summaryrefslogtreecommitdiffstats
path: root/x11vnc/misc/enhanced_tightvnc_viewer/bin/util
diff options
context:
space:
mode:
Diffstat (limited to 'x11vnc/misc/enhanced_tightvnc_viewer/bin/util')
-rwxr-xr-xx11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer282
-rwxr-xr-xx11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl358
2 files changed, 585 insertions, 55 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
index 458ce78..31a8bb6 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
@@ -3,7 +3,7 @@
# ss_vncviewer: wrapper for vncviewer to use an stunnel SSL tunnel
# or an SSH tunnel.
#
-# Copyright (c) 2006 by Karl J. Runge <[email protected]>
+# Copyright (c) 2006-2007 by Karl J. Runge <[email protected]>
#
# You must have stunnel(8) installed on the system and in your PATH
# (however, see the -ssh option below, in which case you will need ssh(1)
@@ -94,6 +94,7 @@
#
# ss_vncviewer -sshssl -proxy [email protected] mymachine:0
#
+# -listen (or -reverse) set up a reverse connection.
#
# -alpha turn on cursor alphablending hack if you are using the
# enhanced tightvnc vncviewer.
@@ -111,6 +112,8 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
# Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
#
+#set -xv
+
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
if [ "X$STUNNEL" = "X" ]; then
@@ -131,12 +134,16 @@ use_ssh=""
use_sshssl=""
direct_connect=""
ssh_sleep=15
-ssh_cmd="sleep $ssh_sleep"
+if echo "$*" | grep '.*-listen' > /dev/null; then
+ ssh_sleep=1800
+fi
+ssh_cmd=""
if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
fi
ssh_args=""
showcert=""
+reverse=""
if [ "X$1" = "X-viewerflavor" ]; then
if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
@@ -183,6 +190,10 @@ do
;;
"-showcert") showcert=1
;;
+ "-listen") reverse=1
+ ;;
+ "-reverse") reverse=1
+ ;;
"-grab") VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
;;
"-h"*) help; exit 0
@@ -202,6 +213,29 @@ else
NO_ALPHABLEND=1
export NO_ALPHABLEND
fi
+if [ "X$reverse" != "X" ]; then
+ ssh_sleep=1800
+ if [ "X$use_ssh" = "X1" ]; then
+ VNCVIEWER_LISTEN_LOCALHOST=1
+ export VNCVIEWER_LISTEN_LOCALHOST
+ fi
+ if [ "X$proxy" != "X" ]; then
+ if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
+ echo ""
+ echo "*Warning*: SSL -listen and a Web proxy does not make sense."
+ sleep 3
+ elif echo "$proxy" | grep "," > /dev/null; then
+ :
+ else
+ echo ""
+ echo "*Warning*: -listen and a single proxy/gateway does not make sense."
+ sleep 3
+ fi
+ fi
+fi
+if [ "X$ssh_cmd" = "X" ]; then
+ ssh_cmd="sleep $ssh_sleep"
+fi
orig="$1"
shift
@@ -228,7 +262,9 @@ fi
if echo "$orig" | grep ':' > /dev/null; then
:
else
- orig="$orig:0"
+ if [ "X$reverse" = "X" ]; then
+ orig="$orig:0"
+ fi
fi
host=`echo "$orig" | awk -F: '{print $1}'`
@@ -236,8 +272,14 @@ disp=`echo "$orig" | awk -F: '{print $2}'`
if [ "X$host" = "X" ]; then
host=localhost
fi
-if [ $disp -lt 200 ]; then
- port=`expr $disp + 5900`
+if [ $disp -lt 0 ]; then
+ port=`expr 0 - $disp`
+elif [ $disp -lt 200 ]; then
+ if [ "X$reverse" = "X" ]; then
+ port=`expr $disp + 5900`
+ else
+ port=`expr $disp + 5500`
+ fi
else
port=$disp
fi
@@ -278,12 +320,47 @@ findfree() {
echo $use0
}
-use=`findfree 5930`
+final() {
+ echo ""
+ if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
+ rm -f $SS_VNCVIEWER_RM 2>/dev/null
+ fi
+ if [ "X$tcert" != "X" ]; then
+ rm -f $tcert
+ fi
+ if [ "X$pssh" != "X" ]; then
+ echo "Terminating background ssh process"
+ echo kill -TERM "$pssh"
+ kill -TERM "$pssh" 2>/dev/null
+ sleep 1
+ kill -KILL "$pssh" 2>/dev/null
+ pssh=""
+ fi
+ if [ "X$stunnel_pid" != "X" ]; then
+ echo "Terminating background stunnel process"
+ echo kill -TERM "$stunnel_pid"
+ kill -TERM "$stunnel_pid" 2>/dev/null
+ sleep 1
+ kill -KILL "$stunnel_pid" 2>/dev/null
+ stunnel_pid=""
+ fi
+}
-if [ $use -ge 5900 ]; then
- N=`expr $use - 5900`
+if [ "X$reverse" = "X" ]; then
+ use=`findfree 5930`
+ if [ $use -ge 5900 ]; then
+ N=`expr $use - 5900`
+ else
+ N=$use
+ fi
else
- N=$use
+ p2=`expr $port + 30`
+ use=`findfree $p2`
+ if [ $use -ge 5500 ]; then
+ N=`expr $use - 5500`
+ else
+ N=$use
+ fi
fi
if echo "$0" | grep vncip > /dev/null; then
@@ -295,6 +372,7 @@ if [ "X$use_ssh" = "X1" ]; then
ssh_host="$host"
vnc_host="localhost"
ssh=${SSH:-"ssh -x"}
+
if echo "$proxy" | grep "," > /dev/null; then
proxy1=`echo "$proxy" | awk -F, '{print $1}'`
proxy2=`echo "$proxy" | awk -F, '{print $2}'`
@@ -327,6 +405,7 @@ if [ "X$use_ssh" = "X1" ]; then
stty sane
proxy="${ssh_user2}localhost:$proxport"
fi
+
if [ "X$proxy" != "X" ]; then
ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
if [ "X$ssh_port" = "X" ]; then
@@ -348,6 +427,12 @@ if [ "X$use_ssh" = "X1" ]; then
if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
C="-C"
fi
+ if [ "X$reverse" = "X" ]; then
+ ssh_redir="-L ${use}:${vnc_host}:${port}"
+ else
+ ssh_redir="-R ${port}:${vnc_host}:${use}"
+ fi
+ pmark=`sh -c 'echo $$'`
# the -t option actually speeds up typing response via VNC!!
if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
echo "$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
@@ -355,20 +440,32 @@ if [ "X$use_ssh" = "X1" ]; then
$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
exit $?
elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
- echo "$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+ echo "$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
- $ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+ $ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
else
- echo "$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+ echo "$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
echo ""
- $ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+ $ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
fi
if [ "$?" != "0" ]; then
echo ""
echo "ssh to $ssh_host failed."
exit 1
fi
- echo ""
+ stty sane
+
+ c=0
+ pssh=""
+ while [ $c -lt 30 ]
+ do
+ p=`expr $pmark + $c`
+ if ps -p "$p" 2>&1 | grep "$ssh" > /dev/null; then
+ pssh=$p
+ break
+ fi
+ c=`expr $c + 1`
+ done
if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
sleep 1
else
@@ -378,11 +475,23 @@ if [ "X$use_ssh" = "X1" ]; then
echo ""
#reset
stty sane
+ #echo "pssh=\"$pssh\""
if [ "X$use_sshssl" = "X" ]; then
echo "Running viewer:"
- echo "$VNCVIEWERCMD" "$@" localhost:$N
- echo ""
- $VNCVIEWERCMD "$@" localhost:$N
+
+ trap "final" 0 2 15
+ if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" localhost:$N
+ echo ""
+ $VNCVIEWERCMD "$@" localhost:$N
+ else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+ fi
exit $?
else
@@ -639,21 +748,37 @@ if [ "X$direct_connect" != "X" ]; then
SSVNC_LISTEN=$use
export SSVNC_LISTEN
$ptmp &
- sleep 2
+ if [ "X$reverse" = "X" ]; then
+ sleep 2
+ fi
host="localhost"
disp="$N"
fi
- echo "$VNCVIEWERCMD" "$@" $host:$disp
- echo ""
- $VNCVIEWERCMD "$@" $host:$disp
+ if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" $host:$disp
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" $host:$disp
+ else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+ fi
exit $?
fi
##debug = 7
+## debug = 6
tmp=/tmp/ss_vncviewer${RANDOM}.$$
mytmp "$tmp"
-cat > "$tmp" <<END
+if [ "X$reverse" = "X" ]; then
+
+ cat > "$tmp" <<END
foreground = yes
pid =
client = yes
@@ -665,8 +790,93 @@ $cert
[vnc_stunnel]
accept = localhost:$use
$connect
+
+END
+else
+
+ p2=`expr 5500 + $N`
+ connect="connect = localhost:$p2"
+ if [ "X$cert" = "X" ]; then
+ tcert="/tmp/tcert.$$"
+ cat > $tcert <<END
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
++zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
+OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
+jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
+qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
+S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
+CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
+6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
+MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
+PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
+Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
+rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
+yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
+1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
+eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
+uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
+RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
+GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
+3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
+vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
+SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
+3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
+zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
+YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
+/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
+VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
+A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
+MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
+bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
+b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
+ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
+CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
+Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
+6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
+QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
+jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
+YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
+vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
+ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
+2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
+CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
+wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
+dMw1yW09l+eEo4A7GzwOdw==
+-----END CERTIFICATE-----
+END
+ chmod 600 $tcert
+ cert="cert = $tcert"
+ fi
+
+ STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
+
+ hloc=""
+ if [ "X$use_ssh" = "X1" ]; then
+ hloc="localhost:"
+ fi
+ cat > "$tmp" <<END
+foreground = yes
+pid =
+client = no
+debug = 6
+$STUNNEL_EXTRA_OPTS
+$verify
+$cert
+
+[vnc_stunnel]
+accept = $hloc$port
+$connect
+
END
+fi
+
echo ""
echo "Using this stunnel configuration:"
echo ""
@@ -675,25 +885,39 @@ echo ""
sleep 1
echo ""
-echo "Running: stunnel"
+echo "Running stunnel:"
echo "$STUNNEL $tmp"
$STUNNEL "$tmp" < /dev/tty > /dev/tty &
-pid=$!
+stunnel_pid=$!
echo ""
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
- sleep 4
+ sleep 2
+ echo ""
+ echo "(pausing for possible certificate passphrase dialog)"
+ echo ""
+ sleep 2
fi
sleep 2
rm -f "$tmp"
echo ""
echo "Running viewer:"
-echo "$VNCVIEWERCMD" "$@" localhost:$N
-echo ""
-$VNCVIEWERCMD "$@" localhost:$N
+if [ "X$reverse" = "X" ]; then
+ echo "$VNCVIEWERCMD" "$@" localhost:$N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" localhost:$N
+else
+ echo ""
+ echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+ echo ""
+ echo "$VNCVIEWERCMD" "$@" -listen $N
+ trap "final" 0 2 15
+ echo ""
+ $VNCVIEWERCMD "$@" -listen $N
+fi
-kill $pid
sleep 1
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
index 77e7c27..b583c8e 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
@@ -112,6 +112,16 @@ proc help {} {
tunnel which, in turn, encrypts and redirects the connection to the
remote VNC server.
+ If you are using a port less than the default VNC port 5900 (usually
+ the VNC display = port - 5900), use the full port number itself, e.g.:
+
+ 24.67.132.27:443
+
+ Note, however, if the number n after the colon is less than 200, then
+ a port number 5900 + n is assumed; i.e. n is the VNC display number.
+ If you must use a TCP port less than 200, specify a negative value,
+ e.g.: 24.67.132.27:-80
+
The remote VNC server must support an initial SSL handshake before
using the VNC protocol (i.e. VNC is tunnelled through the SSL channel
after it is established). "x11vnc -ssl ..." does this, and any VNC
@@ -263,6 +273,11 @@ proc help {} {
5) If you want to do a Direct VNC connection, with *NO* SSL or SSH
encryption, use the "vnc://" prefix, e.g. vnc://far-away.east:0
+ 6) Reverse VNC connections are possible as well. Go to Options and
+ select "Reverse VNC connection". In the 'VNC Host:Display' entry
+ box put in the number (e.g. "0" or ":0") that corresponds to the
+ Listening display (0 -> port 5500). See the Options Help for more
+ info.
}
.h.f.t insert end $msg
@@ -434,6 +449,48 @@ set msg {
enter a firewall) or if additional SSH port redirs are required
(CUPS, Sound, SMB tunnelling: See Advanced Options).
+ Reverse VNC connection: reverse (listening) VNC connections are possible.
+
+ For SSL connections in the 'VNC Host:Display' entry box put in
+ the number (e.g. "0" or ":0") that corresponds to the Listening
+ display (0 -> port 5500). For example x11vnc can then be used:
+ "x11vnc ... -ssl SAVE -connect hostname:port".
+
+ Then a VNC server should establish a reverse connection to
+ that port on this machine (e.g. -connect this-machine:5500)
+
+ For reverse connections in SSH or SSH + SSL modes it is a
+ little trickier. The SSH tunnel (with -R redirect) must be
+ established and remain up waiting for reverse connections.
+ The default time is "sleep 1800", i.e. 30 mins. You can put
+ a longer or shorter sleep in "Remote SSH Command" (perhaps
+ after your command runs: cmd; sleep 3600).
+
+ For SSH reverse connections put "hostname:n" in
+ 'VNC Host:Display' or "user@hostname:n". The "n" will be the
+ listening display on the *REMOTE* side. So to have the remote
+ x11vnc connect use: "x11vnc ... -connect localhost:n" or
+ "x11vnc -R connect:localhost:n" (-ssl will be needed for SSH+SSL
+ mode). If the -R port cannot be opened because it is in use
+ by another program you will have to kill everything and start
+ over using a different port.
+
+ In reverse connections mode be careful to protect the listening
+ vncviewer from direct connections (neither SSL nor SSH)
+ connecting directly to its listening port thereby bypassing
+ the tunnel. This can be done by a host-level firewall that only
+ lets in, say, port 5500. Or for SSH reverse connections allows
+ no 5500+n ports in. For SSH reverse connections the Unix viewers
+ supplied in the SSVNC package will only listen on localhost.
+
+ Note that for SSL connections use of "Proxy/Gateway" does not
+ make sense: the remote side cannot initiate its reverse connection
+ via the Proxy.
+
+ Note that for SSH or SSH+SSL connections use of "Proxy/Gateway"
+ does not make sense (the ssh cannot do a -R on a remote host:port),
+ unless it is a double proxy where the 2nd host is the machine with
+ the VNC server.
Putty PW: On Windows only: use the supplied password for plink SSH logins.
Unlike the other options the value is not saved when 'Save
@@ -724,10 +781,11 @@ proc set_defaults {} {
global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_local_start
global smb_su_mode smb_mount_list
global use_port_knocking port_knocking_list
- global ycrop_string
+ global ycrop_string use_listen
global include_list
set defs(use_viewonly) 0
+ set defs(use_listen) 0
set defs(use_fullscreen) 0
set defs(use_raise_on_beep) 0
set defs(use_bgr233) 0
@@ -797,6 +855,7 @@ proc do_viewer_windows {n} {
global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
global use_nojpeg use_raise_on_beep use_compresslevel use_quality
global change_vncviewer change_vncviewer_path vncviewer_realvnc4
+ global use_listen
set cmd "vncviewer"
if {$change_vncviewer && $change_vncviewer_path != ""} {
@@ -854,7 +913,68 @@ proc do_viewer_windows {n} {
append cmd " /quality $use_quality"
}
}
- append cmd " localhost:$n"
+ if {$use_listen} {
+ if {$vncviewer_realvnc4} {
+ append cmd " listen=1"
+ } else {
+ append cmd " /listen"
+ }
+ set nn $n
+ if {$nn < 100} {
+ set nn [expr "$nn + 5500"]
+ }
+ append cmd " $nn"
+ global did_listening_message
+ if {$did_listening_message < 3} {
+ incr did_listening_message
+ global listening_name
+
+ set msg "
+ About to start the Listening VNC Viewer.
+
+ VNC Viewer command to be run:
+
+ $cmd
+
+ The VNC server should then Reverse connect to:
+
+ $listening_name
+
+ To stop the Viewer: right click on the VNC Icon in the taskbar
+ and select 'Close listening daemon' (or similar).
+
+ You will then return to this GUI.
+
+"
+ global use_ssh use_sshssl
+ if {$use_ssh || $use_sshssl} {
+ set msg "${msg} NOTE: You will probably also need to kill the SSH in the\n terminal via Ctrl-C"
+ }
+
+ global help_font is_windows system_button_face
+ toplev .wll
+ global wll_done
+
+ set wll_done 0
+
+ eval text .wll.t -width 60 -height 18 $help_font
+ button .wll.d -text "OK" -command {destroy .wll; set wll_done 1}
+ pack .wll.t .wll.d -side top -fill x
+
+ apply_bg .wll.t
+
+ center_win .wll
+ wm resizable .wll 1 0
+
+ wm title .wll "SSL/SSH Viewer: Listening VNC Info"
+
+ .wll.t insert end $msg
+
+ vwait wll_done
+ }
+ } else {
+ append cmd " localhost:$n"
+ }
mesg $cmd
set emess ""
@@ -1095,6 +1215,7 @@ proc launch_windows_ssh {hp file n} {
global is_win9x env
global use_sshssl use_ssh putty_pw
global port_knocking_list
+ global use_listen listening_name
set hpnew [get_ssh_hp $hp]
set proxy [get_ssh_proxy $hp]
@@ -1104,7 +1225,7 @@ proc launch_windows_ssh {hp file n} {
set vnc_disp $hpnew
regsub {^.*:} $vnc_disp "" vnc_disp
- if {![regexp {^[0-9][0-9]*$} $vnc_disp]} {
+ if {![regexp {^-?[0-9][0-9]*$} $vnc_disp]} {
if {[regexp {cmd=SHELL} $hp]} {
;
} elseif {[regexp {cmd=PUTTY} $hp]} {
@@ -1116,11 +1237,21 @@ proc launch_windows_ssh {hp file n} {
}
}
- set vnc_port 5900
- if {![regexp {^[0-9][0-9]*$} $vnc_disp]} {
+ if {$use_listen} {
+ set vnc_port 5500
+ } else {
+ set vnc_port 5900
+ }
+ if {[regexp {^-[0-9][0-9]*$} $vnc_disp]} {
+ set vnc_port [expr "- $vnc_disp"]
+ } elseif {![regexp {^[0-9][0-9]*$} $vnc_disp]} {
;
} elseif {$vnc_disp < 200} {
- set vnc_port [expr $vnc_disp + 5900]
+ if {$use_listen} {
+ set vnc_port [expr $vnc_disp + 5500]
+ } else {
+ set vnc_port [expr $vnc_disp + 5900]
+ }
} else {
set vnc_port $vnc_disp
}
@@ -1207,7 +1338,11 @@ proc launch_windows_ssh {hp file n} {
set n 0
}
- set use [expr $n + 5900]
+ if {$use_listen} {
+ set use [expr $n + 5500]
+ } else {
+ set use [expr $n + 5900]
+ }
set_smb_mounts
@@ -1279,6 +1414,9 @@ proc launch_windows_ssh {hp file n} {
} else {
set sleep 20
}
+ if {$use_listen} {
+ set sleep 1800
+ }
set setup_cmds [ugly_setup_scripts post $tag]
@@ -1347,7 +1485,13 @@ proc launch_windows_ssh {hp file n} {
set vnc_host "localhost"
}
- set plink_str "plink.exe -ssh -P $ssh_port $verb -L $use:$vnc_host:$vnc_port $extra_redirs -t"
+ set redir "-L $use:$vnc_host:$vnc_port"
+ if {$use_listen} {
+ set redir "-R $vnc_port:$vnc_host:$use"
+ set listening_name "localhost:$vnc_port (on remote SSH side)"
+ }
+
+ set plink_str "plink.exe -ssh -P $ssh_port $verb $redir $extra_redirs -t"
if {$extra_redirs != ""} {
regsub {exe} $plink_str "exe -C" plink_str
}
@@ -1417,6 +1561,10 @@ proc launch_windows_ssh {hp file n} {
while {$waited < 30000} {
after 500
update
+ if {$use_listen} {
+ set gotit 1
+ break;
+ }
set ns [get_netstat]
set re ":$p_port"
append re {[ ][ ]*[0:.][0:.]*[ ][ ]*LISTEN}
@@ -1526,6 +1674,10 @@ proc launch_windows_ssh {hp file n} {
while {$waited < 30000} {
after 500
update
+ if {$use_listen} {
+ set plink_status yes
+ break;
+ }
set ns [get_netstat]
set re ":$use"
append re {[ ][ ]*[0:.][0:.]*[ ][ ]*LISTEN}
@@ -2164,10 +2316,18 @@ proc fetch_cert_windows {hp} {
set disp [string trim $disp]
regsub { .*$} $disp "" disp
- if {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
+ if {[regexp {^-[0-9][0-9]*$} $disp]} {
+ ;
+ } elseif {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
set disp 0
}
- set port [expr "$disp + 5900"]
+ if {$disp < 0} {
+ set port [expr "- $disp"]
+ } elseif {$disp < 200} {
+ set port [expr "$disp + 5900"]
+ } else {
+ set port $disp
+ }
if {$proxy != ""} {
global env
@@ -2337,6 +2497,9 @@ proc launch_unix {hp} {
set cmd "$cmd -verify '$crtdir'"
}
}
+ if {$use_listen} {
+ set cmd "$cmd -listen"
+ }
set hpnew [get_ssh_hp $hp]
set proxy [get_ssh_proxy $hp]
set sshcmd [get_ssh_cmd $hp]
@@ -2473,6 +2636,9 @@ proc launch_unix {hp} {
if {$use_grab} {
set cmd "$cmd -grab"
}
+ if {$use_listen} {
+ set cmd "$cmd -listen"
+ }
global darwin_cotvnc
if {$darwin_cotvnc} {
@@ -2550,10 +2716,16 @@ proc launch_unix {hp} {
set passwdfile ""
if {$vncauth_passwd != ""} {
+ global use_listen
set passwdfile "$env(HOME)/.vncauth_tmp.[pid]"
catch {exec vncstorepw $vncauth_passwd $passwdfile}
catch {exec chmod 600 $passwdfile}
- catch {exec sh -c "sleep 15; rm $passwdfile" &}
+ if {$use_listen} {
+ global env
+ set env(SS_VNCVIEWER_RM) $passwdfile
+ } else {
+ catch {exec sh -c "sleep 15; rm $passwdfile" &}
+ }
if {$darwin_cotvnc} {
set cmd "$cmd --PasswordFile $passwdfile"
} else {
@@ -2826,7 +2998,7 @@ proc launch {{hp ""}} {
global mycert svcert crtdir
global pids_before pids_after pids_new
global env
- global use_ssh use_sshssl
+ global use_ssh use_sshssl use_listen
set debug 0
if {$hp == ""} {
@@ -2874,6 +3046,7 @@ proc launch {{hp ""}} {
launch_unix $hp
return
}
+ ##############################################################
check_ssh_needed
@@ -2956,6 +3129,9 @@ proc launch {{hp ""}} {
set did_port_knock 0
+ global listening_name
+ set listening_name ""
+
if {$use_sshssl} {
set rc [launch_windows_ssh $hp $file2 $n2]
if {$rc == 0} {
@@ -2987,10 +3163,23 @@ proc launch {{hp ""}} {
set disp [lindex $list 1]
set disp [string trim $disp]
regsub { .*$} $disp "" disp
- if {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
+ if {[regexp {^-[0-9][0-9]*$} $disp]} {
+ ;
+ } elseif {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
set disp 0
}
- set port [expr "$disp + 5900"]
+
+ if {$disp < 0} {
+ set port [expr "- $disp"]
+ } elseif {$disp < 200} {
+ if {$use_listen} {
+ set port [expr "$disp + 5500"]
+ } else {
+ set port [expr "$disp + 5900"]
+ }
+ } else {
+ set port $disp
+ }
if {$proxy != ""} {
if [regexp {@} $proxy] {
@@ -3013,7 +3202,11 @@ proc launch {{hp ""}} {
set fh [open $file "w"]
- puts $fh "client = yes"
+ if {$use_listen} {
+ puts $fh "client = no"
+ } else {
+ puts $fh "client = yes"
+ }
puts $fh "options = ALL"
puts $fh "taskbar = yes"
puts $fh "RNDbytes = 2048"
@@ -3027,6 +3220,12 @@ proc launch {{hp ""}} {
set fail 1
}
puts $fh "cert = $mycert"
+ } elseif {$use_listen} {
+ set dummy "dummy.pem"
+ set dh [open $dummy "w"]
+ puts $dh [dummy_cert]
+ close $dh
+ puts $fh "cert = $dummy"
}
if {$svcert != ""} {
if {! [file exists $svcert]} {
@@ -3053,14 +3252,32 @@ proc launch {{hp ""}} {
set n2 11
}
puts $fh "\[vnc$n\]"
- set port2 [expr "$n + 5900"]
- puts $fh "accept = localhost:$port2"
-
- if {$use_sshssl || $proxy != ""} {
- set port [expr "$n2 + 5900"]
- puts $fh "connect = localhost:$port"
+ set port2 ""
+ if {! $use_listen} {
+ set port2 [expr "$n + 5900"]
+ puts $fh "accept = localhost:$port2"
+
+ if {$use_sshssl || $proxy != ""} {
+ set port [expr "$n2 + 5900"]
+ puts $fh "connect = localhost:$port"
+ } else {
+ puts $fh "connect = $host:$port"
+ }
} else {
- puts $fh "connect = $host:$port"
+ set port2 [expr "$n + 5500"]
+ set hloc ""
+ if {$use_ssh} {
+ set hloc "localhost:"
+ set listening_name "localhost:$port (on remote SSH side)"
+ } else {
+ set hn [get_hostname]
+ if {$hn == ""} {
+ set hn "this-computer"
+ }
+ set listening_name "$hn:$port (or IP:$port, etc.)"
+ }
+ puts $fh "accept = $hloc$port"
+ puts $fh "connect = localhost:$port2"
}
puts $fh "delay = no"
@@ -4479,6 +4696,63 @@ proc load_profile {{parent "."}} {
set profdone 1
putty_pw_entry check
+ listen_adjust
+}
+
+proc dummy_cert {} {
+ set str {
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
++zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
+OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
+jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
+qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
+S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
+CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
+6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
+MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
+PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
+Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
+rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
+yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
+1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
+eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
+uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
+RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
+GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
+3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
+vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
+SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
+3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
+zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
+YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
+/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
+VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
+A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
+MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
+bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
+b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
+ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
+CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
+Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
+6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
+QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
+jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
+YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
+vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
+ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
+2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
+CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
+wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
+dMw1yW09l+eEo4A7GzwOdw==
+-----END CERTIFICATE-----
+}
+ return $str
}
proc save_profile {{parent "."}} {
@@ -4522,7 +4796,9 @@ proc save_profile {{parent "."}} {
if {$p == ""} {
set p 0
}
- if {$p < 200} {
+ if {$p < 0} {
+ set port $p
+ } elseif {$p < 200} {
set port [expr $p + 5900]
} else {
set port $p
@@ -7144,7 +7420,12 @@ proc set_advanced_options {} {
bind .oa <Escape> {destroy .oa}
button .oa.b.help -text "Help" -command help_advanced_opts
- button .oa.b.connect -text "Connect" -command launch
+ global use_listen
+ if {$use_listen} {
+ button .oa.b.connect -text "Listen" -command launch
+ } else {
+ button .oa.b.connect -text "Connect" -command launch
+ }
pack .oa.b.help .oa.b.connect .oa.b.done -fill x -expand 1 -side left
@@ -7307,11 +7588,23 @@ proc ssl_ssh_adjust {which} {
putty_pw_entry check
}
+proc listen_adjust {} {
+ global use_listen revs_button
+ if {$use_listen} {
+ catch {.b.conn configure -text "Listen"}
+ catch {.o.b.connect configure -text "Listen"}
+ } else {
+ catch {.b.conn configure -text "Connect"}
+ catch {.o.b.connect configure -text "Connect"}
+ }
+}
+
proc set_options {} {
global use_alpha use_grab use_ssh use_sshssl use_viewonly use_fullscreen use_bgr233
global use_nojpeg use_raise_on_beep use_compresslevel use_quality
global compresslevel_text quality_text
global env is_windows darwin_cotvnc
+ global use_listen
toplev .o
wm title .o "SSL/SSH VNC Options"
@@ -7331,6 +7624,11 @@ proc set_options {} {
set iss $i
incr i
+ checkbutton .o.b$i -anchor w -variable use_listen -text \
+ "Reverse VNC Connection (-listen)" -command {listen_adjust}
+ #if {$is_windows} {.o.b$i configure -state disabled}
+ incr i
+
checkbutton .o.b$i -anchor w -variable use_viewonly -text \
"View Only"
incr i
@@ -7439,7 +7737,12 @@ proc set_options {} {
button .o.b.done -text "Done" -command {destroy .o}
bind .o <Escape> {destroy .o}
button .o.b.help -text "Help" -command help_opts
- button .o.b.connect -text "Connect" -command launch
+ global use_listen
+ if {$use_listen} {
+ button .o.b.connect -text "Listen" -command launch
+ } else {
+ button .o.b.connect -text "Connect" -command launch
+ }
pack .o.b.help .o.b.connect .o.b.done -fill x -expand 1 -side left
@@ -7535,6 +7838,9 @@ set vncproxy ""
set remote_ssh_cmd ""
set vncauth_passwd ""
+global did_listening_message
+set did_listening_message 0
+
label .l -text "SSL/SSH VNC Viewer" -relief ridge
set wl 21
@@ -7587,7 +7893,7 @@ frame .b
button .b.help -text "Help" -command help
button .b.certs -text "Certs ..." -command getcerts
button .b.opts -text "Options ..." -command set_options
-button .b.load -text "Load" -command {load_profile}
+button .b.load -text "Load ..." -command {load_profile}
button .b.conn -text "Connect" -command launch
button .b.exit -text "Exit" -command {destroy .; exit}