalpha=1 - ;; - "-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER - ;; - "-h"*) help; exit 0 - ;; - "--h"*) help; exit 0 - ;; - *) break - ;; - esac - shift -done - -if [ "X$gotalpha" != "X1" ]; then - NO_ALPHABLEND=1 - export NO_ALPHABLEND -fi - -orig="$1" -shift - -if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then - if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then - echo "-mycert and -verify cannot be used in -ssh mode" - exit 1 - fi -fi - -if echo "$orig" | grep '^vnc://' > /dev/null; then - orig=`echo "$orig" | sed -e 's,vnc://,,'` - verify="" - mycert="" - use_ssh="" - use_sshssl="" - direct_connect=1 -fi - -# play around with host:display port: -if echo "$orig" | grep ':' > /dev/null; then - : -else - orig="$orig:0" -fi - -host=`echo "$orig" | awk -F: '{print $1}'` -disp=`echo "$orig" | awk -F: '{print $2}'` -if [ "X$host" = "X" ]; then - host=localhost -fi -if [ $disp -lt 200 ]; then - port=`expr $disp + 5900` -else - port=$disp -fi - -# try to find an open listening port via netstat(1): -inuse="" -if uname | grep Linux > /dev/null; then - inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'` -elif uname | grep SunOS > /dev/null; then - inuse=`netstat -an -f inet -P tcp | grep LISTEN | awk '{print $1}' | sed 's/^.*\.//'` -# add others... -fi - -date_sec=`date +%S` - -findfree() { - try0=$1 - try=$try0 - use0="" - - while [ $try -lt 6000 ] - do - if [ "X$inuse" = "X" ]; then - break - fi - if echo "$inuse" | grep -w $try > /dev/null; then - : - else - use0=$try - break - fi - try=`expr $try + 1` - done - if [ "X$use0" = "X" ]; then - use0=`expr $date_sec + $try0` - fi - - echo $use0 -} - -use=`findfree 5930` - -if [ $use -ge 5900 ]; then - N=`expr $use - 5900` -else - N=$use -fi - -if echo "$0" | grep vncip > /dev/null; then - VNCVIEWERCMD="$VNCIPCMD" -fi - -if [ "X$use_ssh" = "X1" ]; then - ssh_port="22" - ssh_host="$host" - vnc_host="localhost" - ssh=${SSH:-"ssh -x"} - if echo "$proxy" | grep "," > /dev/null; then - proxy1=`echo "$proxy" | awk -F, '{print $1}'` - proxy2=`echo "$proxy" | awk -F, '{print $2}'` - # user1@gw1.com:port1,user2@ws2:port2 - ssh_host1=`echo "$proxy1" | awk -F: '{print $1}'` - ssh_port1=`echo "$proxy1" | awk -F: '{print $2}'` - if [ "X$ssh_port1" = "X" ]; then - ssh_port1="22" - fi - ssh_host2=`echo "$proxy2" | awk -F: '{print $1}'` - ssh_user2=`echo "$ssh_host2" | awk -F@ '{print $1}'` - ssh_host2=`echo "$ssh_host2" | awk -F@ '{print $2}'` - if [ "X$ssh_host2" = "X" ]; then - ssh_host2=$ssh_user2 - ssh_user2="" - else - ssh_user2="${ssh_user2}@" - fi - ssh_port2=`echo "$proxy2" | awk -F: '{print $2}'` - if [ "X$ssh_port2" = "X" ]; then - ssh_port2="22" - fi - proxport=`findfree 3500` - echo - echo "Running 1st ssh proxy:" - echo "$ssh -f -x -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\"" - $ssh -f -x -p $ssh_port1 -t -e none -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30" - ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes" - sleep 1 - stty sane - proxy="${ssh_user2}localhost:$proxport" - fi - if [ "X$proxy" != "X" ]; then - ssh_port=`echo "$proxy" | awk -F: '{print $2}'` - if [ "X$ssh_port" = "X" ]; then - ssh_port="22" - fi - ssh_host=`echo "$proxy" | awk -F: '{print $1}'` - vnc_host="$host" - fi - echo "" - echo "Running ssh:" - sz=`echo "$ssh_cmd" | wc -c` - if [ "$sz" -gt 200 ]; then - info="..." - else - info="$ssh_cmd" - fi - - C="" - if [ "X$SSL_VNCVIEWER_USE_C" != "X" ]; then - C="-C" - fi - # the -t option actually speeds up typing response via VNC!! - if [ "X$SSL_VNCVIEWER_SSH_ONLY" != "X" ]; then - echo "$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host \"$info\"" - echo "" - $ssh -x -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd" - exit $? - elif [ "X$SSL_VNCVIEWER_NO_F" != "X" ]; then - echo "$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\"" - echo "" - $ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd" - else - echo "$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\"" - echo "" - $ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd" - fi - if [ "$?" != "0" ]; then - echo "" - echo "ssh to $ssh_host failed." - exit 1 - fi - echo "" - if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then - sleep 1 - else - # let any command get started a bit. - sleep 5 - fi - echo "" - #reset - stty sane - if [ "X$use_sshssl" = "X" ]; then - echo "Running viewer:" - echo "$VNCVIEWERCMD" "$@" localhost:$N - echo "" - "$VNCVIEWERCMD" "$@" localhost:$N - - exit $? - else - use2=`findfree 5960` - host0=$host - port0=$port - host=localhost - port=$use - use=$use2 - N=`expr $use - 5900` - proxy="" - fi -fi - -# create the stunnel config file: -if [ "X$verify" != "X" ]; then - if [ -d $verify ]; then - verify="CApath = $verify" - else - verify="CAfile = $verify" - fi - verify="$verify -verify = 2" -fi -if [ "X$mycert" != "X" ]; then - cert="cert = $mycert" -fi - -mytmp() { - tf=$1 - rm -rf "$tf" || exit 1 - if [ -d "$tf" ]; then - echo "tmp file $tf still exists as a directory." - exit 1 - elif [ -L "$tf" ]; then - echo "tmp file $tf still exists as a symlink." - exit 1 - elif [ -f "$tf" ]; then - echo "tmp file $tf still exists." - exit 1 - fi - touch "$tf" || exit 1 - chmod 600 "$tf" || exit 1 -} - -if echo "$RANDOM" | grep '[^0-9]' > /dev/null; then - RANDOM=`date +%S` -fi - -pcode() { - tf=$1 - SSL_VNC_PROXY=$proxy; export SSL_VNC_PROXY - SSL_VNC_DEST="$host:$port"; export SSL_VNC_DEST - cod='#!/usr/bin/perl - -# A hack to glue stunnel to a Web proxy for client connections. - -use IO::Socket::INET; - -my ($first, $second) = split(/,/, $ENV{SSL_VNC_PROXY}); -my ($proxy_host, $proxy_port) = split(/:/, $first); -my $connect = $ENV{SSL_VNC_DEST}; - -print STDERR "\nperl script for web proxing:\n"; -print STDERR "proxy_host: $proxy_host\n"; -print STDERR "proxy_port: $proxy_port\n"; -print STDERR "proxy_connect: $connect\n"; - -my $listen_handle = ""; -if ($ENV{SSL_VNC_LISTEN} != "") { - my $listen_sock = IO::Socket::INET->new( - Listen => 2, - LocalAddr => "localhost", - LocalPort => $ENV{SSL_VNC_LISTEN}, - Proto => "tcp"); - if (! $listen_sock) { - die "perl proxy: $!\n"; - } - my $ip; - ($listen_handle, $ip) = $listen_sock->accept(); - if (! $listen_handle) { - die "perl proxy: $!\n"; - } -} - -my $sock = IO::Socket::INET->new( - PeerAddr => $proxy_host, - PeerPort => $proxy_port, - Proto => "tcp"); - -if (! $sock) { - unlink($0); - die "perl proxy: $!\n"; -} - -my $con = ""; -if ($second ne "") { - $con = "CONNECT $second HTTP/1.1\r\n"; - $con .= "Host: $second\r\n\r\n"; -} else { - $con = "CONNECT $connect HTTP/1.1\r\n"; - $con .= "Host: $connect\r\n\r\n"; -} - -print STDERR "proxy_request1:\n$con"; -print $sock $con; - -unlink($0); - -my $rep = ""; -while ($rep !~ /\r\n\r\n/) { - my $c = getc($sock); - print STDERR $c; - $rep .= $c; -} -if ($rep !~ m,HTTP/.* 200,) { - die "proxy error: $rep\n"; -} - -if ($second ne "") { - $con = "CONNECT $connect HTTP/1.1\r\n"; - $con .= "Host: $connect\r\n\r\n"; - print STDERR "proxy_request2:\n$con"; - - print $sock $con; - - $rep = ""; - while ($rep !~ /\r\n\r\n/) { - my $c = getc($sock); - print STDERR $c; - $rep .= $c; - } - if ($rep !~ m,HTTP/.* 200,) { - die "proxy error: $rep\n"; - } -} - -if (fork) { - print STDERR "parent\[$$] STDIN -> socket\n\n"; - if ($listen_handle) { - xfer($listen_handle, $sock); - } else { - xfer(STDIN, $sock); - } -} else { - print STDERR "child \[$$] socket -> STDOUT\n\n"; - if ($listen_handle) { - xfer($sock, $listen_handle); - } else { - xfer($sock, STDOUT); - } -} -exit; - -sub xfer { - my($in, $out) = @_; - $RIN = $WIN = $EIN = ""; - $ROUT = ""; - vec($RIN, fileno($in), 1) = 1; - vec($WIN, fileno($in), 1) = 1; - $EIN = $RIN | $WIN; - - while (1) { - my $nf = 0; - while (! $nf) { - $nf = select($ROUT=$RIN, undef, undef, undef); - } - my $len = sysread($in, $buf, 8192); - if (! defined($len)) { - next if $! =~ /^Interrupted/; - print STDERR "perl proxy\[$$]: $!\n"; - last; - } elsif ($len == 0) { - print STDERR "perl proxy\[$$]: Input is EOF.\n"; - last; - } - my $offset = 0; - my $quit = 0; - while ($len) { - my $written = syswrite($out, $buf, $len, $offset); - if (! defined $written) { - print STDERR "perl proxy\[$$]: Output is EOF. $!\n"; - $quit = 1; - last; - } - $len -= $written; - $offset += $written; - } - last if $quit; - } - close($in); - close($out); -} -' - echo "$cod" > $tf - chmod 700 $tf -} - -ptmp="" -if [ "X$proxy" != "X" ]; then - ptmp="/tmp/ssl_vncviewer${RANDOM}.$$.pl" - mytmp "$ptmp" - pcode "$ptmp" - connect="exec = $ptmp" -else - connect="connect = $host:$port" -fi - -if [ "X$direct_connect" != "X" ]; then - echo "" - echo "Running viewer for direct connection:" - echo "" - echo "** NOTE: THERE WILL BE NO SSL OR SSH ENCRYPTION **" - echo "" - if type printf > /dev/null 2>&1; then - printf "Are you sure you want to continue? [y]/n " - else - echo -n "Are you sure you want to continue? [y]/n " - fi - read x - if [ "X$x" = "Xn" ]; then - exit 1 - fi - echo "" - if [ "X$ptmp" != "X" ]; then - SSL_VNC_LISTEN=$use - export SSL_VNC_LISTEN - $ptmp & - sleep 2 - host="localhost" - disp="$N" - fi - echo "$VNCVIEWERCMD" "$@" $host:$disp - echo "" - "$VNCVIEWERCMD" "$@" $host:$disp - exit $? -fi - -##debug = 7 -tmp=/tmp/ssl_vncviewer${RANDOM}.$$ -mytmp "$tmp" - -cat > "$tmp" <<END -foreground = yes -pid = -client = yes -debug = 6 -$STUNNEL_EXTRA_OPTS -$verify -$cert - -[vnc_stunnel] -accept = localhost:$use -$connect -END - -echo "" -echo "Using this stunnel configuration:" -echo "" -cat "$tmp" | uniq -echo "" -sleep 1 - -echo "" -echo "Running: stunnel" -echo "$STUNNEL $tmp" -$STUNNEL "$tmp" < /dev/tty > /dev/tty & -pid=$! -echo "" - -# pause here to let the user supply a possible passphrase for the -# mycert key: -if [ "X$mycert" != "X" ]; then - sleep 4 -fi -sleep 2 -rm -f "$tmp" - -echo "" -echo "Running viewer:" -echo "$VNCVIEWERCMD" "$@" localhost:$N -echo "" -"$VNCVIEWERCMD" "$@" localhost:$N - -kill $pid -sleep 1 |