From 8f5c9ef01ef9101cf8f8d8f1eacdaab27ac7c2c8 Mon Sep 17 00:00:00 2001 From: runge Date: Mon, 7 Dec 2009 09:15:22 -0500 Subject: [PATCH] X11VNC_EXTRA_HTTPS_PARAMS, X11VNC_HTTP_LISTEN_LOCALHOST, X11VNC_REOPEN_SLEEP_MAX, -findauth/-auth guess FD_XDM=1 for root, work around xhost SI:localuser:root. --- x11vnc/ChangeLog | 8 ++++ x11vnc/README | 76 +++++++++++++++++++++++++++++------ x11vnc/cleanup.c | 17 ++++++-- x11vnc/help.c | 63 ++++++++++++++++++++++++----- x11vnc/remote.c | 18 ++++++++- x11vnc/screen.c | 10 ++++- x11vnc/sslhelper.c | 22 ++++++++++- x11vnc/ssltools.h | 94 +++++++++++++++++++++++++++++++------------- x11vnc/x11vnc.1 | 65 +++++++++++++++++++++++++----- x11vnc/x11vnc.c | 50 +++++++++++++++-------- x11vnc/x11vnc_defs.c | 2 +- 11 files changed, 340 insertions(+), 85 deletions(-) diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog index cb9e49a..fbc3b2c 100644 --- a/x11vnc/ChangeLog +++ b/x11vnc/ChangeLog @@ -1,3 +1,11 @@ +2009-12-06 Karl Runge + * x11vnc: findauth/-auth guess works with FD_XDM=1 for root + finding dm's xauthority. Work around for GDM's recent + 'xhost SI:localuser:root' usage. X11VNC_REOPEN_SLEEP_MAX + for longer lived -reopen-ing. X11VNC_EXTRA_HTTPS_PARAMS for + additional URL parameters, X11VNC_HTTP_LISTEN_LOCALHOST=1 to + force libvncserver http to listen on localhost. + 2009-12-04 Karl Runge * classes/ssl: update binaries; new signing key; ss_vncviewer. * x11vnc: add more wish possibilities for -gui. Declare crypt() diff --git a/x11vnc/README b/x11vnc/README index b041f1a..7115695 100644 --- a/x11vnc/README +++ b/x11vnc/README @@ -2,7 +2,7 @@ Copyright (C) 2002-2009 Karl J. Runge All rights reserved. -x11vnc README file Date: Fri Dec 4 20:44:56 EST 2009 +x11vnc README file Date: Mon Dec 7 08:14:20 EST 2009 The following information is taken from these URLs: @@ -932,7 +932,12 @@ make applies heuristics that try to determine the XAUTHORITY file. The use of '[130]-auth guess' will use the XAUTHORITY that -findauth reveals. This can be handy in with the lastest GDM where the - ability to store cookies in ~/.Xauthority has been removed. + ability to store cookies in ~/.Xauthority has been removed. If + x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1 + to the above -findauth or -auth guess command lines, it will find + the correct XAUTHORITY for the given display (this works for + XDM/GDM/KDM if the login greeter panel is up or if someone has + already logged into an X session.) * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[131]-display WAIT:cmd=...", [132]-find, [133]-create) now work correctly for the user-supplied login program scheme "[134]-unixpw_cmd ...", as @@ -12894,7 +12899,7 @@ x11vnc: a VNC server for real X displays Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-04 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-06 x11vnc options: -display disp -auth file -N @@ -13021,7 +13026,7 @@ libvncserver-tight-extension options: % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-04 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-06 (type "x11vnc -opts" to just list the options.) @@ -13089,6 +13094,12 @@ Options: mechanism (described below) to try to guess the XAUTHORITY filename and use it. + XDM/GDM/KDM: if you are running x11vnc as root and want + to find the XAUTHORITY before anyone has logged into an + X session yet, use: x11vnc -env FD_XDM=1 -auth guess ... + (This will also find the XAUTHORITY if a user is already + logged into the X session.) + -N If the X display is :N, try to set the VNC display to also be :N This just sets the -rfbport option to 5900+N The program will exit immediately if that port is not @@ -13110,7 +13121,10 @@ Options: for display managers like GDM (KillInitClients option) that kill x11vnc just after the user logs into the X session. Note: the reopened state may be unstable. - Set X11VNC_REOPEN_DISPLAY=n to reopen n times. + Set X11VNC_REOPEN_DISPLAY=n to reopen n times and + set X11VNC_REOPEN_SLEEP_MAX to the number of seconds, + default 10, to keep trying to reopen the display (once + per second.) Update: as of 0.9.9, x11vnc tries to automatically avoid being killed by the display manager by delaying creating @@ -14018,17 +14032,23 @@ Options: (i.e. all the X displays on the local machine that you have access rights to). --findauth [disp] Apply the -find/-finddpy heuristics to try to guess the - XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not - supplied, then the value in the -display earlier in +-findauth [disp] Apply the -find/-finddpy heuristics to try to guess + the XAUTHORITY file for DISPLAY 'disp'. If 'disp' + is not supplied, then the value in the -display on the cmdline is used; failing that $DISPLAY is used; and failing that ":0" is used. If nothing is printed out, that means no XAUTHORITY was - found for 'disp'. If "XAUTHORITY=" is printed out, - that means use the default (i.e. do not set XAUTHORITY). - If "XAUTHORITY=/path/to/file" is printed out, then - use that file. + found for 'disp'; i.e. failure. If "XAUTHORITY=" + is printed out, that means use the default (i.e. do + not set XAUTHORITY). If "XAUTHORITY=/path/to/file" + is printed out, then use that file. + + XDM/GDM/KDM: if you are running x11vnc as root and want + to find the XAUTHORITY before anyone has logged into an + X session yet, use: x11vnc -env FD_XDM=1 -findauth ... + (This will also find the XAUTHORITY if a user is already + logged into the X session.) -create First try to find the user's display using FINDDISPLAY, if that doesn't succeed create an X session via the @@ -14270,6 +14290,12 @@ Options: for how to disable this for dtgreet on Solaris and possibly for other greeters. + In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1, + e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is + running as root (e.g. inetd) then it will try to find + the XAUTHORITY file of a running XDM/GDM/KDM login + greeter (i.e. no user has logged into an X session yet.) + As another special case, WAIT:cmd=HTTPONCE will allow x11vnc to service one http request and then exit. This is usually done in -inetd mode to run on, say, @@ -15269,7 +15295,21 @@ Options: to include the PORT= in the browser URL, simply supply "-httpsredir" to x11vnc. - This options does not work in -stunnel mode. + This option does not work in -stunnel mode. + + More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS + to be extra URL parameters to use. This way you do + not need to specify extra PARAMS in the index.vnc file. + E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ... + + If you do not want to expose the non-SSL HTTP port to + the network (i.e. you just want the single VNC/HTTPS + port, e.g. 5900, open for connections) then specify the + option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way + the connection to the libvncserver httpd server will + only be available on localhost (note that in -ssl mode, + HTTPS requests are redirected from SSL to the non-SSL + libvncserver HTTP server.) -http_oneport For UN-encrypted connections mode (i.e. no -ssl, -stunnel, or -enc options), allow the Java VNC Viewer @@ -15301,6 +15341,10 @@ Options: mode when using an SSH tunnel as well as for router port redirections. + Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1 + option described above under -httpsredir applies for + the libvncserver httpd server in all cases (ssl or not.) + -ssh user@host:disp Create a remote listening port on machine "host" via a SSH tunnel using the -R rport:localhost:lport method. lport will be the local x11vnc listening port, @@ -16135,6 +16179,12 @@ t -buttonmap currently does not work on MacOSX console or in -rawfb mode. + Workaround: use -buttonmap IJ...-LM...=n to limit the + number of mouse buttons to n, e.g. 123-123=3. This will + prevent x11vnc from crashing if the X server reports + there are 5 buttons (4/5 scroll wheel), but there are + only really 3. + -nodragging Do not update the display during mouse dragging events (mouse button held down). Greatly improves response on slow setups, but you lose all visual feedback for drags, diff --git a/x11vnc/cleanup.c b/x11vnc/cleanup.c index 5d2339d..834c567 100644 --- a/x11vnc/cleanup.c +++ b/x11vnc/cleanup.c @@ -325,13 +325,23 @@ static int XIOerr(Display *d) { #if !NO_X11 if (reopen < rmax && getenv("X11VNC_REOPEN_DISPLAY")) { int db = getenv("X11VNC_REOPEN_DEBUG") ? 1 : 0; + int sleepmax = 10, i; Display *save_dpy = dpy; - char *dstr = DisplayString(save_dpy); + char *dstr = strdup(DisplayString(save_dpy)); reopen++; + if (getenv("X11VNC_REOPEN_SLEEP_MAX")) { + sleepmax = atoi(getenv("X11VNC_REOPEN_SLEEP_MAX")); + } rfbLog("*** XIO error: Trying to reopen[%d/%d] display '%s'\n", reopen, rmax, dstr); rfbLog("*** XIO error: Note the reopened state may be unstable.\n"); - usleep (3000 * 1000); - dpy = XOpenDisplay_wr(dstr); + for (i=0; i < sleepmax; i++) { + usleep (1000 * 1000); + dpy = XOpenDisplay_wr(dstr); + rfbLog("dpy[%d/%d]: %p\n", i+1, sleepmax, dpy); + if (dpy) { + break; + } + } last_open_xdisplay = time(NULL); if (dpy) { rfbLog("*** XIO error: Reopened display '%s' successfully.\n", dstr); @@ -353,6 +363,7 @@ static int XIOerr(Display *d) { do_new_fb(1); if (db) rfbLog("*** XIO error: check_xevents\n"); check_xevents(1); + /* sadly, we can never return... */ if (db) rfbLog("*** XIO error: watch_loop\n"); watch_loop(); diff --git a/x11vnc/help.c b/x11vnc/help.c index 279c964..03c9171 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -118,6 +118,12 @@ void print_help(int mode) { " mechanism (described below) to try to guess the\n" " XAUTHORITY filename and use it.\n" "\n" +" XDM/GDM/KDM: if you are running x11vnc as root and want\n" +" to find the XAUTHORITY before anyone has logged into an\n" +" X session yet, use: x11vnc -env FD_XDM=1 -auth guess ...\n" +" (This will also find the XAUTHORITY if a user is already\n" +" logged into the X session.)\n" +"\n" "-N If the X display is :N, try to set the VNC display to\n" " also be :N This just sets the -rfbport option to 5900+N\n" " The program will exit immediately if that port is not\n" @@ -139,7 +145,10 @@ void print_help(int mode) { " for display managers like GDM (KillInitClients option)\n" " that kill x11vnc just after the user logs into the\n" " X session. Note: the reopened state may be unstable.\n" -" Set X11VNC_REOPEN_DISPLAY=n to reopen n times.\n" +" Set X11VNC_REOPEN_DISPLAY=n to reopen n times and\n" +" set X11VNC_REOPEN_SLEEP_MAX to the number of seconds,\n" +" default 10, to keep trying to reopen the display (once\n" +" per second.)\n" "\n" " Update: as of 0.9.9, x11vnc tries to automatically avoid\n" " being killed by the display manager by delaying creating\n" @@ -1064,17 +1073,23 @@ void print_help(int mode) { " (i.e. all the X displays on the local machine that you\n" " have access rights to).\n" "\n" -"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess the\n" -" XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not\n" -" supplied, then the value in the -display earlier in\n" +"-findauth [disp] Apply the -find/-finddpy heuristics to try to guess\n" +" the XAUTHORITY file for DISPLAY 'disp'. If 'disp'\n" +" is not supplied, then the value in the -display on\n" " the cmdline is used; failing that $DISPLAY is used;\n" " and failing that \":0\" is used.\n" "\n" " If nothing is printed out, that means no XAUTHORITY was\n" -" found for 'disp'. If \"XAUTHORITY=\" is printed out,\n" -" that means use the default (i.e. do not set XAUTHORITY).\n" -" If \"XAUTHORITY=/path/to/file\" is printed out, then\n" -" use that file.\n" +" found for 'disp'; i.e. failure. If \"XAUTHORITY=\"\n" +" is printed out, that means use the default (i.e. do\n" +" not set XAUTHORITY). If \"XAUTHORITY=/path/to/file\"\n" +" is printed out, then use that file.\n" +"\n" +" XDM/GDM/KDM: if you are running x11vnc as root and want\n" +" to find the XAUTHORITY before anyone has logged into an\n" +" X session yet, use: x11vnc -env FD_XDM=1 -findauth ...\n" +" (This will also find the XAUTHORITY if a user is already\n" +" logged into the X session.)\n" "\n" "-create First try to find the user's display using FINDDISPLAY,\n" " if that doesn't succeed create an X session via the\n" @@ -1316,6 +1331,12 @@ void print_help(int mode) { " for how to disable this for dtgreet on Solaris and\n" " possibly for other greeters.\n" "\n" +" In -find/cmd=FINDDISPLAY mode, if you set FD_XDM=1,\n" +" e.g. 'x11vnc -env FD_XDM=1 -find ...' and x11vnc is\n" +" running as root (e.g. inetd) then it will try to find\n" +" the XAUTHORITY file of a running XDM/GDM/KDM login\n" +" greeter (i.e. no user has logged into an X session yet.)\n" +"\n" " As another special case, WAIT:cmd=HTTPONCE will allow\n" " x11vnc to service one http request and then exit.\n" " This is usually done in -inetd mode to run on, say,\n" @@ -2315,7 +2336,21 @@ void print_help(int mode) { " to include the PORT= in the browser URL, simply supply\n" " \"-httpsredir\" to x11vnc.\n" "\n" -" This options does not work in -stunnel mode.\n" +" This option does not work in -stunnel mode.\n" +"\n" +" More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS\n" +" to be extra URL parameters to use. This way you do\n" +" not need to specify extra PARAMS in the index.vnc file.\n" +" E.g. x11vnc -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ...\n" +"\n" +" If you do not want to expose the non-SSL HTTP port to\n" +" the network (i.e. you just want the single VNC/HTTPS\n" +" port, e.g. 5900, open for connections) then specify the\n" +" option -env X11VNC_HTTP_LISTEN_LOCALHOST=1 This way\n" +" the connection to the libvncserver httpd server will\n" +" only be available on localhost (note that in -ssl mode,\n" +" HTTPS requests are redirected from SSL to the non-SSL\n" +" libvncserver HTTP server.)\n" "\n" "-http_oneport For UN-encrypted connections mode (i.e. no -ssl,\n" " -stunnel, or -enc options), allow the Java VNC Viewer\n" @@ -2347,6 +2382,10 @@ void print_help(int mode) { " mode when using an SSH tunnel as well as for router\n" " port redirections.\n" "\n" +" Note that the -env X11VNC_HTTP_LISTEN_LOCALHOST=1\n" +" option described above under -httpsredir applies for\n" +" the libvncserver httpd server in all cases (ssl or not.)\n" +"\n" "-ssh user@host:disp Create a remote listening port on machine \"host\"\n" " via a SSH tunnel using the -R rport:localhost:lport\n" " method. lport will be the local x11vnc listening port,\n" @@ -3179,6 +3218,12 @@ void print_help(int mode) { " -buttonmap currently does not work on MacOSX console\n" " or in -rawfb mode.\n" "\n" +" Workaround: use -buttonmap IJ...-LM...=n to limit the\n" +" number of mouse buttons to n, e.g. 123-123=3. This will\n" +" prevent x11vnc from crashing if the X server reports\n" +" there are 5 buttons (4/5 scroll wheel), but there are\n" +" only really 3.\n" +"\n" "-nodragging Do not update the display during mouse dragging events\n" " (mouse button held down). Greatly improves response on\n" " slow setups, but you lose all visual feedback for drags,\n" diff --git a/x11vnc/remote.c b/x11vnc/remote.c index 356aa81..71abec8 100644 --- a/x11vnc/remote.c +++ b/x11vnc/remote.c @@ -469,6 +469,20 @@ int check_httpdir(void) { } } +static void rfb_http_init_sockets(void) { + in_addr_t iface; + if (!screen) { + return; + } + iface = screen->listenInterface; + if (getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) { + rfbLog("http_connections: HTTP listen on localhost only. (not HTTPS)\n"); + screen->listenInterface = htonl(INADDR_LOOPBACK); + } + rfbHttpInitSockets(screen); + screen->listenInterface = iface; +} + void http_connections(int on) { if (!screen) { return; @@ -492,7 +506,7 @@ void http_connections(int on) { screen->httpInitDone = FALSE; if (check_httpdir()) { screen->httpDir = http_dir; - rfbHttpInitSockets(screen); + rfb_http_init_sockets(); if (screen->httpPort != 0 && screen->httpListenSock < 0) { rfbLog("http_connections: failed to listen on http port: %d\n", screen->httpPort); clean_up_exit(1); @@ -526,7 +540,7 @@ static void reset_httpport(int old, int new) { } rfbLog("reset_httpport: setting httpport %d -> %d.\n", old == -1 ? hp : old, hp); - rfbHttpInitSockets(screen); + rfb_http_init_sockets(); if (screen->httpPort != 0 && screen->httpListenSock < 0) { rfbLog("reset_httpport: failed to listen on http port: %d\n", screen->httpPort); } diff --git a/x11vnc/screen.c b/x11vnc/screen.c index b34a941..f1f4ced 100644 --- a/x11vnc/screen.c +++ b/x11vnc/screen.c @@ -3681,20 +3681,27 @@ static void announce_http(int lport, int ssl, char *iface, char *extra) { char *host = this_host(); char *jvu; + int http = 0; if (enc_str && !strcmp(enc_str, "none") && !use_stunnel) { jvu = "Java viewer URL: http"; + http = 1; } else if (ssl == 1) { jvu = "Java SSL viewer URL: https"; } else if (ssl == 2) { jvu = "Java SSL viewer URL: http"; + http = 1; } else { jvu = "Java viewer URL: http"; + http = 1; } if (iface != NULL && *iface != '\0' && strcmp(iface, "any")) { host = iface; } + if (http && getenv("X11VNC_HTTP_LISTEN_LOCALHOST")) { + host = "localhost"; + } if (host != NULL) { if (! inetd) { fprintf(stderr, "%s://%s:%d/%s\n", jvu, host, lport, extra); @@ -3763,7 +3770,8 @@ void do_mention_java_urls(void) { rfbLog("Where you replace \"host:port\" with that printed below, or\n"); rfbLog("whatever is needed to reach the host e.g. Internet IP number\n"); rfbLog("\n"); - rfbLog("Append ?GET=1 to a URL for faster loading.\n"); + rfbLog("Append ?GET=1 to a URL for faster loading or supply:\n"); + rfbLog("-env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' to cmdline.\n"); } } rfbLog("\n"); diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c index 12f5819..b36c7fd 100644 --- a/x11vnc/sslhelper.c +++ b/x11vnc/sslhelper.c @@ -3626,8 +3626,26 @@ void accept_openssl(int mode, int presock) { * the rest of the SSL session to it: */ if (n > 0) { - if (db) fprintf(stderr, "sending http buffer httpsock: %d\n'%s'\n", httpsock, buf); - write(httpsock, buf, n); + char *s = getenv("X11VNC_EXTRA_HTTPS_PARAMS"); + int did_extra = 0; + + if (db) fprintf(stderr, "sending http buffer httpsock: %d n=%d\n'%s'\n", httpsock, n, buf); + if (s != NULL) { + char *q = strstr(buf, " HTTP/"); + if (q) { + int m; + *q = '\0'; + m = strlen(buf); + write(httpsock, buf, m); + write(httpsock, s, strlen(s)); + *q = ' '; + write(httpsock, q, n-m); + did_extra = 1; + } + } + if (!did_extra) { + write(httpsock, buf, n); + } } ssl_xfer(httpsock, s_in, s_out, is_http); rfbLog("SSL: ssl_helper[%d]: exit case 6 (https ssl_xfer done)\n", getpid()); diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h index a454772..e6f82c3 100644 --- a/x11vnc/ssltools.h +++ b/x11vnc/ssltools.h @@ -1017,6 +1017,14 @@ char find_display[] = " fi\n" "}\n" "\n" +"am_root=\"\"\n" +"if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n" +" am_root=1\n" +"fi\n" +"am_gdm=\"\"\n" +"if id | sed -e 's/ gid.*$//' | grep -w gdm > /dev/null; then\n" +" am_gdm=1\n" +"fi\n" "\n" "# this mode is to try to grab a display manager (gdm, kdm, xdm...) display\n" "# when we are run as root (e.g. no one is logged in yet). We look at the\n" @@ -1037,42 +1045,72 @@ char find_display[] = " #\n" " env XAUTHORITY=\"$xa\" xdpyinfo -display \"$da\" >/dev/null 2>&1\n" " if [ $? = 0 ]; then\n" -" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n" -" if [ $? != 0 ]; then\n" -" y=`prdpy $da`\n" -" echo \"DISPLAY=$y\"\n" -" if [ \"X$showxauth\" != \"X\" ]; then\n" -" # copy the cookie:\n" -" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n" -" xtf=$HOME/.xat.$$\n" -" xtf=`mytmp \"$xtf\"`\n" -" if [ ! -f $xtf ]; then\n" -" xtf=/tmp/.xat.$$\n" -" xtf=`mytmp \"$xtf\"`\n" +" si_root=\"\"\n" +" si_gdm=\"\"\n" +" # recent gdm seems to use SI:localuser: for xauth.\n" +" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:root$' > /dev/null; then\n" +" si_root=1\n" +" fi\n" +" if env DISPLAY=\"$da\" xhost 2>/dev/null | grep -i '^SI:localuser:gdm$' > /dev/null; then\n" +" si_gdm=1\n" +" fi\n" +" env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n" +" rc=$?\n" +" if [ \"X$rc\" = \"X0\" ]; then\n" +" # assume it is ok for server interpreted case.\n" +" if [ \"X$am_root\" = \"X1\" -a \"X$si_root\" = \"X1\" ]; then\n" +" rc=5\n" +" elif [ \"X$am_gdm\" = \"X1\" -a \"X$si_gdm\" = \"X1\" ]; then\n" +" rc=6\n" " fi\n" -" if [ ! -f $xtf ]; then\n" -" xtf=/tmp/.xatb.$$\n" -" rm -f $xtf\n" -" if [ -f $xtf ]; then\n" -" exit 1\n" +" fi\n" +" if [ $rc != 0 ]; then\n" +" y=`prdpy $da`\n" +" if [ \"X$FIND_DISPLAY_NO_SHOW_DISPLAY\" = \"X\" ]; then\n" +" echo \"DISPLAY=$y\"\n" +" fi\n" +" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" != \"X\" ]; then\n" +" # caller wants XAUTHORITY printed out too.\n" +" if [ \"X$xa\" != \"X\" -a -f \"$xa\" ]; then\n" +" echo \"XAUTHORITY=$xa\"\n" +" else\n" +" echo \"XAUTHORITY=$XAUTHORITY\"\n" +" fi\n" +" fi\n" +" if [ \"X$showxauth\" != \"X\" ]; then\n" +" # copy the cookie:\n" +" cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n" +" xtf=$HOME/.xat.$$\n" +" xtf=`mytmp \"$xtf\"`\n" +" if [ ! -f $xtf ]; then\n" +" xtf=/tmp/.xat.$$\n" +" xtf=`mytmp \"$xtf\"`\n" " fi\n" -" touch $xtf 2>/dev/null\n" -" chmod 600 $xtf 2>/dev/null\n" " if [ ! -f $xtf ]; then\n" -" exit 1\n" +" xtf=/tmp/.xatb.$$\n" +" rm -f $xtf\n" +" if [ -f $xtf ]; then\n" +" exit 1\n" +" fi\n" +" touch $xtf 2>/dev/null\n" +" chmod 600 $xtf 2>/dev/null\n" +" if [ ! -f $xtf ]; then\n" +" exit 1\n" +" fi\n" " fi\n" +" xauth -f $xtf add \"$da\" . $cook\n" +" xauth -f $xtf extract - \"$da\" 2>/dev/null\n" +" rm -f $xtf\n" " fi\n" -" xauth -f $xtf add \"$da\" . $cook\n" -" xauth -f $xtf extract - \"$da\" 2>/dev/null\n" -" rm -f $xtf\n" +" # DONE\n" +" exit 0\n" " fi\n" -" # DONE\n" -" exit 0\n" -" fi\n" " fi\n" " fi\n" " done\n" -" echo \"\" # failure\n" +" if [ \"X$FIND_DISPLAY_XAUTHORITY_PATH\" = \"X\" ]; then\n" +" echo \"\" # failure\n" +" fi\n" " if [ \"X$showxauth\" != \"X\" ]; then\n" " echo \"\"\n" " fi\n" @@ -1106,7 +1144,7 @@ char find_display[] = " for xa in /tmp/.gdm* /tmp/.Xauth* /var/run/gdm/auth-for-*/database /var/run/gdm/auth-cookie-*-for-*\n" " do\n" " # try to be somewhat careful about the real owner of the file:\n" -" if id | sed -e 's/ gid.*$//' | grep -w root > /dev/null; then\n" +" if [ \"X$am_root\" = \"X1\" ]; then\n" " break\n" " fi\n" " if [ -f $xa -a -r $xa ]; then\n" diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1 index b51ce0c..174480f 100644 --- a/x11vnc/x11vnc.1 +++ b/x11vnc/x11vnc.1 @@ -2,7 +2,7 @@ .TH X11VNC "1" "December 2009" "x11vnc " "User Commands" .SH NAME x11vnc - allow VNC connections to real X11 displays - version: 0.9.9, lastmod: 2009-12-04 + version: 0.9.9, lastmod: 2009-12-06 .SH SYNOPSIS .B x11vnc [OPTION]... @@ -80,6 +80,12 @@ man pages for more info. Use '-auth guess' to have x11vnc use its \fB-findauth\fR mechanism (described below) to try to guess the XAUTHORITY filename and use it. +.IP +XDM/GDM/KDM: if you are running x11vnc as root and want +to find the XAUTHORITY before anyone has logged into an +X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-auth\fR guess ... +(This will also find the XAUTHORITY if a user is already +logged into the X session.) .PP \fB-N\fR .IP @@ -110,7 +116,10 @@ reopen the X display (up to one time.) This is of use for display managers like GDM (KillInitClients option) that kill x11vnc just after the user logs into the X session. Note: the reopened state may be unstable. -Set X11VNC_REOPEN_DISPLAY=n to reopen n times. +Set X11VNC_REOPEN_DISPLAY=n to reopen n times and +set X11VNC_REOPEN_SLEEP_MAX to the number of seconds, +default 10, to keep trying to reopen the display (once +per second.) .IP Update: as of 0.9.9, x11vnc tries to automatically avoid being killed by the display manager by delaying creating @@ -1184,17 +1193,23 @@ have access rights to). .PP \fB-findauth\fR \fI[disp]\fR .IP -Apply the \fB-find/-finddpy\fR heuristics to try to guess the -XAUTHORITY file for DISPLAY 'disp'. If 'disp' is not -supplied, then the value in the \fB-display\fR earlier in +Apply the \fB-find/-finddpy\fR heuristics to try to guess +the XAUTHORITY file for DISPLAY 'disp'. If 'disp' +is not supplied, then the value in the \fB-display\fR on the cmdline is used; failing that $DISPLAY is used; and failing that ":0" is used. .IP If nothing is printed out, that means no XAUTHORITY was -found for 'disp'. If "XAUTHORITY=" is printed out, -that means use the default (i.e. do not set XAUTHORITY). -If "XAUTHORITY=/path/to/file" is printed out, then -use that file. +found for 'disp'; i.e. failure. If "XAUTHORITY=" +is printed out, that means use the default (i.e. do +not set XAUTHORITY). If "XAUTHORITY=/path/to/file" +is printed out, then use that file. +.IP +XDM/GDM/KDM: if you are running x11vnc as root and want +to find the XAUTHORITY before anyone has logged into an +X session yet, use: x11vnc \fB-env\fR FD_XDM=1 \fB-findauth\fR ... +(This will also find the XAUTHORITY if a user is already +logged into the X session.) .PP \fB-create\fR .IP @@ -1471,6 +1486,12 @@ www.karlrunge.com/x11vnc/faq.html#faq-display-manager for how to disable this for dtgreet on Solaris and possibly for other greeters. .IP +In \fB-find/cmd=FINDDISPLAY\fR mode, if you set FD_XDM=1, +e.g. 'x11vnc \fB-env\fR FD_XDM=1 \fB-find\fR ...' and x11vnc is +running as root (e.g. inetd) then it will try to find +the XAUTHORITY file of a running XDM/GDM/KDM login +greeter (i.e. no user has logged into an X session yet.) +.IP As another special case, WAIT:cmd=HTTPONCE will allow x11vnc to service one http request and then exit. This is usually done in \fB-inetd\fR mode to run on, say, @@ -2540,7 +2561,21 @@ https://mygateway.com:8000/?PORT=8000. To avoid having to include the PORT= in the browser URL, simply supply "\fB-httpsredir\fR" to x11vnc. .IP -This options does not work in \fB-stunnel\fR mode. +This option does not work in \fB-stunnel\fR mode. +.IP +More tricks: set the env var X11VNC_EXTRA_HTTPS_PARAMS +to be extra URL parameters to use. This way you do +not need to specify extra PARAMS in the index.vnc file. +E.g. x11vnc \fB-env\fR X11VNC_EXTRA_HTTPS_PARAMS='?GET=1' ... +.IP +If you do not want to expose the non-SSL HTTP port to +the network (i.e. you just want the single VNC/HTTPS +port, e.g. 5900, open for connections) then specify the +option \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1 This way +the connection to the libvncserver httpd server will +only be available on localhost (note that in \fB-ssl\fR mode, +HTTPS requests are redirected from SSL to the non-SSL +libvncserver HTTP server.) .PP \fB-http_oneport\fR .IP @@ -2573,6 +2608,10 @@ it means only one port needs to be redirected. The \fB-httpsredir\fR option may also be useful for this mode when using an SSH tunnel as well as for router port redirections. +.IP +Note that the \fB-env\fR X11VNC_HTTP_LISTEN_LOCALHOST=1 +option described above under \fB-httpsredir\fR applies for +the libvncserver httpd server in all cases (ssl or not.) .PP \fB-ssh\fR \fIuser@host:disp\fR .IP @@ -3605,6 +3644,12 @@ To include button events use "Button1", ... etc. .IP \fB-buttonmap\fR currently does not work on MacOSX console or in \fB-rawfb\fR mode. +.IP +Workaround: use \fB-buttonmap\fR IJ...-LM...=n to limit the +number of mouse buttons to n, e.g. 123-123=3. This will +prevent x11vnc from crashing if the X server reports +there are 5 buttons (4/5 scroll wheel), but there are +only really 3. .PP \fB-nodragging\fR .IP diff --git a/x11vnc/x11vnc.c b/x11vnc/x11vnc.c index e13e228..b5e27b4 100644 --- a/x11vnc/x11vnc.c +++ b/x11vnc/x11vnc.c @@ -2013,6 +2013,7 @@ int main(int argc, char* argv[]) { int got_tls = 0; int got_inetd = 0; int got_noxrandr = 0; + int got_findauth = 0; /* used to pass args we do not know about to rfbGetScreen(): */ int argc_vnc_max = 1024; @@ -2180,24 +2181,14 @@ int main(int argc, char* argv[]) { continue; } if (!strcmp(arg, "-findauth")) { - int ic = 0; - if (use_dpy != NULL) { - set_env("DISPLAY", use_dpy); - } - use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run"); + got_findauth = 1; if (argc > i+1) { - set_env("X11VNC_SKIP_DISPLAY", argv[i+1]); - } else if (getenv("DISPLAY")) { - set_env("X11VNC_SKIP_DISPLAY", getenv("DISPLAY")); - } else { - set_env("X11VNC_SKIP_DISPLAY", ":0"); + char *s = argv[i+1]; + if (s[0] != '-') { + set_env("FINDAUTH_DISPLAY", argv[i+1]); + i++; + } } - set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1"); - set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1"); - set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1"); - set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1"); - wait_for_client(&ic, NULL, 0); - exit(0); continue; } if (!strcmp(arg, "-create")) { @@ -4030,6 +4021,33 @@ int main(int argc, char* argv[]) { set_env("PATH", "/bin:/usr/bin"); } + /* handle -findauth case now that cmdline has been read */ + if (got_findauth) { + char *s; + int ic = 0; + if (use_dpy != NULL) { + set_env("DISPLAY", use_dpy); + } + use_dpy = strdup("WAIT:cmd=FINDDISPLAY-run"); + + s = getenv("FINDAUTH_DISPLAY"); + if (s && strcmp("", s)) { + set_env("DISPLAY", s); + } + s = getenv("DISPLAY"); + if (s && strcmp("", s)) { + set_env("X11VNC_SKIP_DISPLAY", s); + } else { + set_env("X11VNC_SKIP_DISPLAY", ":0"); + } + set_env("X11VNC_SKIP_DISPLAY_NEGATE", "1"); + set_env("FIND_DISPLAY_XAUTHORITY_PATH", "1"); + set_env("FIND_DISPLAY_NO_SHOW_XAUTH", "1"); + set_env("FIND_DISPLAY_NO_SHOW_DISPLAY", "1"); + wait_for_client(&ic, NULL, 0); + exit(0); + } + /* set OS struct UT */ uname(&UT); diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c index f5c35b4..8cc1cd3 100644 --- a/x11vnc/x11vnc_defs.c +++ b/x11vnc/x11vnc_defs.c @@ -47,7 +47,7 @@ int xtrap_base_event_type = 0; int xdamage_base_event_type = 0; /* date +'lastmod: %Y-%m-%d' */ -char lastmod[] = "0.9.9 lastmod: 2009-12-04"; +char lastmod[] = "0.9.9 lastmod: 2009-12-06"; /* X display info */