From 1776a3a55f59052bd69509c889e4370973305f0d Mon Sep 17 00:00:00 2001 From: runge Date: Thu, 8 Jun 2006 23:06:26 +0000 Subject: x11vnc: -display WAIT:..., -users unixpw=, su_verify dpy command. --- x11vnc/help.c | 170 ++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 118 insertions(+), 52 deletions(-) (limited to 'x11vnc/help.c') diff --git a/x11vnc/help.c b/x11vnc/help.c index 14713c2..dc89c68 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -69,7 +69,8 @@ void print_help(int mode) { "-display disp X11 server display to connect to, usually :0. The X\n" " server process must be running on same machine and\n" " support MIT-SHM. Equivalent to setting the DISPLAY\n" -" environment variable to \"disp\".\n" +" environment variable to \"disp\". See the description\n" +" below of the \"-display WAIT:...\" extensions.\n" "-auth file Set the X authority file to be \"file\", equivalent to\n" " setting the XAUTHORITY environment variable to \"file\"\n" " before startup. Same as -xauth file. See Xsecurity(7),\n" @@ -298,7 +299,7 @@ void print_help(int mode) { " and only loop 5 times.\n" "-timeout n Exit unless a client connects within the first n seconds\n" " after startup.\n" -"-inetd Launched by inetd(1): stdio instead of listening socket.\n" +"-inetd Launched by inetd(8): stdio instead of listening socket.\n" " Note: if you are not redirecting stderr to a log file\n" " (via shell 2> or -o option) you MUST also specify the -q\n" " option, otherwise the stderr goes to the viewer which\n" @@ -554,6 +555,62 @@ void print_help(int mode) { " for any other modern environment. All of the -unixpw\n" " options and contraints apply.\n" "\n" +"-display WAIT:... A special usage mode for the normal -display option.\n" +" Useful with -unixpw, but can be used independently\n" +" of it. If the display string begins with WAIT: then\n" +" x11vnc waits until a VNC client connects before opening\n" +" the X display (or -rawfb device).\n" +"\n" +" This could be useful for delaying opening the display\n" +" for certain usage modes (say if x11vnc is started at\n" +" boot time and no X server is running or users logged\n" +" in yet).\n" +"\n" +" If the string is, e.g. WAIT:0.0 or WAIT:1, i.e. \"WAIT\"\n" +" in front of a normal X display, then that indicated\n" +" display is used. A more interesting case is like this:\n" +"\n" +" WAIT:cmd=/usr/local/bin/find_display\n" +"\n" +" in which case the command after \"cmd=\" is run to\n" +" dynamically work out the DISPLAY and optionally the\n" +" XAUTHORITY data. The first line of the command output\n" +" must be of the form DISPLAY=. Any remaining\n" +" output is taken as XAUTHORITY data. It can be either\n" +" of the form XAUTHORITY= or raw xauthority data for\n" +" the display (e.g. \"xauth extract - $DISPLAY\" output).\n" +"\n" +" In the case of -unixpw, then the above command is run\n" +" as the user who just authenticated via the login and\n" +" password prompt.\n" +"\n" +" Thus the combination of -display WAIT:cmd=... and\n" +" -unixpw allows automatic pairing of an unix\n" +" authenticated VNC user with his desktop. This could\n" +" be very useful on SunRays and also any system where\n" +" multiple users share a given machine. The user does\n" +" not need to remember special ports or passwords set up\n" +" for his desktop and VNC.\n" +"\n" +" A nice way to use WAIT:cmd=... is out of inetd(8)\n" +" (it automatically forks a new x11vnc for each user).\n" +" You can have the x11vnc inetd spawned process run as,\n" +" say, root or nobody. When run as root (for either\n" +" inetd or display manager), you can also supply the\n" +" option \"-users unixpw=\" to have the x11vnc process\n" +" switch to the user as well. Note: there will be a 2nd\n" +" SSL helper process that will not switch, but it is only\n" +" encoding and decoding the stream at that point.\n" +"\n" +" As a special case, WAIT:cmd=FINDDISPLAY will run a\n" +" script that works on most Unixes to determine a user's\n" +" DISPLAY variable and xauthority data. this is TBD.\n" +"\n" +" Finally, one can insert a geometry between colons,\n" +" e.g. WAIT:1280x1024:... to set the size of the display\n" +" the VNC client first attaches to since some VNC viewers\n" +" will not automatically adjust to a new framebuffer size.\n" +"\n" "-ssl [pem] Use the openssl library (www.openssl.org) to provide a\n" " built-in encrypted SSL tunnel between VNC viewers and\n" " x11vnc. This requires libssl support to be compiled\n" @@ -689,24 +746,24 @@ void print_help(int mode) { " is attempted to be loaded. As a kludge, use a token\n" " like ../server-foo to load a server cert if you find\n" " that necessary.\n" -" \n" +"\n" " Use -ssldir to use a directory different from the\n" " ~/.vnc/certs default.\n" -" \n" +"\n" " Note that if the \"CA\" cert is loaded you do not need\n" " to load any of the certs that have been signed by it.\n" " You will need to load any additional self-signed certs\n" " however.\n" -" \n" +"\n" " Examples:\n" " x11vnc -ssl -sslverify CA\n" " x11vnc -ssl -sslverify self:fred,self:jim\n" " x11vnc -ssl -sslverify CA,clients\n" -" \n" +"\n" " Usually \"-sslverify CA\" is the most effective.\n" " See the -sslGenCA and -sslGenCert options below for\n" " how to set up and manage the CA framework.\n" -" \n" +"\n" "\n" "\n" " NOTE: the following utilities, -sslGenCA, -sslGenCert,\n" @@ -1092,7 +1149,7 @@ void print_help(int mode) { " otherwise the client is rejected. See below for an\n" " extension to accept a client view-only.\n" "\n" -" If x11vnc is running as root (say from inetd(1) or from\n" +" If x11vnc is running as root (say from inetd(8) or from\n" " display managers xdm(1), gdm(1), etc), think about the\n" " security implications carefully before supplying this\n" " option (likewise for the -gone option).\n" @@ -1163,75 +1220,84 @@ void print_help(int mode) { " Unlike -accept, the command return code is not\n" " interpreted by x11vnc. Example: -gone 'xlock &'\n" "\n" -"-users list If x11vnc is started as root (say from inetd(1) or from\n" +"-users list If x11vnc is started as root (say from inetd(8) or from\n" " display managers xdm(1), gdm(1), etc), then as soon\n" " as possible after connections to the X display are\n" " established try to switch to one of the users in the\n" " comma separated \"list\". If x11vnc is not running as\n" " root this option is ignored.\n" -" \n" +"\n" " Why use this option? In general it is not needed since\n" " x11vnc is already connected to the X display and can\n" " perform its primary functions. The option was added\n" " to make some of the *external* utility commands x11vnc\n" " occasionally runs work properly. In particular under\n" " GNOME and KDE to implement the \"-solid color\" feature\n" -" external commands (gconftool-2 and dcop) must be run\n" -" as the user owning the desktop session. Since this\n" -" option switches userid it also affects the userid used\n" -" to run the processes for the -accept and -gone options.\n" -" It also affects the ability to read files for options\n" -" such as -connect, -allow, and -remap. Note that the\n" -" -connect file is also sometimes written to.\n" -" \n" -" So be careful with this option since in many situations\n" +" external commands (gconftool-2 and dcop) unfortunately\n" +" must be run as the user owning the desktop session.\n" +" Since this option switches userid it also affects the\n" +" userid used to run the processes for the -accept and\n" +" -gone options. It also affects the ability to read\n" +" files for options such as -connect, -allow, and -remap.\n" +" Note that the -connect file is also sometimes written\n" +" to.\n" +"\n" +" So be careful with this option since in some situations\n" " its use can decrease security.\n" -" \n" -" The switch to a user will only take place if the\n" -" display can still be successfully opened as that user\n" -" (this is primarily to try to guess the actual owner\n" +"\n" +" In general the switch to a user will only take place\n" +" if the display can still be successfully opened as that\n" +" user (this is primarily to try to guess the actual owner\n" " of the session). Example: \"-users fred,wilma,betty\".\n" " Note that a malicious user \"barney\" by quickly using\n" -" \"xhost +\" when logging in may get x11vnc to switch\n" -" to user \"fred\". What happens next?\n" -" \n" +" \"xhost +\" when logging in may possibly get the x11vnc\n" +" process to switch to user \"fred\". What happens next?\n" +"\n" " Under display managers it may be a long time before\n" -" the switch succeeds (i.e. a user logs in). To make\n" -" it switch immediately regardless if the display\n" +" the switch succeeds (i.e. a user logs in). To instead\n" +" make it switch immediately regardless if the display\n" " can be reopened prefix the username with the \"+\"\n" " character. E.g. \"-users +bob\" or \"-users +nobody\".\n" +"\n" " The latter (i.e. switching immediately to user\n" " \"nobody\") is probably the only use of this option\n" " that increases security.\n" -" \n" +"\n" +" In -unixpw mode, if \"-users unixpw=\" is supplied\n" +" then after a user authenticates himself via the\n" +" -unixpw mechanism, x11vnc will try to switch to that\n" +" user as though \"-users +username\" had been supplied.\n" +" If you want to limit which users this will be done for,\n" +" provide them as a comma separated list after \"unixpw=\"\n" +"\n" " To immediately switch to a user *before* connections\n" " to the X display are made or any files opened use the\n" " \"=\" character: \"-users =bob\". That user needs to\n" -" be able to open the X display of course.\n" -" \n" +" be able to open the X display and any files of course.\n" +"\n" " The special user \"guess=\" means to examine the utmpx\n" " database (see who(1)) looking for a user attached to\n" " the display number (from DISPLAY or -display option)\n" " and try him/her. To limit the list of guesses, use:\n" " \"-users guess=bob,betty\".\n" -" \n" -" Even more sinister is the special user \"lurk=\" that\n" -" means to try to guess the DISPLAY from the utmpx login\n" -" database as well. So it \"lurks\" waiting for anyone\n" -" to log into an X session and then connects to it.\n" -" Specify a list of users after the = to limit which\n" -" users will be tried. To enable a different searching\n" -" mode, if the first user in the list is something like\n" -" \":0\" or \":0-2\" that indicates a range of DISPLAY\n" -" numbers that will be tried (regardless of whether\n" -" they are in the utmpx database) for all users that\n" -" are logged in. Examples: \"-users lurk=\" and also\n" -" \"-users lurk=:0-1,bob,mary\"\n" -" \n" +"\n" +" Even more sinister is the special user \"lurk=\"\n" +" that means to try to guess the DISPLAY from the utmpx\n" +" login database as well. So it \"lurks\" waiting for\n" +" anyone to log into an X session and then connects to it.\n" +" Specify a list of users after the = to limit which users\n" +" will be tried. To enable a different searching mode, if\n" +" the first user in the list is something like \":0\" or\n" +" \":0-2\" that indicates a range of DISPLAY numbers that\n" +" will be tried (regardless of whether they are in the\n" +" utmpx database) for all users that are logged in. Also\n" +" see the \"-display WAIT:...\" functionality. Examples:\n" +" \"-users lurk=\" and also \"-users lurk=:0-1,bob,mary\"\n" +"\n" " Be especially careful using the \"guess=\" and \"lurk=\"\n" " modes. They are not recommended for use on machines\n" " with untrustworthy local users.\n" -" \n" +"\n" "-noshm Do not use the MIT-SHM extension for the polling.\n" " Remote displays can be polled this way: be careful this\n" " can use large amounts of network bandwidth. This is\n" @@ -1255,7 +1321,7 @@ void print_help(int mode) { " commands are run for GNOME and KDE respectively.\n" " Other desktops won't work, e.g. Xfce (send us the\n" " corresponding commands if you find them). If x11vnc is\n" -" running as root (inetd(1) or gdm(1)), the -users option\n" +" running as root (inetd(8) or gdm(1)), the -users option\n" " may be needed for GNOME and KDE. If x11vnc guesses\n" " your desktop incorrectly, you can force it by prefixing\n" " color with \"gnome:\", \"kde:\", \"cde:\" or \"root:\".\n" @@ -1554,7 +1620,7 @@ void print_help(int mode) { " default (see -noxfixes below). This can be disabled\n" " with -nocursor, and also some values of the \"mode\"\n" " option below.\n" -" \n" +"\n" " Note that under XFIXES cursors with transparency (alpha\n" " channel) will usually not be exactly represented and one\n" " may find Overlay preferable. See also the -alphacut\n" @@ -1606,7 +1672,7 @@ void print_help(int mode) { " pixel with alpha value less than n becomes completely\n" " transparent. Otherwise the pixel is completely opaque.\n" " Default %d\n" -" \n" +"\n" "-alphafrac fraction With the threshold in -alphacut some cursors will become\n" " almost completely transparent because their alpha values\n" " are not high enough. For those cursors adjust the\n" @@ -1872,7 +1938,7 @@ void print_help(int mode) { " So for a short time there are two (or more) block\n" " cursors on the screen. There are similar scenarios,\n" " (e.g. an output line is duplicated).\n" -" \n" +"\n" " These transients are induced by the approximation of\n" " scroll detection (e.g. it detects the scroll, but not\n" " the fact that the block cursor was cleared just before\n" @@ -2279,7 +2345,7 @@ void print_help(int mode) { " mode if the bpp is 24.\n" "\n" " video4linux: on Linux some attempt is made to handle\n" -" video devices (webcams or tv tuners) automatically.\n" +" video devices (webcams or TV tuners) automatically.\n" " The idea is the WxHxB will be extracted from the\n" " device itself. So if you do not supply \"@WxHxB...\n" " parameters x11vnc will try to determine them. It first\n" @@ -2326,7 +2392,7 @@ void print_help(int mode) { " 24, and 32 respectively). See http://www.linuxtv.org\n" " for more info (V4L api).\n" "\n" -" For tv/rf tuner cards one can set the tuning mode\n" +" For TV/rf tuner cards one can set the tuning mode\n" " via tun=XXX where XXX can be one of PAL, NTSC, SECAM,\n" " or AUTO.\n" "\n" -- cgit v1.2.1