3 # ss_vncviewer: wrapper for vncviewer to use an stunnel SSL tunnel
6 # Copyright (c) 2006-2008 by Karl J. Runge <runge@karlrunge.com>
8 # You must have stunnel(8) installed on the system and in your PATH
9 # (however, see the -ssh option below, in which case you will need ssh(1)
10 # installed) Note: stunnel is usually installed in an "sbin" subdirectory.
12 # You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..."
13 # already running as the VNC server on the remote machine.
14 # (or use stunnel on the server side for any other VNC server)
17 # Usage: ss_vncviewer [cert-args] host:display <vncviewer-args>
19 # e.g.: ss_vncviewer snoopy:0
20 # ss_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
24 # -verify /path/to/cacert.pem
25 # -mycert /path/to/mycert.pem
26 # -crl /path/to/my_crl.pem (or directory)
29 # -verify specifies a CA cert PEM file (or a self-signed one) for
30 # authenticating the VNC server.
32 # -mycert specifies this client's cert+key PEM file for the VNC server to
33 # authenticate this client.
35 # -proxy try host:port as a Web proxy to use the CONNECT method
36 # to reach the VNC server (e.g. your firewall requires a proxy).
38 # For the "double proxy" case use -proxy host1:port1,host2:port2
39 # (the first CONNECT is done through host1:port1 to host2:port2
40 # and then a 2nd CONNECT to the destination VNC server.)
42 # Use socks://host:port, socks4://host:port, or socks5://host,port
43 # to force usage of a SOCKS proxy. Also repeater://host:port and
44 # sslrepeater://host:port.
46 # -showcert Only fetch the certificate using the 'openssl s_client'
47 # command (openssl(1) must in installed).
49 # See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
50 # certificates with VNC.
52 # A few other args (not related to SSL and certs):
54 # -2nd Run the vncviewer a 2nd time if the first connections fails.
56 # -ssh Use ssh instead of stunnel SSL. ssh(1) must be installed and you
57 # must be able to log into the remote machine via ssh.
59 # In this case "host:display" may be of the form "user@host:display"
60 # where "user@host" is used for the ssh login (see ssh(1) manpage).
62 # If -proxy is supplied it can be of the forms: "gwhost" "gwhost:port"
63 # "user@gwhost" or "user@gwhost:port". "gwhost" is an incoming ssh
64 # gateway machine (the VNC server is not running there), an ssh -L
65 # redir is used to "host" in "host:display" from "gwhost". Any "user@"
66 # part must be in the -proxy string (not in "host:display").
68 # Under -proxy use "gwhost:port" if connecting to any ssh port
69 # other than the default (22). (even for the non-gateway case,
70 # -proxy must be used to specify a non-standard ssh port)
72 # A "double ssh" can be specified via a -proxy string with the two
73 # hosts separated by a comma:
75 # [user1@]host1[:port1],[user2@]host2[:port2]
77 # in which case a ssh to host1 and thru it via a -L redir a 2nd
78 # ssh is established to host2.
82 # ss_vncviewer -ssh bob@bobs-home.net:0
83 # ss_vncviewer -ssh -sshcmd 'x11vnc -localhost' bob@bobs-home.net:0
85 # ss_vncviewer -ssh -proxy fred@mygate.com:2022 mymachine:0
86 # ss_vncviewer -ssh -proxy bob@bobs-home.net:2222 localhost:0
88 # ss_vncviewer -ssh -proxy fred@gw-host,fred@peecee localhost:0
90 # -sshcmd cmd Run "cmd" via ssh instead of the default "sleep 15"
91 # e.g. -sshcmd 'x11vnc -display :0 -localhost -rfbport 5900'
93 # -sshargs "args" pass "args" to the ssh process, e.g. -L/-R port redirs.
95 # -sshssl Tunnel the SSL connection thru a SSH connection. The tunnel as
96 # under -ssh is set up and the SSL connection goes thru it. Use
97 # this if you want to have and end-to-end SSL connection but must
98 # go thru a SSH gateway host (e.g. not the vnc server). Or use
99 # this if you need to tunnel additional services via -R and -L
100 # (see -sshargs above).
102 # ss_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
104 # -listen (or -reverse) set up a reverse connection.
106 # -alpha turn on cursor alphablending hack if you are using the
107 # enhanced tightvnc vncviewer.
109 # -grab turn on XGrabServer hack if you are using the enhanced tightvnc
110 # vncviewer (e.g. for fullscreen mode in some windowmanagers like
111 # fvwm that do not otherwise work in fullscreen mode)
114 # set VNCVIEWERCMD to whatever vncviewer command you want to use.
116 VNCIPCMD=${VNCVIEWERCMD:-vncip}
117 VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
119 # Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
122 # turn on verbose debugging output
123 if [ "X$SS_DEBUG" != "X" ]; then
127 PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
129 localhost="localhost"
130 if uname | grep Darwin >/dev/null; then
131 localhost="127.0.0.1"
134 # work out which stunnel to use (debian installs as stunnel4)
135 if [ "X$STUNNEL" = "X" ]; then
137 if [ "X$SSVNC_BASEDIRNAME" != "X" ]; then
138 if [ -x "$SSVNC_BASEDIRNAME/stunnel" ]; then
139 type stunnel > /dev/null 2>&1
147 if [ "X$check_stunnel" = "X1" ]; then
148 type stunnel4 > /dev/null 2>&1
158 tail -n +2 "$0" | sed -e '/^$/ q'
168 # sleep longer in -listen mode:
169 if echo "$*" | grep '.*-listen' > /dev/null; then
175 # env override of ssh_cmd:
176 if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
177 ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
185 anondh="ALL:RC4+RSA:+SSLv2:@STRENGTH"
188 if [ "X$SS_DEBUG" != "X" -o "X$SSVNC_VENCRYPT_DEBUG" != "X" -o "X$SSVNC_STUNNEL_DEBUG" != "X" ]; then
192 if [ "X$1" = "X-viewerflavor" ]; then
193 # special case, try to guess which viewer:
195 if echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
199 if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
203 if echo "$VNCVIEWERCMD" | grep -i ultra > /dev/null; then
207 # OK, run it for help output...
208 str=`$VNCVIEWERCMD -h 2>&1 | head -n 5`
209 if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then
211 elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then
213 elif echo "$str" | grep -i 'VNC viewer version 3' > /dev/null; then
220 if [ "X$1" = "X-viewerhelp" ]; then
221 $VNCVIEWERCMD -h 2>&1
225 # grab our cmdline options:
226 while [ "X$1" != "X" ]
229 "-verify") shift; verify="$1"
231 "-mycert") shift; mycert="$1"
233 "-crl") shift; crl="$1"
235 "-proxy") shift; proxy="$1"
242 "-sshcmd") shift; ssh_cmd="$1"
244 "-sshargs") shift; ssh_args="$1"
246 "-anondh") ciphers="ciphers=$anondh"
249 "-ciphers") shift; ciphers="ciphers=$1"
253 "-showcert") showcert=1
257 "-reverse") reverse=1
261 "-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
263 "-x11cursor") VNCVIEWER_X11CURSOR=1; export VNCVIEWER_X11CURSOR
265 "-rawlocal") VNCVIEWER_RAWLOCAL=1; export VNCVIEWER_RAWLOCAL
267 "-scale") shift; SSVNC_SCALE="$1"; export SSVNC_SCALE
269 "-onelisten") SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
271 "-escape") shift; VNCVIEWER_ESCAPE="$1"; export VNCVIEWER_ESCAPE
273 "-ssvnc_encodings") shift; VNCVIEWER_ENCODINGS="$1"; export VNCVIEWER_ENCODINGS
275 "-rfbversion") shift; VNCVIEWER_RFBVERSION="$1"; export VNCVIEWER_RFBVERSION
277 "-nobell") VNCVIEWER_NOBELL=1; export VNCVIEWER_NOBELL
279 "-popupfix") VNCVIEWER_POPUP_FIX=1; export VNCVIEWER_POPUP_FIX
281 "-realvnc4") VNCVIEWER_IS_REALVNC4=1; export VNCVIEWER_IS_REALVNC4
293 # maxconn is something we added to stunnel, this disables it:
294 if [ "X$SS_VNCVIEWER_NO_MAXCONN" != "X" ]; then
295 STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
296 elif echo "$VNCVIEWERCMD" | egrep -i '^(xmessage|sleep )' > /dev/null; then
297 STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
298 elif [ "X$reverse" != "X" ]; then
299 STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
301 # new way (our patches). other than the above, we set these:
302 if [ "X$SKIP_STUNNEL_ONCE" = "X" ]; then
303 STUNNEL_ONCE=1; export STUNNEL_ONCE
305 if [ "X$SKIP_STUNNEL_MAX_CLIENTS" = "X" ]; then
306 STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
309 # always set this one:
310 if [ "X$SKIP_STUNNEL_NO_SYSLOG" = "X" ]; then
311 STUNNEL_NO_SYSLOG=1; export STUNNEL_NO_SYSLOG
314 # this is the -t ssh option (gives better keyboard response thru SSH tunnel)
316 if [ "X$SS_VNCVIEWER_NO_T" != "X" ]; then
320 # set the alpha blending env. hack:
321 if [ "X$gotalpha" = "X1" ]; then
322 VNCVIEWER_ALPHABLEND=1
323 export VNCVIEWER_ALPHABLEND
329 if [ "X$reverse" != "X" ]; then
331 if [ "X$proxy" != "X" ]; then
332 # check proxy usage under reverse connection:
333 if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
335 if echo "$proxy" | egrep -i "(repeater|vencrypt)://" > /dev/null; then
338 echo "*Warning*: SSL -listen and a Web proxy does not make sense."
341 elif echo "$proxy" | grep "," > /dev/null; then
345 echo "*Warning*: -listen and a single proxy/gateway does not make sense."
348 SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
351 if [ "X$ssh_cmd" = "X" ]; then
352 # if no remote ssh cmd, sleep a bit:
353 ssh_cmd="sleep $ssh_sleep"
356 # this should be a host:display:
362 if uname -sr | egrep 'SunOS 5\.[5-8]' > /dev/null; then
367 # a kludge to set $RANDOM if we are not bash:
368 if [ "X$BASH_VERSION" = "X" ]; then
369 RANDOM=`date +%S``sh -c 'echo $$'``ps -elf 2>&1 | sum 2>&1 | awk '{print $1}'`
374 # a portable, but not absolutely safe, tmp file creator
377 if type mktemp > /dev/null 2>&1; then
378 # if we have mktemp(1), use it:
381 if [ "X$tf2" != "X" -a -f "$tf2" ]; then
382 if [ "X$DEBUG_MKTEMP" != "X" ]; then
383 echo "mytmp-mktemp: $tf2" 1>&2
389 # fallback to multiple cmds:
390 rm -rf "$tf" || exit 1
391 if [ -d "$tf" ]; then
392 echo "tmp file $tf still exists as a directory."
394 elif [ $dL "$tf" ]; then
395 echo "tmp file $tf still exists as a symlink."
397 elif [ -f "$tf" ]; then
398 echo "tmp file $tf still exists."
401 touch "$tf" || exit 1
402 chmod 600 "$tf" || exit 1
404 if [ "X$DEBUG_MKTEMP" != "X" ]; then
405 echo "mytmp-touch: $tf" 1>&2
410 # set up special case of ultravnc single click III mode:
411 if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
412 pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
413 pstr1=`echo "$pstr" | sed -e 's/+.*$//'`
414 pstr2=`echo "$pstr" | sed -e 's/^[^+]*+//'`
415 SSVNC_REPEATER="SCIII=$pstr2"; export SSVNC_REPEATER
418 echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
421 if echo "$proxy" | egrep "vencrypt://" > /dev/null; then
422 vtmp="/tmp/ss_handshake${RANDOM}.$$.txt"
424 SSVNC_PREDIGESTED_HANDSHAKE="$vtmp"
425 export SSVNC_PREDIGESTED_HANDSHAKE
426 #echo "SSVNC_PREDIGESTED_HANDSHAKE=$SSVNC_PREDIGESTED_HANDSHAKE"
430 # check -ssh and -mycert/-verify conflict:
431 if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then
432 if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then
433 echo "-mycert and -verify cannot be used in -ssh mode"
438 # direct mode Vnc:// means show no warnings.
439 # direct mode vnc:// will show warnings.
440 if echo "$orig" | grep '^V[Nn][Cc]://' > /dev/null; then
442 export SSVNC_NO_ENC_WARN
443 orig=`echo "$orig" | sed -e 's/^...:/vnc:/'`
446 # interprest the pseudo URL proto:// strings:
447 if echo "$orig" | grep '^vnc://' > /dev/null; then
448 orig=`echo "$orig" | sed -e 's,vnc://,,'`
455 elif echo "$orig" | grep '^vncs://' > /dev/null; then
456 orig=`echo "$orig" | sed -e 's,vncs://,,'`
457 elif echo "$orig" | grep '^vncssl://' > /dev/null; then
458 orig=`echo "$orig" | sed -e 's,vncssl://,,'`
459 elif echo "$orig" | grep '^vnc+ssl://' > /dev/null; then
460 orig=`echo "$orig" | sed -e 's,vnc.ssl://,,'`
461 elif echo "$orig" | grep '^vncssh://' > /dev/null; then
462 orig=`echo "$orig" | sed -e 's,vncssh://,,'`
464 elif echo "$orig" | grep '^vnc+ssh://' > /dev/null; then
465 orig=`echo "$orig" | sed -e 's,vnc.ssh://,,'`
469 if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
476 if echo "$SSVNC_ULTRA_DSM" | grep 'noultra:' > /dev/null; then
477 SSVNC_NO_ULTRA_DSM=1; export SSVNC_NO_ULTRA_DSM
481 # (possibly) tell the vncviewer to only listen on lo:
482 if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then
483 VNCVIEWER_LISTEN_LOCALHOST=1
484 export VNCVIEWER_LISTEN_LOCALHOST
487 # rsh mode is an internal/secret thing only I use.
489 if echo "$orig" | grep '^rsh://' > /dev/null; then
492 orig=`echo "$orig" | sed -e 's,rsh://,,'`
493 elif echo "$orig" | grep '^rsh:' > /dev/null; then
496 orig=`echo "$orig" | sed -e 's,rsh:,,'`
499 # play around with host:display port:
500 if echo "$orig" | grep ':' > /dev/null; then
503 # add or assume :0 if no ':'
504 if [ "X$reverse" = "X" ]; then
506 elif [ "X$orig" = "X" ]; then
511 # extract host and disp number:
512 host=`echo "$orig" | awk -F: '{print $1}'`
513 disp=`echo "$orig" | awk -F: '{print $2}'`
514 if [ "X$host" = "X" ]; then
517 if [ "X$disp" = "X" ]; then
518 port="" # probably -listen mode.
519 elif [ $disp -lt 0 ]; then
520 # negative means use |n| without question:
521 port=`expr 0 - $disp`
522 elif [ $disp -lt 200 ]; then
523 # less than 200 means 5900+n
524 if [ "X$reverse" = "X" ]; then
525 port=`expr $disp + 5900`
527 port=`expr $disp + 5500`
530 # otherwise use the number directly, e.g. 443, 2345
534 # try to find an open listening port via netstat(1):
536 if uname | grep Linux > /dev/null; then
537 inuse=`netstat -ant | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*://'`
538 elif uname | grep SunOS > /dev/null; then
539 inuse=`netstat -an -f inet -P tcp | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $1}' | sed 's/^.*\.//'`
540 elif uname | egrep -i 'bsd|darwin' > /dev/null; then
541 inuse=`netstat -ant -f inet | egrep 'LISTEN|WAIT|ESTABLISH|CLOSE' | awk '{print $4}' | sed 's/^.*\.//'`
545 # this is a crude attempt for unique ports tags, etc.
548 # these are special cases of no vnc, e.g. sleep or xmessage.
549 # these are for using ssvnc as a general port redirector.
550 if echo "$VNCVIEWERCMD" | grep '^sleep[ ][ ]*[0-9][0-9]*' > /dev/null; then
551 if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
552 p=`echo "$VNCVIEWERCMD" | awk '{print $3}'`
553 if [ "X$p" != "X" ]; then
554 SS_VNCVIEWER_LISTEN_PORT=$p
557 p2=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
558 VNCVIEWERCMD="eval sleep $p2; echo Local "
559 elif echo "$VNCVIEWERCMD" | grep '^xmessage[ ][ ]*[0-9][0-9]*' > /dev/null; then
560 if [ "X$SS_VNCVIEWER_LISTEN_PORT" = "X" ]; then
561 p=`echo "$VNCVIEWERCMD" | awk '{print $2}'`
562 SS_VNCVIEWER_LISTEN_PORT=$p
566 # utility to find a free port to listen on.
572 if [ "X$SS_VNCVIEWER_LISTEN_PORT" != "X" ]; then
573 echo "$SS_VNCVIEWER_LISTEN_PORT"
576 if [ $try -ge 6000 ]; then
577 fmax=`expr $try + 1000`
582 while [ $try -lt $fmax ]
584 if [ "X$inuse" = "X" ]; then
587 if echo "$inuse" | grep -w $try > /dev/null; then
595 if [ "X$use0" = "X" ]; then
596 use0=`expr $date_sec + $try0`
602 # utility for exiting; kills some helper processes,
603 # removes files, etc.
606 if [ "X$tmp_cfg" != "X" ]; then
609 if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
610 rm -f $SS_VNCVIEWER_RM 2>/dev/null
612 if [ "X$tcert" != "X" ]; then
615 if [ "X$pssh" != "X" ]; then
616 echo "Terminating background ssh process"
617 echo kill -TERM "$pssh"
618 kill -TERM "$pssh" 2>/dev/null
620 kill -KILL "$pssh" 2>/dev/null
623 if [ "X$stunnel_pid" != "X" ]; then
624 echo "Terminating background stunnel process"
625 echo kill -TERM "$stunnel_pid"
626 kill -TERM "$stunnel_pid" 2>/dev/null
628 kill -KILL "$stunnel_pid" 2>/dev/null
631 if [ "X$dsm_pid" != "X" ]; then
632 echo "Terminating background ultravnc_dsm_helper process"
633 echo kill -TERM "$dsm_pid"
634 kill -TERM "$dsm_pid" 2>/dev/null
636 kill -KILL "$dsm_pid" 2>/dev/null
639 if [ "X$tail_pid" != "X" ]; then
644 if [ "X$reverse" = "X" ]; then
645 # normal connections try 5930-5999:
646 if [ "X$showcert" = "X" ]; then
649 # move away from normal place for (possibly many) -showcert
651 pstart=`expr 6130 + $pstart + $pstart`
652 use=`findfree $pstart`
654 if [ $use -ge 5900 ]; then
660 # reverse connections:
663 if [ $use -ge 5500 ]; then
670 # this is for my special use of ss_vncip -> vncip viewer.
671 if echo "$0" | grep vncip > /dev/null; then
672 VNCVIEWERCMD="$VNCIPCMD"
675 # trick for the undocumented rsh://host:port method.
677 if echo "$ssh_host" | grep '@' > /dev/null; then
678 ul=`echo "$ssh_host" | awk -F@ '{print $1}'`
680 ssh_host=`echo "$ssh_host" | awk -F@ '{print $2}'`
684 ssh_cmd=`echo "$ssh_cmd" | sed -e 's/ -localhost/ /g'`
687 # trick for the undocumented rsh://host:port method.
690 if [ "X$PORT" = "X" ]; then
692 elif [ $PORT -ge 5900 ]; then
693 vdpy=`expr $PORT - 5900`
698 echo "$VNCVIEWERCMD" "$@" $ssh_host:$vdpy
700 $VNCVIEWERCMD "$@" $ssh_host:$vdpy
703 $VNCVIEWERCMD "$@" $ssh_host:$vdpy
707 # this is the PPROXY tool. used only here for now...
710 PPROXY_PROXY=$proxy; export PPROXY_PROXY
711 PPROXY_DEST="$host:$port"; export PPROXY_DEST
714 # A hack to glue stunnel to a Web proxy or SOCKS for client connections.
716 use IO::Socket::INET;
718 if (exists $ENV{PPROXY_SLEEP}) {
719 print STDERR "PPROXY_PID: $$\n";
720 sleep $ENV{PPROXY_SLEEP};
723 foreach my $var (qw(PPROXY_PROXY PPROXY_SOCKS PPROXY_DEST PPROXY_LISTEN
724 PPROXY_REVERSE PPROXY_REPEATER PPROXY_REMOVE PPROXY_KILLPID PPROXY_SLEEP)) {
725 if (0 || $ENV{SS_DEBUG} || $ENV{SSVNC_VENCRYPT_DEBUG}) {
726 print STDERR "$var: $ENV{$var}\n";
730 if ($ENV{PPROXY_SOCKS} ne "" && $ENV{PPROXY_PROXY} !~ m,^socks5?://,i) {
731 if ($ENV{PPROXY_SOCKS} eq "5") {
732 $ENV{PPROXY_PROXY} = "socks5://$ENV{PPROXY_PROXY}";
734 $ENV{PPROXY_PROXY} = "socks://$ENV{PPROXY_PROXY}";
738 my $rfbSecTypeAnonTls = 18;
739 my $rfbSecTypeVencrypt = 19;
741 my $rfbVencryptPlain = 256;
742 my $rfbVencryptTlsNone = 257;
743 my $rfbVencryptTlsVnc = 258;
744 my $rfbVencryptTlsPlain = 259;
745 my $rfbVencryptX509None = 260;
746 my $rfbVencryptX509Vnc = 261;
747 my $rfbVencryptX509Plain = 262;
749 my $handshake_file = "";
750 if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE}) {
751 $handshake_file = $ENV{SSVNC_PREDIGESTED_HANDSHAKE};
754 sub append_handshake {
756 if ($handshake_file) {
757 if (open(HSF, ">>$handshake_file")) {
764 my ($first, $second, $third) = split(/,/, $ENV{PPROXY_PROXY}, 3);
765 my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
767 ($first, $mode_1st) = url_parse($first);
769 my ($proxy_host, $proxy_port) = split(/:/, $first);
770 my $connect = $ENV{PPROXY_DEST};
773 ($second, $mode_2nd) = url_parse($second);
777 ($third, $mode_3rd) = url_parse($third);
782 print STDERR "PPROXY v0.2: a tool for Web proxies and SOCKS connections.\n";
783 print STDERR "proxy_host: $proxy_host\n";
784 print STDERR "proxy_port: $proxy_port\n";
785 print STDERR "proxy_connect: $connect\n";
786 print STDERR "pproxy_params: $ENV{PPROXY_PROXY}\n";
787 print STDERR "pproxy_listen: $ENV{PPROXY_LISTEN}\n";
788 print STDERR "pproxy_reverse: $ENV{PPROXY_REVERSE}\n";
791 print STDERR "pproxy 1st: $first\t- $mode_1st\n";
792 print STDERR "pproxy 2nd: $second\t- $mode_2nd\n";
793 print STDERR "pproxy 3rd: $third\t- $mode_3rd\n";
797 my $listen_handle = "";
798 if ($ENV{PPROXY_REVERSE} ne "") {
799 my ($rhost, $rport) = split(/:/, $ENV{PPROXY_REVERSE});
800 $rport = 5900 unless $rport;
801 $listen_handle = IO::Socket::INET->new(
806 if (! $listen_handle) {
807 die "pproxy: $! -- PPROXY_REVERSE\n";
809 print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n";
811 } elsif ($ENV{PPROXY_LISTEN} ne "") {
812 my $listen_sock = "";
813 if ($ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:(.*)/) {
815 $listen_sock = IO::Socket::INET->new(
821 $listen_sock = IO::Socket::INET->new(
823 LocalAddr => "127.0.0.1",
824 LocalPort => $ENV{PPROXY_LISTEN},
828 if (! $listen_sock) {
829 die "pproxy: $! -- PPROXY_LISTEN\n";
832 ($listen_handle, $ip) = $listen_sock->accept();
833 if (! $listen_handle) {
839 my $sock = IO::Socket::INET->new(
840 PeerAddr => $proxy_host,
841 PeerPort => $proxy_port,
847 unlink($0) if $ENV{PPROXY_REMOVE};
848 die "pproxy: $err\n";
851 unlink($0) if $ENV{PPROXY_REMOVE};
853 if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:/) {
854 print STDERR "PPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n";
855 my $tmp_swap = $sock;
856 $sock = $listen_handle;
857 $listen_handle = $tmp_swap;
864 connection($second, 1);
867 $cur_proxy = $second;
870 connection($third, 2);
873 connection($connect, 3);
875 connection($connect, 2);
878 connection($connect, 1);
883 if (! defined $child) {
884 if ($ENV{PPROXY_KILLPID}) {
885 foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) {
886 if ($p =~ /^(\+|-)/) {
896 print STDERR "pproxy parent\[$$] STDIN -> socket\n";
897 if ($listen_handle) {
898 xfer($listen_handle, $sock);
902 select(undef, undef, undef, 0.25);
903 if (kill 0, $child) {
904 select(undef, undef, undef, 1.5);
905 print STDERR "pproxy\[$$]: kill TERM $child\n";
909 print STDERR "pproxy child \[$$] socket -> STDOUT\n";
910 if ($listen_handle) {
911 xfer($sock, $listen_handle);
915 select(undef, undef, undef, 0.25);
916 if (kill 0, $parent) {
917 select(undef, undef, undef, 1.5);
918 print STDERR "pproxy\[$$]: kill TERM $parent\n";
919 kill "TERM", $parent;
922 if ($ENV{PPROXY_KILLPID} ne "") {
923 if ($ENV{PPROXY_KILLPID}) {
924 foreach my $p (split(/,/, $ENV{PPROXY_KILLPID})) {
925 if ($p =~ /^(\+|-)/) {
928 print STDERR "kill TERM, $p (PPROXY_KILLPID)\n";
936 my $hostport = shift;
938 if ($hostport =~ m,^socks4?://(\S*)$,i) {
941 } elsif ($hostport =~ m,^socks5://(\S*)$,i) {
944 } elsif ($hostport =~ m,^https?://(\S*)$,i) {
947 } elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) {
948 # ultravnc repeater proxy.
950 $mode = "repeater:$2";
951 if ($hostport !~ /:\d+/) {
952 $hostport .= ":5900";
954 } elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
955 # vencrypt handshake.
958 if ($hostpost =~ /^(\S+)\+(\S+)$/) {
962 $mode = "vencrypt:$m";
963 if ($hostport !~ /:\d+/) {
964 $hostport .= ":5900";
967 return ($hostport, $mode);
972 $ENV{PPROXY_REPEATER} = "";
973 $ENV{PPROXY_VENCRYPT} = "";
974 if ($mode =~ /^socks/) {
975 if ($mode =~ /^socks5/) {
976 $ENV{PPROXY_SOCKS} = 5;
978 $ENV{PPROXY_SOCKS} = 1;
980 } elsif ($mode =~ /^repeater:(.*)/) {
981 $ENV{PPROXY_REPEATER} = $1;
982 $ENV{PPROXY_SOCKS} = "";
983 } elsif ($mode =~ /^vencrypt:(.*)/) {
984 $ENV{PPROXY_VENCRYPT} = $1;
985 $ENV{PPROXY_SOCKS} = "";
987 $ENV{PPROXY_SOCKS} = "";
992 my ($CONNECT, $w) = @_;
997 if ($ENV{PPROXY_SOCKS} eq "5") {
999 my ($h, $p) = split(/:/, $CONNECT);
1000 $con .= pack("C", 0x05);
1001 $con .= pack("C", 0x01);
1002 $con .= pack("C", 0x00);
1004 $msg = "SOCKS5 via $cur_proxy to $h:$p\n\n";
1005 print STDERR "proxy_request$w: $msg";
1007 syswrite($sock, $con, length($con));
1009 my ($n1, $n2, $n3, $n4, $n5, $n6);
1010 my ($r1, $r2, $r3, $r4, $r5, $r6);
1011 my ($s1, $s2, $s3, $s4, $s5, $s6);
1013 $n1 = sysread($sock, $r1, 1);
1014 $n2 = sysread($sock, $r2, 1);
1016 $s1 = unpack("C", $r1);
1017 $s2 = unpack("C", $r2);
1018 if ($s1 != 0x05 || $s2 != 0x00) {
1019 print STDERR "SOCKS5 fail s1=$s1 s2=$s2 n1=$n1 n2=$n2\n";
1025 $con .= pack("C", 0x05);
1026 $con .= pack("C", 0x01);
1027 $con .= pack("C", 0x00);
1028 $con .= pack("C", 0x03);
1029 $con .= pack("C", length($h));
1031 $con .= pack("C", $p >> 8);
1032 $con .= pack("C", $p & 0xff);
1034 syswrite($sock, $con, length($con));
1036 $n1 = sysread($sock, $r1, 1);
1037 $n2 = sysread($sock, $r2, 1);
1038 $n3 = sysread($sock, $r3, 1);
1039 $n4 = sysread($sock, $r4, 1);
1040 $s1 = unpack("C", $r1);
1041 $s2 = unpack("C", $r2);
1042 $s3 = unpack("C", $r3);
1043 $s4 = unpack("C", $r4);
1046 sysread($sock, $r5, 4 + 2);
1047 } elsif ($s4 == 0x3) {
1048 sysread($sock, $r5, 1);
1049 $s5 = unpack("C", $r5);
1050 sysread($sock, $r6, $s5 + 2);
1051 } elsif ($s4 == 0x4) {
1052 sysread($sock, $r5, 16 + 2);
1055 if ($s1 != 0x5 || $s2 != 0x0 || $s3 != 0x0) {
1056 print STDERR "SOCKS5 failed: s1=$s1 s2=$s2 s3=$s3 s4=$s4 n1=$n1 n2=$n2 n3=$n3 n4=$n4\n";
1061 } elsif ($ENV{PPROXY_SOCKS} ne "") {
1063 my ($h, $p) = split(/:/, $CONNECT);
1064 $con .= pack("C", 0x04);
1065 $con .= pack("C", 0x01);
1066 $con .= pack("n", $p);
1069 if ($h eq "localhost" || $h eq "127.0.0.1") {
1070 $con .= pack("C", 127);
1071 $con .= pack("C", 0);
1072 $con .= pack("C", 0);
1073 $con .= pack("C", 1);
1074 } elsif ($h =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
1075 $con .= pack("C", $1);
1076 $con .= pack("C", $2);
1077 $con .= pack("C", $3);
1078 $con .= pack("C", $4);
1080 $con .= pack("C", 0);
1081 $con .= pack("C", 0);
1082 $con .= pack("C", 0);
1083 $con .= pack("C", 3);
1088 $con .= pack("C", 0);
1090 $msg = "SOCKS4 via $cur_proxy to $h:$p\n\n";
1093 $con .= pack("C", 0);
1094 $msg =~ s/SOCKS4/SOCKS4a/;
1096 print STDERR "proxy_request$w: $msg";
1097 syswrite($sock, $con, length($con));
1100 for (my $i = 0; $i < 8; $i++) {
1102 sysread($sock, $c, 1);
1103 my $s = unpack("C", $c);
1105 $ok = 0 if $s != 0x0;
1107 $ok = 0 if $s != 0x5a;
1111 print STDERR "SOCKS4 failed.\n";
1115 } elsif ($ENV{PPROXY_REPEATER} ne "") {
1116 my $rep = $ENV{PPROXY_REPEATER};
1117 print STDERR "repeater: $rep\n";
1118 $rep .= pack("x") x 250;
1119 syswrite($sock, $rep, 250);
1122 for (my $i = 0; $i < 12; $i++) {
1124 sysread($sock, $c, 1);
1127 } elsif ($ENV{PPROXY_VENCRYPT} ne "") {
1128 my $vencrypt = $ENV{PPROXY_VENCRYPT};
1129 vencrypt_dialog($vencrypt);
1133 $con = "CONNECT $CONNECT HTTP/1.1\r\n";
1134 $con .= "Host: $CONNECT\r\n";
1135 $con .= "Connection: close\r\n\r\n";
1138 print STDERR "proxy_request$w: via $cur_proxy:\n$msg";
1139 syswrite($sock, $con, length($con));
1143 while ($rep !~ /\r\n\r\n/ && $n < 30000) {
1145 sysread($sock, $c, 1);
1150 if ($rep !~ m,HTTP/.* 200,) {
1151 print STDERR "HTTP CONNECT failed.\n";
1159 append_handshake("done\n");
1164 sub anontls_handshake {
1165 my ($vmode, $db) = @_;
1167 print STDERR "PPROXY: Doing ANONTLS Handshake\n";
1169 my $psec = pack("C", $rfbSecTypeAnonTls);
1170 syswrite($sock, $psec, 1);
1172 append_handshake("done\n");
1175 sub vencrypt_handshake {
1177 my ($vmode, $db) = @_;
1179 print STDERR "PPROXY: Doing VeNCrypt Handshake\n";
1181 my $psec = pack("C", $rfbSecTypeVencrypt);
1183 if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
1184 my $fake = $ENV{SSVNC_TEST_SEC_TYPE};
1185 print STDERR "PPROXY: sending sec-type: $fake\n";
1186 $psec = pack("C", $fake);
1189 syswrite($sock, $psec, 1);
1193 sysread($sock, $vmajor, 1);
1194 sysread($sock, $vminor, 1);
1196 vdie if $vmajor eq "" || $vminor eq "";
1198 $vmajor = unpack("C", $vmajor);
1199 $vminor = unpack("C", $vminor);
1200 print STDERR "server vencrypt version $vmajor.$vminor\n" if $db;
1202 if (exists $ENV{SSVNC_TEST_SEC_TYPE}) {
1203 print STDERR "PPROXY: continuing on in test mode.\n";
1205 vdie if $vmajor ne 0;
1206 vdie if $vminor < 2;
1209 $vmajor = pack("C", 0);
1210 $vminor = pack("C", 2);
1211 append_handshake("subversion=0.2\n");
1213 syswrite($sock, $vmajor, 1);
1214 syswrite($sock, $vminor, 1);
1217 sysread($sock, $result, 1);
1218 print STDERR "result empty\n" if $db && $result eq "";
1220 vdie if $result eq "";
1221 $result = unpack("C", $result);
1222 print STDERR "result=$result\n" if $db;
1224 vdie if $result ne 0;
1227 sysread($sock, $nsubtypes, 1);
1229 vdie if $nsubtypes eq "";
1230 $nsubtypes = unpack("C", $nsubtypes);
1231 print STDERR "nsubtypes=$nsubtypes\n" if $db;
1235 for (my $i = 0; $i < $nsubtypes; $i++) {
1237 sysread($sock, $subtype, 4);
1238 vdie if length($subtype) != 4;
1241 $subtype = unpack("N", $subtype);
1242 print STDERR "subtype: $subtype\n" if $db;
1243 $subtypes{$subtype} = 1;
1244 append_handshake("sst$i=$subtype\n");
1248 if (exists $subtypes{$rfbVencryptX509None}) {
1249 $subtype = $rfbVencryptX509None;
1250 print STDERR "selected rfbVencryptX509None\n" if $db;
1251 } elsif (exists $subtypes{$rfbVencryptX509Vnc}) {
1252 $subtype = $rfbVencryptX509Vnc;
1253 print STDERR "selected rfbVencryptX509Vnc\n" if $db;
1254 } elsif (exists $subtypes{$rfbVencryptX509Plain}) {
1255 $subtype = $rfbVencryptX509Plain;
1256 print STDERR "selected rfbVencryptX509Plain\n" if $db;
1257 } elsif (exists $subtypes{$rfbVencryptTlsNone}) {
1258 $subtype = $rfbVencryptTlsNone;
1259 print STDERR "selected rfbVencryptTlsNone\n" if $db;
1260 } elsif (exists $subtypes{$rfbVencryptTlsVnc}) {
1261 $subtype = $rfbVencryptTlsVnc;
1262 print STDERR "selected rfbVencryptTlsVnc\n" if $db;
1263 } elsif (exists $subtypes{$rfbVencryptTlsPlain}) {
1264 $subtype = $rfbVencryptTlsPlain;
1265 print STDERR "selected rfbVencryptTlsPlain\n" if $db;
1268 if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
1269 my $fake = $ENV{SSVNC_TEST_SEC_SUBTYPE};
1270 print STDERR "PPROXY: sending sec-subtype: $fake\n";
1274 append_handshake("subtype=$subtype\n");
1276 my $pst = pack("N", $subtype);
1277 syswrite($sock, $pst, 4);
1279 if (exists $ENV{SSVNC_TEST_SEC_SUBTYPE}) {
1280 print STDERR "PPROXY: continuing on in test mode.\n";
1282 vdie if $subtype == 0;
1286 sysread($sock, $ok, 1);
1287 $ok = unpack("C", $ok);
1288 print STDERR "ok=$ok\n" if $db;
1290 append_handshake("done\n");
1295 sub vencrypt_dialog {
1299 $db = 1 if exists $ENV{SS_DEBUG};
1300 $db = 1 if exists $ENV{SSVNC_VENCRYPT_DEBUG};
1302 append_handshake("mode=$vmode\n");
1304 my $server_rfb = "";
1305 #syswrite($sock, $rep, 250);
1306 for (my $i = 0; $i < 12; $i++) {
1308 sysread($sock, $c, 1);
1312 print STDERR "server_rfb: $server_rfb\n" if $db;
1313 append_handshake("server=$server_rfb");
1316 if ($server_rfb =~ /^RFB 003\.(\d+)/) {
1321 my $viewer_rfb = "RFB 003.008\n";
1324 } elsif ($minor == 7) {
1325 $viewer_rfb = "RFB 003.007\n";
1327 syswrite($sock, $viewer_rfb, 12);
1328 append_handshake("viewer=$viewer_rfb");
1332 sysread($sock, $nsec, 1);
1333 vdie if $nsec eq "";
1335 $nsec = unpack("C", $nsec);
1337 print STDERR "nsec: $nsec\n" if $db;
1338 vdie if $nsec eq 0 || $nsec > 100;
1342 for (my $i = 0; $i < $nsec; $i++) {
1344 sysread($sock, $sec, 1);
1346 $sec = unpack("C", $sec);
1347 print STDERR "sec: $sec\n" if $db;
1348 $sectypes{$sec} = 1;
1351 if (exists $sectypes{$rfbSecTypeVencrypt}) {
1352 print STDERR "found rfbSecTypeVencrypt\n" if $db;
1353 append_handshake("sectype=$rfbSecTypeVencrypt\n");
1354 vencrypt_handshake($vmode, $db);
1355 } elsif (exists $sectypes{$rfbSecTypeAnonTls}) {
1356 print STDERR "found rfbSecTypeAnonTls\n" if $db;
1357 append_handshake("sectype=$rfbSecTypeAnonTls\n");
1358 anontls_handshake($vmode, $db);
1360 print STDERR "No supported sec-type found\n" if $db;
1367 $RIN = $WIN = $EIN = "";
1369 vec($RIN, fileno($in), 1) = 1;
1370 vec($WIN, fileno($in), 1) = 1;
1376 $nf = select($ROUT=$RIN, undef, undef, undef);
1378 my $len = sysread($in, $buf, 8192);
1379 if (! defined($len)) {
1380 next if $! =~ /^Interrupted/;
1381 print STDERR "pproxy\[$$]: $!\n";
1383 } elsif ($len == 0) {
1384 print STDERR "pproxy\[$$]: Input is EOF.\n";
1390 my $written = syswrite($out, $buf, $len, $offset);
1391 if (! defined $written) {
1392 print STDERR "pproxy\[$$]: Output is EOF. $!\n";
1397 $offset += $written;
1406 # xpg_echo will expand \n \r, etc.
1407 # try to unset and then test for it.
1408 if type shopt > /dev/null 2>&1; then
1409 shopt -u xpg_echo >/dev/null 2>&1
1411 v='print STDOUT "abc\n";'
1415 lc=`wc -l $tf | awk '{print $1}'`
1416 if [ "X$lc" = "X1" ]; then
1419 printf "%s" "$cod" > $tf
1423 perl -e 'use IO::Socket::INET; select(undef, undef, undef, 0.01)' >/dev/null 2>&1
1426 # make_tcert is no longer invoked via the ssvnc gui (Listen mode).
1427 # make_tcert is for testing only now via -mycert BUILTIN
1429 tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$"
1430 tcert=`mytmp "$tcert"`
1432 -----BEGIN RSA PRIVATE KEY-----
1433 MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
1434 +zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
1435 OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
1436 jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
1437 qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
1438 S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
1439 CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
1440 6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
1441 MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
1442 PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
1443 Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
1444 rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
1445 yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
1446 1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
1447 eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
1448 uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
1449 RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
1450 GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
1451 3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
1452 vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
1453 SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
1454 3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
1455 zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
1456 YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
1457 /ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
1458 -----END RSA PRIVATE KEY-----
1459 -----BEGIN CERTIFICATE-----
1460 MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
1461 VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
1462 A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
1463 MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
1464 bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
1465 CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
1466 b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
1467 ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
1468 CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
1469 AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
1470 Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
1471 6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
1472 QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
1473 jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
1474 YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
1475 vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
1476 ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
1477 2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
1478 CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
1479 wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
1480 dMw1yW09l+eEo4A7GzwOdw==
1481 -----END CERTIFICATE-----
1488 if [ "X$USER" = "Xrunge" ]; then
1493 if [ "X$use_ssh" = "X1" ]; then
1499 vnc_host="$localhost"
1500 # let user override ssh via $SSH
1501 ssh=${SSH:-"ssh -x"}
1503 if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
1504 SSVNC_LIM_ACCEPT_PRELOAD="$SSVNC_BASEDIR/$SSVNC_UNAME/$SSVNC_LIM_ACCEPT_PRELOAD"
1506 if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ]; then
1508 echo "SSVNC_LIM_ACCEPT_PRELOAD=$SSVNC_LIM_ACCEPT_PRELOAD"
1511 if [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" -a -f "$SSVNC_LIM_ACCEPT_PRELOAD" ]; then
1513 if uname | grep Darwin >/dev/null; then
1514 plvar="DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES"
1516 ssh="env $plvar=$SSVNC_LIM_ACCEPT_PRELOAD $ssh"
1518 SSVNC_LIM_ACCEPT_PRELOAD=""
1521 if echo "$proxy" | egrep '(http|https|socks|socks4|socks5)://' > /dev/null; then
1522 # Handle Web or SOCKS proxy(ies) for the initial connect.
1528 for part in `echo "$proxy" | tr ',' ' '`
1530 Kecho proxy_part=$part
1531 if [ "X$part" = "X" ]; then
1533 elif echo "$part" | egrep -i '^(http|https|socks|socks4|socks5)://' > /dev/null; then
1534 pproxy="$pproxy,$part"
1536 if [ "X$sproxy1" = "X" ]; then
1539 sproxy_rest="$sproxy_rest,$part"
1543 pproxy=`echo "$pproxy" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
1544 sproxy_rest=`echo "$sproxy_rest" | sed -e 's/^,,*//' -e 's/,,*/,/g'`
1546 Kecho pproxy=$pproxy
1547 Kecho sproxy1=$sproxy1
1548 Kecho sproxy_rest=$sproxy_rest
1554 if [ "X$sproxy1" != "X" ]; then
1555 sproxy1_host=`echo "$sproxy1" | awk -F: '{print $1}'`
1556 sproxy1_user=`echo "$sproxy1_host" | awk -F@ '{print $1}'`
1557 sproxy1_host=`echo "$sproxy1_host" | awk -F@ '{print $2}'`
1558 if [ "X$sproxy1_host" = "X" ]; then
1559 sproxy1_host=$sproxy1_user
1562 sproxy1_user="${sproxy1_user}@"
1564 sproxy1_port=`echo "$sproxy1" | awk -F: '{print $2}'`
1565 if [ "X$sproxy1_port" = "X" ]; then
1569 sproxy1_host=`echo "$host" | awk -F: '{print $1}'`
1570 sproxy1_user=`echo "$sproxy1_host" | awk -F@ '{print $1}'`
1571 sproxy1_host=`echo "$sproxy1_host" | awk -F@ '{print $2}'`
1572 if [ "X$sproxy1_host" = "X" ]; then
1573 sproxy1_host=$sproxy1_user
1576 sproxy1_user="${sproxy1_user}@"
1578 sproxy1_port=`echo "$host" | awk -F: '{print $2}'`
1579 if [ "X$sproxy1_port" = "X" ]; then
1584 Kecho sproxy1_host=$sproxy1_host
1585 Kecho sproxy1_port=$sproxy1_port
1586 Kecho sproxy1_user=$sproxy1_user
1588 ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
1589 ptmp=`mytmp "$ptmp"`
1590 PPROXY_REMOVE=1; export PPROXY_REMOVE
1594 if [ "X$sproxy1_host" != "X" ]; then
1597 if [ "X$sproxy1_port" != "X" ]; then
1600 host=`echo "$host" | sed -e 's/^.*@//'`
1601 port=`echo "$port" | sed -e 's/^.*://'`
1607 PPROXY_LISTEN=$nd; export PPROXY_LISTEN
1610 ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
1611 if [ "X$sproxy1" = "X" ]; then
1613 if echo "$host" | grep '@' > /dev/null; then
1614 u=`echo "$host" | sed -e 's/@.*$/@/'`
1617 proxy="${u}$localhost:$nd"
1619 proxy="${sproxy1_user}$localhost:$nd"
1621 if [ "X$sproxy_rest" != "X" ]; then
1622 proxy="$proxy,$sproxy_rest"
1627 if echo "$proxy" | grep "," > /dev/null; then
1629 proxy1=`echo "$proxy" | awk -F, '{print $1}'`
1630 proxy2=`echo "$proxy" | awk -F, '{print $2}'`
1632 # user1@gw1.com:port1,user2@ws2:port2
1633 ssh_host1=`echo "$proxy1" | awk -F: '{print $1}'`
1634 ssh_port1=`echo "$proxy1" | awk -F: '{print $2}'`
1635 if [ "X$ssh_port1" != "X" ]; then
1636 ssh_port1="-p $ssh_port1"
1638 ssh_host2=`echo "$proxy2" | awk -F: '{print $1}'`
1639 ssh_user2=`echo "$ssh_host2" | awk -F@ '{print $1}'`
1640 ssh_host2=`echo "$ssh_host2" | awk -F@ '{print $2}'`
1641 if [ "X$ssh_host2" = "X" ]; then
1642 ssh_host2=$ssh_user2
1645 ssh_user2="${ssh_user2}@"
1647 ssh_port2=`echo "$proxy2" | awk -F: '{print $2}'`
1648 if [ "X$ssh_port2" = "X" ]; then
1651 proxport=`findfree 3500`
1653 echo "Running 1st ssh proxy:"
1654 echo "$ssh -f -x $ssh_port1 $targ -e none -o NoHostAuthenticationForLocalhost=yes -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 \"sleep 30\""
1656 $ssh -f -x $ssh_port1 $targ -e none -o NoHostAuthenticationForLocalhost=yes -L $proxport:$ssh_host2:$ssh_port2 $ssh_host1 "sleep 30"
1657 ssh_args="$ssh_args -o NoHostAuthenticationForLocalhost=yes"
1660 proxy="${ssh_user2}$localhost:$proxport"
1663 if [ "X$proxy" != "X" ]; then
1664 ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
1665 if [ "X$ssh_port" = "X" ]; then
1668 ssh_host=`echo "$proxy" | awk -F: '{print $1}'`
1674 sz=`echo "$ssh_cmd" | wc -c`
1675 if [ "$sz" -gt 300 ]; then
1682 if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
1688 if echo "$ssh_cmd" | egrep "(PORT=|P=) " > /dev/null; then
1690 if echo "$ssh_cmd" | egrep "P= " > /dev/null; then
1695 ssh_cmd=`echo "$ssh_cmd" | sed -e 's/PORT=[ ]*//' -e 's/P=//'`
1697 if [ "X$use_sshssl" = "X" ]; then
1701 if [ "X$getport" != "X" ]; then
1702 ssh_redir="-D ${use}"
1703 elif [ "X$reverse" = "X" ]; then
1704 ssh_redir="-L ${use}:${vnc_host}:${port}"
1706 ssh_redir="-R ${port}:${vnc_host}:${use}"
1708 pmark=`sh -c 'echo $$'`
1710 # the -t option actually speeds up typing response via VNC!!
1711 if [ "X$ssh_port" = "X22" ]; then
1714 ssh_port="-p $ssh_port"
1717 if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
1718 echo "$ssh -x $ssh_port $targ $C $ssh_args $ssh_host \"$info\""
1720 $ssh -x $ssh_port $targ $C $ssh_args $ssh_host "$ssh_cmd"
1723 elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
1724 echo "$ssh -x $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
1726 $ssh -x $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
1729 elif [ "X$getport" != "X" ]; then
1730 tport=/tmp/ss_vncviewer_tport${RANDOM}.$$
1731 tport=`mytmp "$tport"`
1733 if [ "X$rsh" != "X1" ]; then
1734 if echo "$ssh_cmd" | grep "sudo " > /dev/null; then
1736 echo "Initial ssh with 'sudo id' to prime sudo so hopefully the next one"
1737 echo "will require no password..."
1740 $ssh -x $ssh_port $targ $ssh_args $ssh_host "sudo id; tty"
1743 echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
1745 $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd" > $tport
1746 if [ "X$teeport" = "X1" ]; then
1747 tail -f $tport 1>&2 &
1753 echo "rsh $ul $ssh_host \"$ssh_cmd\""
1755 rsh $ul $ssh_host "$ssh_cmd" > $tport &
1760 if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
1761 echo "sleep $SSVNC_EXTRA_SLEEP"
1762 sleep $SSVNC_EXTRA_SLEEP
1767 if type perl > /dev/null 2>&1; then
1769 sleepit="perl -e 'select(undef, undef, undef, 0.20)'"
1774 while [ $i -lt $imax ]; do
1777 PORT=`grep "^PORT=" $tport | head -n 1 | sed -e 's/PORT=//' -e 's/\r//g'`
1778 if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
1781 vnss=`sed -e 's/\r//g' $tport | egrep -i '^(New.* desktop is|A VNC server is already running).*:[0-9[0-9]*$' | head -n 1 | awk '{print $NF}'`
1782 if [ "X$vnss" != "X" ]; then
1783 PORT=`echo "$vnss" | awk -F: '{print $2}'`
1784 if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
1785 if [ $PORT -lt 100 ]; then
1786 PORT=`expr $PORT + 5900`
1789 if echo "$PORT" | grep '^[0-9][0-9]*$' > /dev/null; then
1796 echo "PORT=$PORT" 1>&2
1798 if [ "X$rsh" = "X1" ]; then
1803 if [ "X$SSVNC_SOCKS5" != "X" ]; then
1809 proxy="$localhost:$use"
1812 if [ "X$rsh" != "X1" ]; then
1813 echo "$ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host \"$info\""
1815 $ssh -x -f $ssh_port $targ $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
1819 echo "rsh $ul $ssh_host \"$ssh_cmd\""
1821 rsh $ul $ssh_host "$ssh_cmd" &
1829 if [ "$rc" != "0" ]; then
1831 echo "ssh to $ssh_host failed."
1840 p=`expr $pmark + $c`
1841 pout=`ps -p "$p" 2>/dev/null | grep -v '^[ ]*PID' | sed -e 's/-L.*$//' -e 's/-x .*$//'`
1842 if echo "$pout" | grep "ssh" > /dev/null; then
1843 if echo "$pout" | egrep -i 'ssh.*(-add|-agent|-ask|-keygen|-argv0|vnc)' >/dev/null; then
1845 elif echo "$pout" | egrep -i 'scp|sshd' >/dev/null; then
1854 if [ "X$getport" != "X" ]; then
1856 elif [ "X$SSVNC_LIM_ACCEPT_PRELOAD" != "X" ] ; then
1858 elif [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
1861 elif echo "$ssh_cmd" | grep '^sleep ' >/dev/null; then
1865 # let any command get started a bit.
1872 if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
1873 echo "sleep $SSVNC_EXTRA_SLEEP"
1874 sleep $SSVNC_EXTRA_SLEEP
1876 echo "ssh_pid='$pssh'"; echo
1877 if [ "X$use_sshssl" = "X" -a "X$getport" = "X" ]; then
1878 echo "Running viewer:"
1881 if [ "X$reverse" = "X" ]; then
1882 echo "$VNCVIEWERCMD" "$@" $localhost:$N
1884 $VNCVIEWERCMD "$@" $localhost:$N
1885 if [ $? != 0 ]; then
1886 echo "vncviewer command failed: $?"
1887 if [ "X$secondtry" = "X1" ]; then
1889 $VNCVIEWERCMD "$@" $localhost:$N
1894 echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
1897 if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
1898 N2=`echo "$N2" | sed -e 's/://g'`
1899 if [ $N2 -le 200 ]; then
1900 N2=`expr $N2 + 5500`
1903 echo "$VNCVIEWERCMD" "$@" -listen $N2
1905 $VNCVIEWERCMD "$@" -listen $N2
1910 use2=`findfree 5960`
1916 N=`expr $use - 5900`
1917 if [ "X$getport" != "X" ]; then
1926 # create the stunnel config file:
1927 if [ "X$verify" != "X" ]; then
1928 if [ -d $verify ]; then
1929 verify="CApath = $verify"
1931 verify="CAfile = $verify"
1936 if [ "X$mycert" != "X" ]; then
1937 cert="cert = $mycert"
1939 if [ "X$crl" != "X" ]; then
1940 if [ -d $crl ]; then
1941 crl="CRLpath = $crl"
1943 crl="CRLfile = $crl"
1948 if [ "X$proxy" != "X" ]; then
1949 ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
1950 ptmp=`mytmp "$ptmp"`
1951 PPROXY_REMOVE=1; export PPROXY_REMOVE
1953 if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
1954 if uname | egrep 'Darwin|SunOS' >/dev/null; then
1955 vout=`echo "$proxy" | grep -i vencrypt`
1956 if [ "X$vout" != "X" -a "X$reverse" = "X1" ]; then
1957 # need to exec for reverse vencrypt
1958 connect="exec = $ptmp"
1960 # on mac and solaris we need to listen on socket instead of stdio:
1963 export PPROXY_LISTEN
1964 if [ "X$reverse" = "X" ]; then
1965 #$ptmp 2>/dev/null &
1971 connect="connect = $localhost:$nd"
1974 # otherwise on unix we can exec it:
1975 connect="exec = $ptmp"
1978 connect="exec = $ptmp"
1981 connect="connect = $host:$port"
1984 if [ "X$showcert" = "X1" ]; then
1985 if [ "X$proxy" != "X" ]; then
1987 export PPROXY_LISTEN
1988 if [ "X$SS_DEBUG" != "X" ]; then
1998 if [ "X$ciphers" != "X" ]; then
1999 cipher_args=`echo "$ciphers" | sed -e 's/ciphers=/-cipher /'`
2001 #echo "openssl s_client $cipher_args -connect $host:$port"
2002 if [ "X$reverse" = "X" ]; then
2003 openssl s_client $cipher_args -prexit -connect $host:$port 2>&1 < /dev/null
2007 if [ "X$mycert" = "X" ]; then
2009 cert_args="-cert $tcert -CAfile $tcert"
2011 cert_args="-cert $mycert -CAfile $mycert"
2013 tmp_out=/tmp/showcert_out${RANDOM}.$$
2014 tmp_out=`mytmp "$tmp_out"`
2015 tmp_err=/tmp/showcert_err${RANDOM}.$$
2016 tmp_err=`mytmp "$tmp_err"`
2018 #echo "openssl s_server $cipher_args $cert_args -accept $port -verify 2 > $tmp_out 2> $tmp_err" 1>&2
2021 \$p = open(O, \"|openssl s_server $cipher_args $cert_args -accept $port -verify 2 1>$tmp_out 2> $tmp_err\");
2025 if (!open(F, \"<$tmp_out\")) {
2032 print O \"RFB 000.000\\n\";
2042 select(undef, undef, undef, shift);
2051 if grep BEGIN.CERTIFICATE $tmp_out >/dev/null; then
2057 rm -f $tmp_out $tmp_err
2059 if [ "X$SSVNC_PREDIGESTED_HANDSHAKE" != "X" ]; then
2060 rm -f $SSVNC_PREDIGESTED_HANDSHAKE
2065 if [ "X$direct_connect" != "X" ]; then
2066 if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
2069 echo "Using UltraVNC DSM Plugin key for encryption:"
2071 ustr=`echo "$SSVNC_ULTRA_DSM" | sed -e 's/pw=[^ ]*/pw=******/g'`
2072 echo " $ustr PORT HOST:PORT"
2074 elif [ "X$getport" = "X" ]; then
2076 echo "Running viewer for direct connection:"
2077 if echo X"$@" | grep chatonly > /dev/null; then
2081 echo "** NOTE: THERE WILL BE NO SSL OR SSH ENCRYPTION **"
2086 if [ "X$SSVNC_NO_ENC_WARN" != "X" ]; then
2087 if [ "X$getport" = "X" ]; then
2090 elif type printf > /dev/null 2>&1; then
2091 printf "Are you sure you want to continue? [y]/n "
2094 echo -n "Are you sure you want to continue? [y]/n "
2097 if [ "X$x" = "Xn" ]; then
2101 if [ "X$ptmp" != "X" ]; then
2102 if [ "X$reverse" = "X" ]; then
2104 export PPROXY_LISTEN
2106 PPROXY_REVERSE="$localhost:$use"
2107 export PPROXY_REVERSE
2109 if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
2110 pps=`expr $pps + $SSVNC_EXTRA_SLEEP`
2112 PPROXY_SLEEP=$pps; export PPROXY_SLEEP;
2113 PPROXY_KILLPID=+1; export PPROXY_KILLPID;
2118 if [ "X$reverse" = "X" ]; then
2125 port=`expr $disp + 5900`
2127 if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
2128 echo "T sleep $SSVNC_EXTRA_SLEEP"
2129 sleep $SSVNC_EXTRA_SLEEP
2131 if [ "X$reverse" = "X" ]; then
2132 hostdisp="$host:$disp"
2133 if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
2134 if [ "X$SSVNC_USE_OURS" = "X1" ]; then
2135 hostdisp="exec=$SSVNC_ULTRA_DSM 0 $host:$port"
2138 cmd="$SSVNC_ULTRA_DSM -$pf $host:$port"
2139 pf=`expr $pf - 5900`
2140 hostdisp="$localhost:$pf"
2141 ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
2151 hostdisp2=`echo "$hostdisp" | sed -e 's/pw=[^ ]*/pw=******/g'`
2152 echo "$VNCVIEWERCMD" "$@" "$hostdisp2"
2155 $VNCVIEWERCMD "$@" "$hostdisp"
2156 if [ $? != 0 ]; then
2157 echo "vncviewer command failed: $?"
2158 if [ "X$secondtry" = "X1" ]; then
2160 $VNCVIEWERCMD "$@" "$hostdisp"
2165 echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
2168 if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
2169 echo "NOTE: The ultravnc_dsm_helper only runs once. So after the first LISTEN"
2170 echo " ends, you may have to Press Ctrl-C and restart for another connection."
2172 SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
2173 VNCVIEWER_LISTEN_LOCALHOST=1
2174 export VNCVIEWER_LISTEN_LOCALHOST
2175 dport=`expr 5500 + $disp`
2176 cmd="$SSVNC_ULTRA_DSM $dport $localhost:$use"
2177 ustr=`echo "$cmd" | sed -e 's/pw=[^ ]*/pw=******/g'`
2186 if [ $disp -ge 5500 ]; then
2187 disp=`expr $disp - 5500`
2191 if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
2192 disp2=`echo "$disp2" | sed -e 's/://g'`
2193 if [ $disp2 -le 200 ]; then
2194 disp2=`expr $disp2 + 5500`
2197 echo "$VNCVIEWERCMD" "$@" -listen $disp2
2199 $VNCVIEWERCMD "$@" -listen $disp2
2204 tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
2205 tmp_cfg=`mytmp "$tmp_cfg"`
2208 if [ "X$SSVNC_USE_OURS" != "X1" ]; then
2210 elif echo $STUNNEL_EXTRA_SVC_OPTS | grep '#stunnel-exec' > /dev/null; then
2214 if [ "X$reverse" = "X" ]; then
2216 if echo "$proxy" | grep "^repeater://" > /dev/null; then
2217 if [ "X$cert" = "XBUILTIN" ]; then
2219 cert="cert = $ttcert"
2221 # Note for listen mode, an empty cert will cause stunnel to fail.
2222 # The ssvnc gui will have already taken care of this.
2225 cat > "$tmp_cfg" <<END
2229 debug = $stunnel_debug
2232 $STUNNEL_EXTRA_OPTS_USER
2237 ${stunnel_exec}[vnc_stunnel]
2238 ${stunnel_exec}accept = $localhost:$use
2240 $STUNNEL_EXTRA_SVC_OPTS
2241 $STUNNEL_EXTRA_SVC_OPTS_USER
2248 stunnel_exec="" # doesn't work for listening.
2251 connect="connect = $localhost:$p2"
2252 if [ "X$cert" = "XBUILTIN" ]; then
2254 cert="cert = $ttcert"
2256 # Note for listen mode, an empty cert will cause stunnel to fail.
2257 # The ssvnc gui will have already taken care of this.
2261 if [ "X$use_ssh" = "X1" ]; then
2264 if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
2267 proxy="vencrypt:$pv:$port"
2269 if [ "X$anondh_set" = "X1" ]; then
2270 # not needed for ANONDH in this mode
2271 #ciphers="ciphers = ADH:@STRENGTH"
2275 cat > "$tmp_cfg" <<END
2279 debug = $stunnel_debug
2282 $STUNNEL_EXTRA_OPTS_USER
2290 $STUNNEL_EXTRA_SVC_OPTS
2291 $STUNNEL_EXTRA_SVC_OPTS_USER
2298 echo "Using this stunnel configuration:"
2300 cat "$tmp_cfg" | uniq
2304 if [ "X$stunnel_exec" = "X" ]; then
2306 echo "Running stunnel:"
2307 echo "$STUNNEL $tmp_cfg"
2308 st=`echo "$STUNNEL" | awk '{print $1}'`
2309 $st -help > /dev/null 2>&1
2310 $STUNNEL "$tmp_cfg" < /dev/tty > /dev/tty &
2314 # pause here to let the user supply a possible passphrase for the
2316 if [ "X$mycert" != "X" ]; then
2319 if [ ! -f $mycert ]; then
2321 elif grep -i 'Proc-Type.*ENCRYPTED' "$mycert" > /dev/null 2>/dev/null; then
2324 if [ "X$dsl" = "X1" ]; then
2326 echo "(** pausing $nsl secs for possible certificate passphrase dialog **)"
2329 echo "(** done pausing for passphrase **)"
2340 if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
2341 echo "sleep $SSVNC_EXTRA_SLEEP"
2342 sleep $SSVNC_EXTRA_SLEEP
2344 echo "Running viewer:"
2345 if [ "X$reverse" = "X" ]; then
2346 vnc_hp=$localhost:$N
2347 if [ "X$stunnel_exec" != "X" ]; then
2348 vnc_hp="exec=$STUNNEL $tmp_cfg"
2350 echo "$VNCVIEWERCMD" "$@" "$vnc_hp"
2353 $VNCVIEWERCMD "$@" "$vnc_hp"
2354 if [ $? != 0 ]; then
2355 echo "vncviewer command failed: $?"
2356 if [ "X$secondtry" = "X1" ]; then
2358 $VNCVIEWERCMD "$@" "$vnc_hp"
2363 echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
2366 if [ "X$VNCVIEWER_IS_REALVNC4" = "X1" ]; then
2367 N2=`echo "$N2" | sed -e 's/://g'`
2368 if [ $N2 -le 200 ]; then
2369 N2=`expr $N2 + 5500`
2372 echo "$VNCVIEWERCMD" "$@" -listen $N2
2375 if [ "X$proxy" != "X" ]; then
2376 if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
2377 pstunnel=`echo "$proxy" | awk -F: '{print $2}'`
2378 plisten=`echo "$proxy" | awk -F: '{print $3}'`
2379 PPROXY_LISTEN="INADDR_ANY:$plisten"; export PPROXY_LISTEN
2380 PPROXY_PROXY="vencrypt://$localhost:$pstunnel"; export PPROXY_PROXY
2381 PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST
2382 STUNNEL_ONCE=1; export STUNNEL_ONCE
2383 STUNNEL_MAX_CLIENTS=1; export STUNNEL_MAX_CLIENTS
2385 PPROXY_REVERSE="$localhost:$port"; export PPROXY_REVERSE
2386 PPROXY_SLEEP=1; export PPROXY_SLEEP;
2388 PPROXY_KILLPID=+1; export PPROXY_KILLPID;
2391 $VNCVIEWERCMD "$@" -listen $N2