/* -- help.c -- */ #include "x11vnc.h" #include "xdamage.h" #include "cursor.h" /* * text printed out under -help option */ void print_help(int mode); void xopen_display_fail_message(char *disp); void nopassword_warning_msg(int gotloc); void print_help(int mode) { #if !SKIP_HELP char help[] = "\n" "x11vnc: allow VNC connections to real X11 displays. %s\n" "\n" "(type \"x11vnc -opts\" to just list the options.)\n" "\n" "Typical usage is:\n" "\n" " Run this command in a shell on the remote machine \"far-host\"\n" " with X session you wish to view:\n" "\n" " x11vnc -display :0\n" "\n" " Then run this in another window on the machine you are sitting at:\n" "\n" " vncviewer far-host:0\n" "\n" "Once x11vnc establishes connections with the X11 server and starts listening\n" "as a VNC server it will print out a string: PORT=XXXX where XXXX is typically\n" "5900 (the default VNC server port). One would next run something like\n" "this on the local machine: \"vncviewer hostname:N\" where \"hostname\" is\n" "the name of the machine running x11vnc and N is XXXX - 5900, i.e. usually\n" "\"vncviewer hostname:0\".\n" "\n" "By default x11vnc will not allow the screen to be shared and it will exit\n" "as soon as the client disconnects. See -shared and -forever below to override\n" "these protections. See the FAQ for details how to tunnel the VNC connection\n" "through an encrypted channel such as ssh(1). In brief:\n" "\n" " ssh -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'\n" "\n" " vncviewer -encodings 'copyrect tight zrle hextile' localhost:0\n" "\n" "Also, use of a VNC password (-rfbauth or -passwdfile) is strongly recommend.\n" "\n" "For additional info see: http://www.karlrunge.com/x11vnc/\n" " and http://www.karlrunge.com/x11vnc/#faq\n" "\n" "\n" "Rudimentary config file support: if the file $HOME/.x11vncrc exists then each\n" "line in it is treated as a single command line option. Disable with -norc.\n" "For each option name, the leading character \"-\" is not required. E.g. a\n" "line that is either \"forever\" or \"-forever\" may be used and are equivalent.\n" "Likewise \"wait 100\" or \"-wait 100\" are acceptable and equivalent lines.\n" "The \"#\" character comments out to the end of the line in the usual way\n" "(backslash it for a literal). Leading and trailing whitespace is trimmed off.\n" "Lines may be continued with a \"\\\" as the last character of a line (it\n" "becomes a space character).\n" "\n" "Options:\n" "\n" "-display disp X11 server display to connect to, usually :0. The X\n" " server process must be running on same machine and\n" " support MIT-SHM. Equivalent to setting the DISPLAY\n" " environment variable to \"disp\".\n" "-auth file Set the X authority file to be \"file\", equivalent to\n" " setting the XAUTHORITY environment variable to \"file\"\n" " before startup. Same as -xauth file. See Xsecurity(7),\n" " xauth(1) man pages for more info.\n" "\n" "-id windowid Show the window corresponding to \"windowid\" not\n" " the entire display. New windows like popup menus,\n" " transient toplevels, etc, may not be seen or may be\n" " clipped. Disabling SaveUnders or BackingStore in the\n" " X server may help show them. x11vnc may crash if the\n" " window is initially partially obscured, changes size,\n" " is iconified, etc. Some steps are taken to avoid this\n" " and the -xrandr mechanism is used to track resizes. Use\n" " xwininfo(1) to get the window id, or use \"-id pick\"\n" " to have x11vnc run xwininfo(1) for you and extract\n" " the id. The -id option is useful for exporting very\n" " simple applications (e.g. the current view on a webcam).\n" "-sid windowid As -id, but instead of using the window directly it\n" " shifts a root view to it: this shows SaveUnders menus,\n" " etc, although they will be clipped if they extend beyond\n" " the window.\n" "-clip WxH+X+Y Only show the sub-region of the full display that\n" " corresponds to the rectangle with size WxH and offset\n" " +X+Y. The VNC display has size WxH (i.e. smaller than\n" " the full display). This also works for -id/-sid mode\n" " where the offset is relative to the upper left corner\n" " of the selected window.\n" "\n" "-flashcmap In 8bpp indexed color, let the installed colormap flash\n" " as the pointer moves from window to window (slow).\n" " Also try the -8to24 option to avoid flash altogether.\n" "-shiftcmap n Rare problem, but some 8bpp displays use less than 256\n" " colorcells (e.g. 16-color grayscale, perhaps the other\n" " bits are used for double buffering) *and* also need to\n" " shift the pixels values away from 0, .., ncells. \"n\"\n" " indicates the shift to be applied to the pixel values.\n" " To see the pixel values set DEBUG_CMAP=1 to print out\n" " a colormap histogram. Example: -shiftcmap 240\n" "-notruecolor For 8bpp displays, force indexed color (i.e. a colormap)\n" " even if it looks like 8bpp TrueColor (rare problem).\n" "-visual n Experimental option: probably does not do what you\n" " think. It simply *forces* the visual used for the\n" " framebuffer; this may be a bad thing... (e.g. messes\n" " up colors or cause a crash). It is useful for testing\n" " and for some workarounds. n may be a decimal number,\n" " or 0x hex. Run xdpyinfo(1) for the values. One may\n" " also use \"TrueColor\", etc. see for a list.\n" " If the string ends in \":m\" then for better or for\n" " worse the visual depth is forced to be m.\n" "\n" "-overlay Handle multiple depth visuals on one screen, e.g. 8+24\n" " and 24+8 overlay visuals (the 32 bits per pixel are\n" " packed with 8 for PseudoColor and 24 for TrueColor).\n" "\n" " Currently -overlay only works on Solaris via\n" " XReadScreen(3X11) and IRIX using XReadDisplay(3).\n" " On Solaris there is a problem with image \"bleeding\"\n" " around transient popup menus (but not for the menu\n" " itself): a workaround is to disable SaveUnders\n" " by passing the \"-su\" argument to Xsun (in\n" " /etc/dt/config/Xservers).\n" "\n" " Use -overlay as a workaround for situations like these:\n" " Some legacy applications require the default visual to\n" " be 8bpp (8+24), or they will use 8bpp PseudoColor even\n" " when the default visual is depth 24 TrueColor (24+8).\n" " In these cases colors in some windows will be incorrect\n" " in x11vnc unless -overlay is used. Another use of\n" " -overlay is to enable showing the exact mouse cursor\n" " shape (details below).\n" "\n" " Under -overlay, performance will be somewhat slower\n" " due to the extra image transformations required.\n" " For optimal performance do not use -overlay, but rather\n" " configure the X server so that the default visual is\n" " depth 24 TrueColor and try to have all apps use that\n" " visual (e.g. some apps have -use24 or -visual options).\n" "-overlay_nocursor Sets -overlay, but does not try to draw the exact mouse\n" " cursor shape using the overlay mechanism.\n" "\n" "-8to24 [opts] Try this option if -overlay is not supported on your\n" " OS, and you have a legacy 8bpp app that you want to\n" " view on a multi-depth display with default depth 24\n" " (and is 32 bpp) OR have a default depth 8 display with\n" " depth 24 overlay windows for some apps. This option\n" " may not work on all X servers and hardware (tested\n" " on XFree86/Xorg mga driver and Xsun). The \"opts\"\n" " string is not required and is described below.\n" "\n" " This mode enables a hack where x11vnc monitors windows\n" " within 3 levels from the root window. If it finds\n" " any that are 8bpp it extracts the indexed color\n" " pixel values using XGetImage() and then applies a\n" " transformation using the colormap(s) to create TrueColor\n" " RGB values that it in turn inserts into bits 1-24 of\n" " the framebuffer. This creates a depth 24 \"view\"\n" " of the display that is then exported via VNC.\n" "\n" " Conversely, for default depth 8 displays, the depth\n" " 24 regions are read by XGetImage() and everything is\n" " transformed and inserted into a depth 24 TrueColor\n" " framebuffer.\n" "\n" " Note that even if there are *no* depth 24 visuals or\n" " windows (i.e. pure 8bpp), this mode is potentially\n" " an improvement over -flashcmap because it avoids the\n" " flashing and shows each window in the correct color.\n" "\n" " This method appear to work, but may still have bugs\n" " and it does hog resources. If there are multiple 8bpp\n" " windows using different colormaps, one may have to\n" " iconify all but one for the colors to be correct.\n" "\n" " There may be painting errors for clipping and switching\n" " between windows of depths 8 and 24. Heuristics are\n" " applied to try to minimize the painting errors. One can\n" " also press 3 Alt_L's in a row to refresh the screen\n" " if the error does not repair itself. Also the option\n" " -fixscreen 8=3.0 or -fixscreen V=3.0 may be used to\n" " periodically refresh the screen at the cost of bandwidth\n" " (every 3 sec for this example).\n" "\n" " The [opts] string can contain the following settings.\n" " Multiple settings are separated by commas.\n" "\n" " For for some X servers with default depth 24 a\n" " speedup may be achieved via the option \"nogetimage\".\n" " This enables a scheme were XGetImage() is not used\n" " to retrieve the 8bpp data. Instead, it assumes that\n" " the 8bpp data is in bits 25-32 of the 32bit X pixels.\n" " There is no reason the X server should put the data\n" " there for our poll requests, but some do and so the\n" " extra steps to retrieve it can be skipped. Tested with\n" " mga driver with XFree86/Xorg. For the default depth\n" " 8 case this option is ignored.\n" "\n" " To adjust how often XGetImage() is used to poll the\n" " non-default visual regions for changes, use the option\n" " \"poll=t\" where \"t\" is a floating point time.\n" " (default: %.2f)\n" "\n" " Setting the option \"level2\" will limit the search\n" " for non-default visual windows to two levels from the\n" " root window. Do this on slow machines where you know\n" " the window manager only imposes one extra window between\n" " the app window and the root window.\n" "\n" " Also for very slow machines use \"cachewin=t\"\n" " where t is a floating point amount of time to cache\n" " XGetWindowAttributes results. E.g. cachewin=5.0.\n" " This may lead to the windows being unnoticed for this\n" " amount of time when deiconifying, painting errors, etc.\n" "\n" " While testing on a very old SS20 these options gave\n" " tolerable response: -8to24 poll=0.2,cachewin=5.0. For\n" " this machine -overlay is supported and gives better\n" " response.\n" "\n" " Debugging for this mode can be enabled by setting \n" " \"dbg=1\", \"dbg=2\", or \"dbg=3\".\n" "\n" "-scale fraction Scale the framebuffer by factor \"fraction\". Values\n" " less than 1 shrink the fb, larger ones expand it. Note:\n" " image may not be sharp and response may be slower.\n" " If \"fraction\" contains a decimal point \".\" it\n" " is taken as a floating point number, alternatively\n" " the notation \"m/n\" may be used to denote fractions\n" " exactly, e.g. -scale 2/3\n" "\n" " Scaling Options: can be added after \"fraction\" via\n" " \":\", to supply multiple \":\" options use commas.\n" " If you just want a quick, rough scaling without\n" " blending, append \":nb\" to \"fraction\" (e.g. -scale\n" " 1/3:nb). No blending is the default for 8bpp indexed\n" " color, to force blending for this case use \":fb\".\n" "\n" " To disable -scrollcopyrect and -wirecopyrect under\n" " -scale use \":nocr\". If you need to to enable them use\n" " \":cr\" or specify them explicitly on the command line.\n" " If a slow link is detected, \":nocr\" may be applied\n" " automatically. Default: %s\n" "\n" " More esoteric options: for compatibility with vncviewers\n" " the scaled width is adjusted to be a multiple of 4:\n" " to disable this use \":n4\". \":in\" use interpolation\n" " scheme even when shrinking, \":pad\" pad scaled width\n" " and height to be multiples of scaling denominator\n" " (e.g. 3 for 2/3).\n" "\n" "-scale_cursor frac By default if -scale is supplied the cursor shape is\n" " scaled by the same factor. Depending on your usage,\n" " you may want to scale the cursor independently of the\n" " screen or not at all. If you specify -scale_cursor\n" " the cursor will be scaled by that factor. When using\n" " -scale mode to keep the cursor at its \"natural\" size\n" " use \"-scale_cursor 1\". Most of the \":\" scaling\n" " options apply here as well.\n" "\n" "-viewonly All VNC clients can only watch (default %s).\n" "-shared VNC display is shared, i.e. more than one viewer can\n" " connect at the same time (default %s).\n" "-once Exit after the first successfully connected viewer\n" " disconnects, opposite of -forever. This is the Default.\n" "-forever Keep listening for more connections rather than exiting\n" " as soon as the first client(s) disconnect. Same as -many\n" "-loop Create an outer loop restarting the x11vnc process\n" " whenever it terminates. -bg and -inetd are ignored in\n" " this mode. Useful for continuing even if the X server\n" " terminates and restarts (you will need permission to\n" " reconnect of course). Use, e.g., -loop100 to sleep\n" " 100 millisecs between restarts, etc. Default is 2000ms\n" " (i.e. 2 secs) Use, e.g. -loop300,5 to sleep 300 ms\n" " and only loop 5 times.\n" "-timeout n Exit unless a client connects within the first n seconds\n" " after startup.\n" "-inetd Launched by inetd(1): stdio instead of listening socket.\n" " Note: if you are not redirecting stderr to a log file\n" " (via shell 2> or -o option) you MUST also specify the -q\n" " option, otherwise the stderr goes to the viewer which\n" " will cause it to abort. Specifying both -inetd and -q\n" " and no -o will automatically close the stderr.\n" "-nofilexfer Disable the TightVNC file transfer extension. (same as\n" " -disablefiletransfer). Note that when the -viewonly\n" " option is supplied all file transfers are disabled.\n" " Also clients that log in viewonly cannot transfer files.\n" " However, if the remote control mechanism is used to\n" " change the global or per-client viewonly state the\n" " filetransfer permissions will NOT change.\n" "-http Instead of using -httpdir (see below) to specify\n" " where the Java vncviewer applet is, have x11vnc try\n" " to *guess* where the directory is by looking relative\n" " to the program location and in standard locations\n" " (/usr/local/share/x11vnc/classes, etc).\n" "-connect string For use with \"vncviewer -listen\" reverse connections.\n" " If \"string\" has the form \"host\" or \"host:port\"\n" " the connection is made once at startup. Use commas\n" " for a list of host's and host:port's.\n" "\n" " Note that unlike most vnc servers, x11vnc will require a\n" " password for reverse as well as for forward connections.\n" " (provided password auth has been enabled, -rfbauth, etc)\n" " If you do not want to require a password for reverse\n" " connections set X11VNC_REVERSE_CONNECTION_NO_AUTH=1 in\n" " your environment before starting x11vnc.\n" "\n" " If \"string\" contains \"/\" it is instead interpreted\n" " as a file to periodically check for new hosts.\n" " The first line is read and then the file is truncated.\n" " Be careful for this usage mode if x11vnc is running as\n" " root (e.g. via gdm(1), etc).\n" "\n" "-vncconnect Monitor the VNC_CONNECT X property set by the standard\n" "-novncconnect VNC program vncconnect(1). When the property is\n" " set to \"host\" or \"host:port\" establish a reverse\n" " connection. Using xprop(1) instead of vncconnect may\n" " work (see the FAQ). The -remote control mechanism uses\n" " X11VNC_REMOTE channel, and this option disables/enables\n" " it as well. Default: %s\n" "\n" "-allow host1[,host2..] Only allow client connections from hosts matching\n" " the comma separated list of hostnames or IP addresses.\n" " Can also be a numerical IP prefix, e.g. \"192.168.100.\"\n" " to match a simple subnet, for more control build\n" " libvncserver with libwrap support (See the FAQ). If the\n" " list contains a \"/\" it instead is a interpreted as a\n" " file containing addresses or prefixes that is re-read\n" " each time a new client connects. Lines can be commented\n" " out with the \"#\" character in the usual way.\n" "-localhost Same as \"-allow 127.0.0.1\".\n" "\n" " Note: if you want to restrict which network interface\n" " x11vnc listens on, see the -listen option below.\n" " E.g. \"-listen localhost\" or \"-listen 192.168.3.21\".\n" " As a special case, the option \"-localhost\" implies\n" " \"-listen localhost\".\n" "\n" " For non-localhost -listen usage, if you use the remote\n" " control mechanism (-R) to change the -listen interface\n" " you may need to manually adjust the -allow list (and\n" " vice versa) to avoid situations where no connections\n" " (or too many) are allowed.\n" "\n" "-nolookup Do not use gethostbyname() or gethostbyaddr() to look up\n" " host names or IP numbers. Use this if name resolution\n" " is incorrectly set up and leads to long pauses as name\n" " lookups time out, etc.\n" "\n" "-input string Fine tuning of allowed user input. If \"string\" does\n" " not contain a comma \",\" the tuning applies only to\n" " normal clients. Otherwise the part before \",\" is for\n" " normal clients and the part after for view-only clients.\n" " \"K\" is for Keystroke input, \"M\" for Mouse-motion\n" " input, \"B\" for Button-click input, and \"C\" is for\n" " Clipboard input. Their presence in the string enables\n" " that type of input. E.g. \"-input M\" means normal\n" " users can only move the mouse and \"-input KMBC,M\"\n" " lets normal users do anything and enables view-only\n" " users to move the mouse. This option is ignored when\n" " a global -viewonly is in effect (all input is discarded\n" " in that case).\n" "\n" "-viewpasswd string Supply a 2nd password for view-only logins. The -passwd\n" " (full-access) password must also be supplied.\n" "\n" "-passwdfile filename Specify the libvncserver password via the first line\n" " of the file \"filename\" (instead of via -passwd on\n" " the command line where others might see it via ps(1)).\n" " See below for how to supply multiple passwords.\n" "\n" " If the filename is prefixed with \"rm:\" it will be\n" " removed after being read. Perhaps this is useful in\n" " limiting the readability of the file. In general,\n" " the password file should not be readable by untrusted\n" " users (BTW: neither should the VNC -rfbauth file:\n" " it is NOT encrypted).\n" "\n" " If the filename is prefixed with \"read:\" it will\n" " periodically be checked for changes and reread.\n" "\n" " Note that only the first 8 characters of a password\n" " are used.\n" "\n" " If multiple non-blank lines exist in the file they are\n" " all taken as valid passwords. Blank lines are ignored.\n" " Password lines may be \"commented out\" (ignored) if\n" " they begin with the charactor \"#\" or the line contains\n" " the string \"__SKIP__\". Lines may be annotated by use\n" " of the \"__COMM__\" string: from it to the end of the\n" " line is ignored. An empty password may be specified\n" " via the \"__EMPTY__\" string on a line by itself (note\n" " your viewer might not accept empty passwords).\n" "\n" " If the string \"__BEGIN_VIEWONLY__\" appears on a\n" " line by itself, the remaining passwords are used for\n" " viewonly access. For compatibility, as a special case\n" " if the file contains only two password lines the 2nd\n" " one is automatically taken as the viewonly password.\n" " Otherwise the \"__BEGIN_VIEWONLY__\" token must be\n" " used to have viewonly passwords. (tip: make the 3rd\n" " and last line be \"__BEGIN_VIEWONLY__\" to have 2\n" " full-access passwords)\n" "\n" "-unixpw [list] Use Unix username and password authentication. x11vnc\n" " uses the su(1) program to verify the user's password.\n" " [list] is an optional comma separated list of allowed\n" " Unix usernames. See below for per-user options that\n" " can be applied.\n" "\n" " A familiar \"login:\" and \"Password:\" dialog is\n" " presented to the user on a black screen inside the\n" " vncviewer. The connection is dropped if the user fails\n" " to supply the correct password in 3 tries or does not\n" " send one before a 25 second timeout. Existing clients\n" " are view-only during this period.\n" "\n" " Since the detailed behavior of su(1) can vary from\n" " OS to OS and for local configurations, test the mode\n" " carefully on your systems before using it in production.\n" " Test different combinations of valid/invalid usernames\n" " and valid/invalid passwords to see if it behaves as\n" " expected. x11vnc will attempt to be conservative and\n" " reject a login if anything abnormal occurs.\n" "\n" " On FreeBSD and the other BSD's by default it is\n" " impossible for the user running x11vnc to validate\n" " his *own* password via su(1) (evidently commenting out\n" " the pam_self.so entry in /etc/pam.d/su eliminates this\n" " problem). So the x11vnc login will always *fail* for\n" " this case (even when the correct password is supplied).\n" "\n" " A possible workaround for this would be to start\n" " x11vnc as root with the \"-users +nobody\" option to\n" " immediately switch to user nobody. Another source of\n" " problems are PAM modules that prompt for extra info,\n" " e.g. password aging modules. These logins will fail\n" " as well even when the correct password is supplied.\n" "\n" " **IMPORTANT**: to prevent the Unix password being sent\n" " in *clear text* over the network, one of two schemes\n" " will be enforced: 1) the -ssl builtin SSL mode, or 2)\n" " require both -localhost and -stunnel be enabled.\n" "\n" " Method 1) ensures the traffic is encrypted between\n" " viewer and server. A PEM file will be required, see the\n" " discussion under -ssl below (under some circumstances\n" " a temporary one can be automatically generated).\n" "\n" " Method 2) requires the viewer connection to appear\n" " to come from the same machine x11vnc is running on\n" " (e.g. from a ssh -L port redirection). And that the\n" " -stunnel SSL mode be used for encryption over the\n" " network.(see the description of -stunnel below).\n" "\n" " Note: as a convenience, if you ssh(1) in and start\n" " x11vnc it will check if the environment variable\n" " SSH_CONNECTION is set and appears reasonable. If it\n" " does, then the -ssl or -stunnel requirement will be\n" " dropped since it is assumed you are using ssh for the\n" " encrypted tunnelling. -localhost is still enforced.\n" " Use -ssl or -stunnel to force SSL usage even if\n" " SSH_CONNECTION is set.\n" "\n" " To override the above restrictions you can set\n" " environment variables before starting x11vnc:\n" "\n" " Set UNIXPW_DISABLE_SSL=1 to disable requiring either\n" " -ssl or -stunnel. Evidently you will be using a\n" " different method to encrypt the data between the\n" " vncviewer and x11vnc: perhaps ssh(1) or an IPSEC VPN.\n" "\n" " Note that use of -localhost with ssh(1) is roughly\n" " the same as requiring a Unix user login (since a Unix\n" " password or the user's public key authentication is\n" " used by sshd on the machine where x11vnc runs and only\n" " local connections from that machine are accepted)\n" "\n" " Set UNIXPW_DISABLE_LOCALHOST=1 to disable the -localhost\n" " requirement in Method 2). One should never do this\n" " (i.e. allow the Unix passwords to be sniffed on the\n" " network).\n" "\n" " Regarding reverse connections (e.g. -R connect:host\n" " and -connect host), when the -localhost constraint is\n" " in effect then reverse connections can only be used\n" " to connect to the same machine x11vnc is running on\n" " (default port 5500). Please use a ssh or stunnel port\n" " redirection to the viewer machine to tunnel the reverse\n" " connection over an encrypted channel. Note that in -ssl\n" " mode reverse connection are disabled (see below).\n" "\n" " In -inetd mode the Method 1) will be enforced (not\n" " Method 2). With -ssl in effect reverse connections\n" " are disabled. If you override this via env. var, be\n" " sure to also use encryption from the viewer to inetd.\n" " Tip: you can also have your own stunnel spawn x11vnc\n" " in -inetd mode (thereby bypassing inetd). See the FAQ\n" " for details.\n" "\n" " The user names in the comma separated [list] can have\n" " per-user options after a \":\", e.g. \"fred:opts\"\n" " where \"opts\" is a \"+\" separated list of\n" " \"viewonly\", \"fullaccess\", \"input=XXXX\", or\n" " \"deny\", e.g. \"karl,fred:viewonly,boss:input=M\".\n" " For \"input=\" it is the K,M,B,C described under -input.\n" "\n" " If a user in the list is \"*\" that means those\n" " options apply to all users. It also means all users\n" " are allowed to log in after supplying a valid password.\n" " Use \"deny\" to explicitly deny some users if you use\n" " \"*\" to set a global option.\n" "\n" " There are also some utilities for testing password\n" " if [list] starts with the \"%\" character. See the\n" " quick_pw() function in the source for details.\n" "\n" "-unixpw_nis [list] As -unixpw above, however do not use su(1) but rather\n" " use the traditional getpwnam(3) + crypt(3) method to\n" " verify passwords instead. This requires that the\n" " encrypted passwords be readable. Passwords stored\n" " in /etc/shadow will be inaccessible unless x11vnc\n" " is run as root.\n" "\n" " This is called \"NIS\" mode simply because in most\n" " NIS setups the user encrypted passwords are accessible\n" " (e.g. \"ypcat passwd\"). NIS is not required for this\n" " mode to work (only that getpwnam(3) return the encrypted\n" " password is required), but it is unlikely it will work\n" " for any other modern environment. All of the -unixpw\n" " options and contraints apply.\n" "\n" "-ssl [pem] Use the openssl library (www.openssl.org) to provide a\n" " built-in encrypted SSL tunnel between VNC viewers and\n" " x11vnc. This requires libssl support to be compiled\n" " into x11vnc at build time. If x11vnc is not built\n" " with libssl support it will exit immediately when -ssl\n" " is prescribed.\n" "\n" " [pem] is optional, use \"-ssl /path/to/mycert.pem\"\n" " to specify a PEM certificate file to use to identify\n" " and provide a key for this server. See openssl(1) for\n" " more info about PEMs and the -sslGenCert option below.\n" "\n" " The connecting VNC viewer SSL tunnel can optionally\n" " authenticate this server if they have the public\n" " key part of the certificate (or a common certificate\n" " authority, CA, is a more sophisicated way to verify\n" " this server's cert, see -sslGenCA below). This is\n" " used to prevent man-in-the-middle attacks. Otherwise,\n" " if the VNC viewer accepts this server's key without\n" " verification, at least the traffic is protected\n" " from passive sniffing on the network (but NOT from\n" " man-in-the-middle attacks).\n" "\n" " If [pem] is not supplied and the openssl(1) utility\n" " command exists in PATH, then a temporary, self-signed\n" " certificate will be generated for this session (this\n" " may take 5-30 seconds on slow machines). If openssl(1)\n" " cannot be used to generate a temporary certificate\n" " x11vnc exits immediately.\n" "\n" " If successful in using openssl(1) to generate a\n" " temporary certificate, the public part of it will be\n" " displayed to stderr (e.g. one could copy it to the\n" " client-side to provide authentication of the server to\n" " VNC viewers.) See following paragraphs for how to save\n" " keys to reuse when x11vnc is restarted.\n" "\n" " Set the env. var. X11VNC_SHOW_TMP_PEM=1 to have x11vnc\n" " print out the entire certificate, including the PRIVATE\n" " KEY part, to stderr. One could reuse this cert if saved\n" " in a [pem] file. Similarly, set X11VNC_KEEP_TMP_PEM=1\n" " to not delete the temporary PEM file: the file name\n" " will be printed to stderr (so one could move it to\n" " a safe place for reuse). You will be prompted for a\n" " passphrase for the private key.\n" "\n" " If [pem] is \"SAVE\" then the certificate will be saved\n" " to the file ~/.vnc/certs/server.pem, or if that file\n" " exists it will be used directly. Similarly, if [pem]\n" " is \"SAVE_PROMPT\" the server.pem certificate will be\n" " made based on your answers to its prompts for info such\n" " as OrganizationalName, CommonName, etc.\n" "\n" " Use \"SAVE-\" and \"SAVE_PROMPT-\"\n" " to refer to the file ~/.vnc/certs/server-.pem\n" " instead. E.g. \"SAVE-charlie\" will store to the file\n" " ~/.vnc/certs/server-charlie.pem\n" "\n" " See -ssldir below to use a directory besides the\n" " default ~/.vnc/certs\n" "\n" " Example: x11vnc -ssl SAVE -display :0 ...\n" "\n" " Reverse connections are disabled in -ssl mode because\n" " there is no way to ensure that data channel will\n" " be encrypted. Set X11VNC_SSL_ALLOW_REVERSE=1 to\n" " override this.\n" "\n" " Your VNC viewer will also need to be able to connect\n" " via SSL. See the discussion below under -stunnel and\n" " the FAQ (ssl_vncviewer script) for how this might be\n" " achieved. E.g. on Unix it is easy to write a shell\n" " script that starts up stunnel and then vncviewer.\n" " Also in the x11vnc source a SSL enabled Java VNC Viewer\n" " applet is provided in the classes/ssl directory.\n" "\n" "-ssldir [dir] Use [dir] as an alternate ssl certificate and key\n" " management toplevel directory. The default is\n" " ~/.vnc/certs\n" "\n" " This directory is used to store server and other\n" " certificates and keys and also other materials. E.g. in\n" " the simplest case, \"-ssl SAVE\" will store the x11vnc\n" " server cert in [dir]/server.pem\n" "\n" " Use of alternate directories via -ssldir allows you to\n" " manage multiple VNC Certificate Authority (CA) keys.\n" " Another use is if ~/.vnc/cert is on an NFS share you\n" " might want your certificates and keys to be on a local\n" " filesystem to prevent network snooping (for example\n" " -ssldir /var/lib/x11vnc-certs).\n" "\n" " -ssldir effects the other -ssl* options. In the case\n" " of maintenance commands where the VNC server is not run\n" " (e.g. -sslGenCA), the -ssldir option must precede the\n" " command. E.g. x11vnc -ssldir ~/mydir -sslCertInfo LIST\n" "\n" "-sslverify [path] For either of the -ssl or -stunnel modes, use [path]\n" " to provide certificates to authenticate incoming VNC\n" " *Client* connections (normally only the server is\n" " authenticated in SSL.) This can be used as a method\n" " to replace standard password authentication of clients.\n" "\n" " If [path] is a directory it contains the client (or CA)\n" " certificates in separate files. If [path] is a file,\n" " it contains multiple certificates. See special tokens\n" " below. These correspond to the \"CApath = dir\" and\n" " \"CAfile = file\" stunnel options. See the stunnel(8)\n" " manpage for details.\n" "\n" " Examples:\n" " x11vnc -ssl -sslverify ~/my.pem\n" " x11vnc -ssl -sslverify ~/my_pem_dir/\n" "\n" " Note that if [path] is a directory, it must contain\n" " the certs in separate files named like .0, where\n" " the value of is found by running the command\n" " \"openssl x509 -hash -noout -in file.crt\". Evidently\n" " one uses .1 if there is a collision...\n" "\n" " The the key-management utility \"-sslCertInfo HASHON\"\n" " and \"-sslCertInfo HASHOFF\" will create/delete these\n" " hashes for you automatically (via symlink) in the HASH\n" " subdirs it manages. Then you can point -sslverify to\n" " the HASH subdir.\n" "\n" " Special tokens: in -ssl mode, if [path] is not a file or\n" " a directory, it is taken as a comma separated list of\n" " tokens that are interpreted as follows:\n" "\n" " If a token is \"CA\" that means load the CA/cacert.pem\n" " file from the ssl directory. If a token is \"clients\"\n" " then all the files clients/*.crt in the ssl directory\n" " are loaded. Otherwise the file clients/token.crt\n" " is attempted to be loaded. As a kludge, use a token\n" " like ../server-foo to load a server cert if you find\n" " that necessary.\n" " \n" " Use -ssldir to use a directory different from the\n" " ~/.vnc/certs default.\n" " \n" " Note that if the \"CA\" cert is loaded you do not need\n" " to load any of the certs that have been signed by it.\n" " You will need to load any additional self-signed certs\n" " however.\n" " \n" " Examples:\n" " x11vnc -ssl -sslverify CA\n" " x11vnc -ssl -sslverify self:fred,self:jim\n" " x11vnc -ssl -sslverify CA,clients\n" " \n" " Usually \"-sslverify CA\" is the most effective.\n" " See the -sslGenCA and -sslGenCert options below for\n" " how to set up and manage the CA framework.\n" " \n" "\n" "\n" " NOTE: the following utilities, -sslGenCA, -sslGenCert,\n" " -sslEncKey, and -sslCertInfo are provided for\n" " completeness, but for casual usage they are overkill.\n" "\n" " They provide VNC Certificate Authority (CA) key creation\n" " and server / client key generation and signing. So they\n" " provide a basic Public Key management framework for\n" " VNC-ing with x11vnc. (note that they require openssl(1)\n" " be installed on the system)\n" "\n" " However, the simplest usage mode (where x11vnc\n" " automatically generates its own, self-signed, temporary\n" " key and the VNC viewers always accept it, e.g. accepting\n" " via a dialog box) is probably safe enough for most\n" " scenarios. CA management is not needed.\n" "\n" " To protect against Man-In-The-Middle attacks the\n" " simplest mode can be improved by using \"-ssl SAVE\"\n" " to have x11vnc create a longer term self-signed\n" " certificate, and then (safely) copy the corresponding\n" " public key cert to the desired client machines (care\n" " must be taken the private key part is not stolen;\n" " you will be prompted for a passphrase).\n" "\n" " So keep in mind no CA key creation or management\n" " (-sslGenCA and -sslGenCert) is needed for either of\n" " the above two common usage modes.\n" "\n" " One might want to use -sslGenCA and -sslGenCert\n" " if you had a large number of VNC client and server\n" " workstations. That way the administrator could generate\n" " a single CA key with -sslGenCA and distribute its\n" " certificate part to all of the workstations.\n" "\n" " Next, he could create signed VNC server keys\n" " (-sslGenCert server ...) for each workstation or user\n" " that then x11vnc would use to authenticate itself to\n" " any VNC client that has the CA cert.\n" "\n" " Optionally, the admin could also make it so the\n" " VNC clients themselves are authenticated to x11vnc\n" " (-sslGenCert client ...) For this -sslverify would be\n" " pointed to the CA cert (and/or self-signed certs).\n" "\n" " x11vnc will be able to use all of these cert and\n" " key files. On the VNC client side, they will need to\n" " be \"imported\" somehow. Web browsers have \"Manage\n" " Certificates\" actions as does the Java applet plugin\n" " Control Panel. stunnel can also use these files (see\n" " the ssl_vncviewer example script in the FAQ.)\n" "\n" "-sslGenCA [dir] Generate your own Certificate Authority private key,\n" " certificate, and other files in directory [dir].\n" "\n" " If [dir] is not supplied, a -ssldir setting is used,\n" " or otherwise ~/.vnc/certs is used.\n" "\n" " This command also creates directories where server and\n" " client certs and keys will be stored. The openssl(1)\n" " program must be installed on the system and available\n" " in PATH.\n" "\n" " After the CA files and directories are created the\n" " command exits; the VNC server is not run.\n" "\n" " You will be prompted for information to put into the CA\n" " certificate. The info does not have to be accurate just\n" " as long as clients accept the cert for VNC connections.\n" " You will also need to supply a passphrase of at least\n" " 4 characters for the CA private key.\n" "\n" " Once you have generated the CA you can distribute\n" " its certificate part, [dir]/CA/cacert.pem, to other\n" " workstations where VNC viewers will be run. One will\n" " need to \"import\" this certicate in the applications,\n" " e.g. Web browser, Java applet plugin, stunnel, etc.\n" " Next, you can create and sign keys using the CA with\n" " the -sslGenCert option below.\n" "\n" " Examples:\n" " x11vnc -sslGenCA\n" " x11vnc -sslGenCA ~/myCAdir\n" " x11vnc -ssldir ~/myCAdir -sslGenCA\n" "\n" " (the last two lines are equivalent)\n" "\n" "-sslGenCert type name Generate a VNC server or client certificate and private\n" " key pair signed by the CA created previously with\n" " -sslGenCA. The openssl(1) program must be installed\n" " on the system and available in PATH.\n" "\n" " After the Certificate is generated the command exits;\n" " the VNC server is not run.\n" "\n" " The type of key to be generated is the string \"type\".\n" " It is either \"server\" (i.e. for use by x11vnc) or\n" " \"client\" (for a VNC viewer). Note that typically\n" " only \"server\" is used: the VNC clients authenticate\n" " themselves by a non-public-key method (e.g. VNC or\n" " unix password). \"type\" is required.\n" "\n" " An arbitrary default name you want to associate with\n" " the key is supplied by the \"name\" string. You can\n" " change it at the various prompts when creating the key.\n" " \"name\" is optional.\n" "\n" " If name is left blank for clients keys then \"nobody\"\n" " is used. If left blank for server keys, then the\n" " primary server key: \"server.pem\" is created (this\n" " is the saved one referenced by \"-ssl SAVE\" when the\n" " server is started)\n" "\n" " If \"name\" begins with the string \"self:\" then\n" " a self-signed certificate is created instead of one\n" " signed by your CA key.\n" "\n" " If \"name\" begins with the string \"req:\" then only a\n" " key (.key) and a certificate signing *request* (.req)\n" " are generated. You can then send the .req file to\n" " an external CA (even a professional one, e.g. Thawte)\n" " and then combine the .key and the received cert into\n" " the .pem file with the same basename.\n" "\n" " The distinction between \"server\" and \"client\" is\n" " simply the choice of output filenames and sub-directory.\n" " This makes it so the -ssl SAVE-name option can easily\n" " pick up the x11vnc PEM file this option generates.\n" " And similarly makes it easy for the -sslverify option\n" " to pick up your client certs.\n" "\n" " There is nothing special about the filename or directory\n" " location of either the \"server\" and \"client\" certs.\n" " You can rename the files or move them to wherever\n" " you like.\n" "\n" " Precede this option with -ssldir [dir] to use a\n" " directory other than the default ~/.vnc/certs You will\n" " need to run -sslGenCA on that directory first before\n" " doing any -sslGenCert key creation.\n" "\n" " Note you cannot recreate a cert with exactly the same\n" " distiguished name (DN) as an existing one. To do so,\n" " you will need to edit the [dir]/CA/index.txt file to\n" " delete the line.\n" "\n" " Similar to -sslGenCA, you will be prompted to fill\n" " in some information that will be recorded in the\n" " certificate when it is created. Tip: if you know\n" " the fully-quailified hostname other people will be\n" " connecting to you can use that as the CommonName \"CN\"\n" " to avoid some applications (e.g. web browsers and java\n" " plugin) complaining it does not match the hostname.\n" "\n" " You will also need to supply the CA private key\n" " passphrase to unlock the private key created from\n" " -sslGenCA. This private key is used to sign the server\n" " or client certicate.\n" "\n" " The \"server\" certs can be used by x11vnc directly by\n" " pointing to them via the -ssl [pem] option. The default\n" " file will be ~/.vnc/certs/server.pem. This one would\n" " be used by simply typing -ssl SAVE. The pem file\n" " contains both the certificate and the private key.\n" " server.crt file contains the cert only.\n" "\n" " The \"client\" cert + private key file will need\n" " to be copied and imported into the VNC viewer\n" " side applications (Web browser, Java plugin,\n" " stunnel, etc.) Once that is done you can delete the\n" " \"client\" private key file on this machine since\n" " it is only needed on the VNC viewer side. The,\n" " e.g. ~/.vnc/certs/clients/.pem contains both\n" " the cert and private key. The .crt contains the\n" " certificate only.\n" "\n" " NOTE: It is very important to know one should always\n" " generate new keys with a passphrase. Otherwise if an\n" " untrusted user steals the key file he could use it to\n" " masquerade as the x11vnc server (or VNC viewer client).\n" " You will be prompted whether to encrypt the key with\n" " a passphrase or not. It is recommended that you do.\n" " One inconvenience to a passphrase is that it must\n" " be suppled every time x11vnc or the client app is\n" " started up.\n" "\n" " Examples:\n" "\n" " x11vnc -sslGenCert server\n" " x11vnc -ssl SAVE -display :0 ...\n" "\n" " and then on viewer using ssl_vncviewer stunnel wrapper\n" " (see the FAQ):\n" " ssl_vncviewer -verify ./cacert.crt hostname:0\n" "\n" " (this assumes the cacert.crt cert from -sslGenCA\n" " was safely copied to the VNC viewer machine where\n" " ssl_vncviewer is run)\n" "\n" " Example using a name:\n" "\n" " x11vnc -sslGenCert server charlie\n" " x11vnc -ssl SAVE-charlie -display :0 ...\n" "\n" " Example for a client certificate (rarely used):\n" "\n" " x11vnc -sslGenCert client roger\n" " scp ~/.vnc/certs/clients/roger.pem somehost:.\n" " rm ~/.vnc/certs/clients/roger.pem\n" "\n" " x11vnc is then started with the the option -sslverify\n" " ~/.vnc/certs/clients/roger.crt (or simply -sslverify\n" " roger), and on the viewer user on somehost could do\n" " for example:\n" "\n" " ssl_vncviewer -mycert ./roger.pem hostname:0\n" "\n" "-sslEncKey [pem] Utility to encrypt an existing PEM file with a\n" " passphrase you supply when prompted. For that key to be\n" " used (e.g. by x11vnc) the passphrase must be supplied\n" " each time.\n" "\n" " The \"SAVE\" notation described under -ssl applies as\n" " well. (precede this option with -ssldir [dir] to refer\n" " a directory besides the default ~/.vnc/certs)\n" "\n" " The openssl(1) program must be installed on the system\n" " and available in PATH. After the Key file is encrypted\n" " the command exits; the VNC server is not run.\n" "\n" " Examples:\n" " x11vnc -sslEncKey /path/to/foo.pem\n" " x11vnc -sslEncKey SAVE\n" " x11vnc -sslEncKey SAVE-charlie\n" "\n" "-sslCertInfo [pem] Prints out information about an existing PEM file.\n" " In addition the public certificate is also printed.\n" " The openssl(1) program must be in PATH. Basically the\n" " command \"openssl x509 -text\" is run on the pem.\n" "\n" " The \"SAVE\" notation described under -ssl applies\n" " as well.\n" "\n" " Using \"LIST\" will give a list of all certs being\n" " managed (in the ~/.vnc/certs dir, use -ssldir to refer\n" " to another dir). \"ALL\" will print out the info for\n" " every managed key (this can be very long). Giving a\n" " client or server cert shortname will also try a lookup\n" " (e.g. -sslCertInfo charlie). Use \"LISTL\" or \"LL\"\n" " for a long (ls -l style) listing.\n" "\n" " Using \"HASHON\" will create subdirs [dir]/HASH and\n" " [dir]/HASH with OpenSSL hash filenames (e.g. 0d5fbbf1.0)\n" " symlinks pointing up to the corresponding *.crt file.\n" " ([dir] is ~/.vnc/certs or one given by -ssldir.)\n" " This is a useful way for other OpenSSL applications\n" " (e.g. stunnel) to access all of the certs without\n" " having to concatenate them. x11vnc will not use them\n" " unless you specifically reference them. \"HASHOFF\"\n" " removes these HASH subdirs.\n" "\n" " The LIST, LISTL, LL, ALL, HASHON, HASHOFF words can\n" " also be lowercase, e.g. \"list\".\n" "\n" "-sslDelCert [pem] Prompts you to delete all .crt .pem .key .req files\n" " associated with [pem]. \"SAVE\" and lookups as in\n" " -sslCertInfo apply as well.\n" "\n" "\n" "-stunnel [pem] Use the stunnel(8) (www.stunnel.org) to provide an\n" " encrypted SSL tunnel between viewers and x11vnc.\n" "\n" " This external tunnel method was implemented prior to the\n" " integrated -ssl encryption described above. It still\n" " works well. This requires stunnel to be installed\n" " on the system and available via PATH (n.b. stunnel is\n" " often installed in sbin directories). Version 4.x of\n" " stunnel is assumed (but see -stunnel3 below.)\n" "\n" " [pem] is optional, use \"-stunnel /path/to/stunnel.pem\"\n" " to specify a PEM certificate file to pass to stunnel.\n" " Whether one is needed or not depends on your stunnel\n" " configuration. stunnel often generates one at install\n" " time. See the stunnel documentation for details.\n" "\n" " stunnel is started up as a child process of x11vnc and\n" " any SSL connections stunnel receives are decrypted and\n" " sent to x11vnc over a local socket. The strings\n" " \"The SSL VNC desktop is ...\" and \"SSLPORT=...\"\n" " are printed out at startup to indicate this.\n" "\n" " The -localhost option is enforced by default\n" " to avoid people routing around the SSL channel.\n" " Set STUNNEL_DISABLE_LOCALHOST=1 before starting x11vnc\n" " to disable the requirement.\n" "\n" " Your VNC viewer will also need to be able to connect via\n" " SSL. Unfortunately not too many do this. UltraVNC has\n" " an encryption plugin but it does not seem to be SSL.\n" "\n" " Also, in the x11vnc distribution, a patched TightVNC\n" " Java applet is provided in classes/ssl that does SSL\n" " connections (only).\n" "\n" " It is also not too difficult to set up an stunnel or\n" " other SSL tunnel on the viewer side. A simple example\n" " on Unix using stunnel 3.x is:\n" "\n" " %% stunnel -c -d localhost:5901 -r remotehost:5900\n" " %% vncviewer localhost:1\n" "\n" " For Windows, stunnel has been ported to it and there\n" " are probably other such tools available. See the FAQ\n" " for more examples.\n" "\n" "-stunnel3 [pem] Use version 3.x stunnel command line syntax instead of\n" " version 4.x\n" "\n" "-https [port] Choose a separate HTTPS port (-ssl mode only).\n" "\n" " In -ssl mode, it turns out you can use the\n" " single VNC port (e.g. 5900) for both VNC and HTTPS\n" " connections. (HTTPS is used to retrieve a SSL-aware\n" " VncViewer.jar applet that is provided with x11vnc).\n" " Since both use SSL the implementation was extended to\n" " detect if HTTP traffic (i.e. GET) is taking place and\n" " handle it accordingly. The URL would be, e.g.:\n" "\n" " https://mymachine.org:5900/\n" "\n" " This is convenient for firewalls, etc, because only one\n" " port needs to be allowed in. However, this heuristic\n" " adds a few seconds delay to each connection and can be\n" " unreliable (especially if the user takes much time to\n" " ponder the Certificate dialogs in his browser, Java VM,\n" " or VNC Viewer applet. That's right 3 separate \"Are\n" " you sure you want to connect\" dialogs!)\n" "\n" " So use the -https option to provide a separate, more\n" " reliable HTTPS port that x11vnc will listen on. If\n" " [port] is not provided (or is 0), one is autoselected.\n" " The URL to use is printed out at startup.\n" "\n" " The SSL Java applet directory is specified via the\n" " -httpdir option. If not supplied it will try to guess\n" " the directory as though the -http option was supplied.\n" "\n" "-usepw If no other password method was supplied on the command\n" " line, first look for ~/.vnc/passwd and if found use it\n" " with -rfbauth; next, look for ~/.vnc/passwdfile and\n" " use it with -passwdfile; otherwise, prompt the user\n" " for a password to create ~/.vnc/passwd and use it with\n" " the -rfbauth option. If none of these succeed x11vnc\n" " exits immediately.\n" "\n" " Note: -unixpw currently does not count as a password\n" " method by this option.\n" "\n" "-storepasswd pass file Store password \"pass\" as the VNC password in the\n" " file \"file\". Once the password is stored the\n" " program exits. Use the password via \"-rfbauth file\"\n" "\n" " If called with no arguments, \"x11vnc -storepasswd\",\n" " the user is prompted for a password and it is stored\n" " in the file ~/.vnc/passwd. Called with one argument,\n" " that will be the file to store the prompted password in.\n" "\n" "-nopw Disable the big warning message when you use x11vnc\n" " without some sort of password.\n" "\n" "-accept string Run a command (possibly to prompt the user at the\n" " X11 display) to decide whether an incoming client\n" " should be allowed to connect or not. \"string\" is\n" " an external command run via system(3) or some special\n" " cases described below. Be sure to quote \"string\"\n" " if it contains spaces, shell characters, etc. If the\n" " external command returns 0 the client is accepted,\n" " otherwise the client is rejected. See below for an\n" " extension to accept a client view-only.\n" "\n" " If x11vnc is running as root (say from inetd(1) or from\n" " display managers xdm(1), gdm(1), etc), think about the\n" " security implications carefully before supplying this\n" " option (likewise for the -gone option).\n" "\n" " Environment: The RFB_CLIENT_IP environment variable will\n" " be set to the incoming client IP number and the port\n" " in RFB_CLIENT_PORT (or -1 if unavailable). Similarly,\n" " RFB_SERVER_IP and RFB_SERVER_PORT (the x11vnc side\n" " of the connection), are set to allow identification\n" " of the tcp virtual circuit. The x11vnc process\n" " id will be in RFB_X11VNC_PID, a client id number in\n" " RFB_CLIENT_ID, and the number of other connected clients\n" " in RFB_CLIENT_COUNT. RFB_MODE will be \"accept\".\n" " RFB_STATE will be PROTOCOL_VERSION, SECURITY_TYPE,\n" " AUTHENTICATION, INITIALISATION, NORMAL, or UNKNOWN\n" " indicating up to which state the client has acheived.\n" " RFB_LOGIN_VIEWONLY will be 0, 1, or -1 (unknown).\n" " RFB_USERNAME, RFB_LOGIN_TIME, and RFB_CURRENT_TIME may\n" " also be set.\n" "\n" " If \"string\" is \"popup\" then a builtin popup window\n" " is used. The popup will time out after 120 seconds,\n" " use \"popup:N\" to modify the timeout to N seconds\n" " (use 0 for no timeout).\n" "\n" " If \"string\" is \"xmessage\" then an xmessage(1)\n" " invocation is used for the command. xmessage must be\n" " installed on the machine for this to work.\n" "\n" " Both \"popup\" and \"xmessage\" will present an option\n" " for accepting the client \"View-Only\" (the client\n" " can only watch). This option will not be presented if\n" " -viewonly has been specified, in which case the entire\n" " display is view only.\n" "\n" " If the user supplied command is prefixed with something\n" " like \"yes:0,no:*,view:3 mycommand ...\" then this\n" " associates the numerical command return code with\n" " the actions: accept, reject, and accept-view-only,\n" " respectively. Use \"*\" instead of a number to indicate\n" " the default action (in case the command returns an\n" " unexpected value). E.g. \"no:*\" is a good choice.\n" "\n" " Note that x11vnc blocks while the external command\n" " or popup is running (other clients may see no updates\n" " during this period). So a person sitting a the physical\n" " display is needed to respond to an popup prompt. (use\n" " a 2nd x11vnc if you lock yourself out).\n" "\n" " More -accept tricks: use \"popupmouse\" to only allow\n" " mouse clicks in the builtin popup to be recognized.\n" " Similarly use \"popupkey\" to only recognize\n" " keystroke responses. These are to help avoid the\n" " user accidentally accepting a client by typing or\n" " clicking. All 3 of the popup keywords can be followed\n" " by +N+M to supply a position for the popup window.\n" " The default is to center the popup window.\n" "-afteraccept string As -accept, except to run a user supplied command after\n" " a client has been accepted and authenticated. RFB_MODE\n" " will be set to \"afteraccept\" and the other RFB_*\n" " variables are as in -accept. Unlike -accept, the\n" " command return code is not interpreted by x11vnc.\n" " Example: -afteraccept 'killall xlock &'\n" "-gone string As -accept, except to run a user supplied command when\n" " a client goes away (disconnects). RFB_MODE will be\n" " set to \"gone\" and the other RFB_* variables are as\n" " in -accept. The \"popup\" actions apply as well.\n" " Unlike -accept, the command return code is not\n" " interpreted by x11vnc. Example: -gone 'xlock &'\n" "\n" "-users list If x11vnc is started as root (say from inetd(1) or from\n" " display managers xdm(1), gdm(1), etc), then as soon\n" " as possible after connections to the X display are\n" " established try to switch to one of the users in the\n" " comma separated \"list\". If x11vnc is not running as\n" " root this option is ignored.\n" " \n" " Why use this option? In general it is not needed since\n" " x11vnc is already connected to the X display and can\n" " perform its primary functions. The option was added\n" " to make some of the *external* utility commands x11vnc\n" " occasionally runs work properly. In particular under\n" " GNOME and KDE to implement the \"-solid color\" feature\n" " external commands (gconftool-2 and dcop) must be run\n" " as the user owning the desktop session. Since this\n" " option switches userid it also affects the userid used\n" " to run the processes for the -accept and -gone options.\n" " It also affects the ability to read files for options\n" " such as -connect, -allow, and -remap. Note that the\n" " -connect file is also sometimes written to.\n" " \n" " So be careful with this option since in many situations\n" " its use can decrease security.\n" " \n" " The switch to a user will only take place if the\n" " display can still be successfully opened as that user\n" " (this is primarily to try to guess the actual owner\n" " of the session). Example: \"-users fred,wilma,betty\".\n" " Note that a malicious user \"barney\" by quickly using\n" " \"xhost +\" when logging in may get x11vnc to switch\n" " to user \"fred\". What happens next?\n" " \n" " Under display managers it may be a long time before\n" " the switch succeeds (i.e. a user logs in). To make\n" " it switch immediately regardless if the display\n" " can be reopened prefix the username with the \"+\"\n" " character. E.g. \"-users +bob\" or \"-users +nobody\".\n" " The latter (i.e. switching immediately to user\n" " \"nobody\") is probably the only use of this option\n" " that increases security.\n" " \n" " To immediately switch to a user *before* connections\n" " to the X display are made or any files opened use the\n" " \"=\" character: \"-users =bob\". That user needs to\n" " be able to open the X display of course.\n" " \n" " The special user \"guess=\" means to examine the utmpx\n" " database (see who(1)) looking for a user attached to\n" " the display number (from DISPLAY or -display option)\n" " and try him/her. To limit the list of guesses, use:\n" " \"-users guess=bob,betty\".\n" " \n" " Even more sinister is the special user \"lurk=\" that\n" " means to try to guess the DISPLAY from the utmpx login\n" " database as well. So it \"lurks\" waiting for anyone\n" " to log into an X session and then connects to it.\n" " Specify a list of users after the = to limit which\n" " users will be tried. To enable a different searching\n" " mode, if the first user in the list is something like\n" " \":0\" or \":0-2\" that indicates a range of DISPLAY\n" " numbers that will be tried (regardless of whether\n" " they are in the utmpx database) for all users that\n" " are logged in. Examples: \"-users lurk=\" and also\n" " \"-users lurk=:0-1,bob,mary\"\n" " \n" " Be especially careful using the \"guess=\" and \"lurk=\"\n" " modes. They are not recommended for use on machines\n" " with untrustworthy local users.\n" " \n" "-noshm Do not use the MIT-SHM extension for the polling.\n" " Remote displays can be polled this way: be careful this\n" " can use large amounts of network bandwidth. This is\n" " also of use if the local machine has a limited number\n" " of shm segments and -onetile is not sufficient.\n" "-flipbyteorder Sometimes needed if remotely polled host has different\n" " endianness. Ignored unless -noshm is set.\n" "-onetile Do not use the new copy_tiles() framebuffer mechanism,\n" " just use 1 shm tile for polling. Limits shm segments\n" " used to 3.\n" "\n" "-solid [color] To improve performance, when VNC clients are connected\n" " try to change the desktop background to a solid color.\n" " The [color] is optional: the default color is \"cyan4\".\n" " For a different one specify the X color (rgb.txt name,\n" " e.g. \"darkblue\" or numerical \"#RRGGBB\").\n" "\n" " Currently this option only works on GNOME, KDE, CDE,\n" " and classic X (i.e. with the background image on the\n" " root window). The \"gconftool-2\" and \"dcop\" external\n" " commands are run for GNOME and KDE respectively.\n" " Other desktops won't work, e.g. Xfce (send us the\n" " corresponding commands if you find them). If x11vnc is\n" " running as root (inetd(1) or gdm(1)), the -users option\n" " may be needed for GNOME and KDE. If x11vnc guesses\n" " your desktop incorrectly, you can force it by prefixing\n" " color with \"gnome:\", \"kde:\", \"cde:\" or \"root:\".\n" "-blackout string Black out rectangles on the screen. \"string\" is a\n" " comma separated list of WxH+X+Y type geometries for\n" " each rectangle. If one of the items on the list is the\n" " string \"noptr\" the mouse pointer will not be allowed\n" " to go into a blacked out region.\n" "-xinerama If your screen is composed of multiple monitors\n" "-noxinerama glued together via XINERAMA, and that screen is\n" " not a rectangle this option will try to guess the\n" " areas to black out (if your system has libXinerama).\n" " default: %s\n" "\n" " In general, we have noticed on XINERAMA displays you\n" " may need to use the \"-xwarppointer\" option if the mouse\n" " pointer misbehaves.\n" "\n" "-xtrap Use the DEC-XTRAP extension for keystroke and mouse\n" " input insertion. For use on legacy systems, e.g. X11R5,\n" " running an incomplete or missing XTEST extension.\n" " By default DEC-XTRAP will be used if XTEST server grab\n" " control is missing, use -xtrap to do the keystroke and\n" " mouse insertion via DEC-XTRAP as well.\n" "\n" "-xrandr [mode] If the display supports the XRANDR (X Resize, Rotate\n" " and Reflection) extension, and you expect XRANDR events\n" " to occur to the display while x11vnc is running, this\n" " options indicates x11vnc should try to respond to\n" " them (as opposed to simply crashing by assuming the\n" " old screen size). See the xrandr(1) manpage and run\n" " 'xrandr -q' for more info. [mode] is optional and\n" " described below.\n" "\n" " Since watching for XRANDR events and trapping errors\n" " increases polling overhead, only use this option if\n" " XRANDR changes are expected. For example on a rotatable\n" " screen PDA or laptop, or using a XRANDR-aware Desktop\n" " where you resize often. It is best to be viewing with a\n" " vncviewer that supports the NewFBSize encoding, since it\n" " knows how to react to screen size changes. Otherwise,\n" " libvncserver tries to do so something reasonable for\n" " viewers that cannot do this (portions of the screen\n" " may be clipped, unused, etc).\n" "\n" " \"mode\" defaults to \"resize\", which means create a\n" " new, resized, framebuffer and hope all viewers can cope\n" " with the change. \"newfbsize\" means first disconnect\n" " all viewers that do not support the NewFBSize VNC\n" " encoding, and then resize the framebuffer. \"exit\"\n" " means disconnect all viewer clients, and then terminate\n" " x11vnc.\n" "-padgeom WxH Whenever a new vncviewer connects, the framebuffer is\n" " replaced with a fake, solid black one of geometry WxH.\n" " Shortly afterwards the framebuffer is replaced with the\n" " real one. This is intended for use with vncviewers\n" " that do not support NewFBSize and one wants to make\n" " sure the initial viewer geometry will be big enough\n" " to handle all subsequent resizes (e.g. under -xrandr,\n" " -remote id:windowid, rescaling, etc.)\n" "\n" "-o logfile Write stderr messages to file \"logfile\" instead of\n" " to the terminal. Same as \"-logfile file\". To append\n" " to the file use \"-oa file\" or \"-logappend file\".\n" "-flag file Write the \"PORT=NNNN\" (e.g. PORT=5900) string to\n" " \"file\" in addition to stdout. This option could be\n" " useful by wrapper script to detect when x11vnc is ready.\n" "\n" "-rc filename Use \"filename\" instead of $HOME/.x11vncrc for rc file.\n" "-norc Do not process any .x11vncrc file for options.\n" "\n" "-h, -help Print this help text.\n" "-?, -opts Only list the x11vnc options.\n" "-V, -version Print program version and last modification date.\n" "\n" "-dbg Instead of exiting after cleaning up, run a simple\n" " \"debug crash shell\" when fatal errors are trapped.\n" "\n" "-q Be quiet by printing less informational output to\n" " stderr. Same as -quiet.\n" "-bg Go into the background after screen setup. Messages to\n" " stderr are lost unless -o logfile is used. Something\n" " like this could be useful in a script:\n" " port=`ssh $host \"x11vnc -display :0 -bg\" | grep PORT`\n" " port=`echo \"$port\" | sed -e 's/PORT=//'`\n" " port=`expr $port - 5900`\n" " vncviewer $host:$port\n" "\n" "-modtweak Option -modtweak automatically tries to adjust the AltGr\n" "-nomodtweak and Shift modifiers for differing language keyboards\n" " between client and host. Otherwise, only a single key\n" " press/release of a Keycode is simulated (i.e. ignoring\n" " the state of the modifiers: this usually works for\n" " identical keyboards). Also useful in resolving cases\n" " where a Keysym is bound to multiple keys (e.g. \"<\" + \">\"\n" " and \",\" + \"<\" keys). Default: %s\n" "-xkb When in modtweak mode, use the XKEYBOARD extension (if\n" "-noxkb the X display supports it) to do the modifier tweaking.\n" " This is powerful and should be tried if there are still\n" " keymapping problems when using -modtweak by itself.\n" " The default is to check whether some common keysyms,\n" " e.g. !, @, [, are only accessible via -xkb mode and if\n" " so then automatically enable the mode. To disable this\n" " automatic detection use -noxkb.\n" "-skip_keycodes string Ignore the comma separated list of decimal keycodes.\n" " Perhaps these are keycodes not on your keyboard but\n" " your X server thinks exist. Currently only applies\n" " to -xkb mode. Use this option to help x11vnc in the\n" " reverse problem it tries to solve: Keysym -> Keycode(s)\n" " when ambiguities exist (more than one Keycode per\n" " Keysym). Run 'xmodmap -pk' to see your keymapping.\n" " Example: \"-skip_keycodes 94,114\"\n" "-sloppy_keys Experimental option that tries to correct some\n" " \"sloppy\" key behavior. E.g. if at the viewer you\n" " press Shift+Key but then release the Shift before\n" " Key that could give rise to extra unwanted characters\n" " (usually only between keyboards of different languages).\n" " Only use this option if you observe problems with\n" " some keystrokes.\n" "-skip_dups Some VNC viewers send impossible repeated key events,\n" "-noskip_dups e.g. key-down, key-down, key-up, key-up all for the same\n" " key, or 20 downs in a row for the same modifier key!\n" " Setting -skip_dups means to skip these duplicates and\n" " just process the first event. Note: some VNC viewers\n" " assume they can send down's without the corresponding\n" " up's and so you should not set this option for\n" " these viewers (symptom: some keys do not autorepeat)\n" " Default: %s\n" "-add_keysyms If a Keysym is received from a VNC viewer and that\n" "-noadd_keysyms Keysym does not exist in the X server, then add the\n" " Keysym to the X server's keyboard mapping on an unused\n" " key. Added Keysyms will be removed periodically and\n" " also when x11vnc exits. Default: %s\n" #if 0 "-xkbcompat Ignore the XKEYBOARD extension. Use as a workaround for\n" " some keyboard mapping problems. E.g. if you are using\n" " an international keyboard (AltGr or ISO_Level3_Shift),\n" " and the OS or keyboard where the VNC viewer is run\n" " is not identical to that of the X server, and you are\n" " having problems typing some keys. Implies -nobell.\n" #endif "-clear_mods At startup and exit clear the modifier keys by sending\n" " KeyRelease for each one. The Lock modifiers are skipped.\n" " Used to clear the state if the display was accidentally\n" " left with any pressed down.\n" "-clear_keys As -clear_mods, except try to release any pressed key.\n" " Note that this option and -clear_mods can interfere\n" " with a person typing at the physical keyboard.\n" "-remap string Read Keysym remappings from file named \"string\".\n" " Format is one pair of Keysyms per line (can be name\n" " or hex value) separated by a space. If no file named\n" " \"string\" exists, it is instead interpreted as this\n" " form: key1-key2,key3-key4,... See \n" " header file for a list of Keysym names, or use xev(1).\n" " To map a key to a button click, use the fake Keysyms\n" " \"Button1\", ..., etc. E.g: \"-remap Super_R-Button2\"\n" " (useful for pasting on a laptop)\n" "\n" " Dead keys: \"dead\" (or silent, mute) keys are keys that\n" " do not produce a character but must be followed by a 2nd\n" " keystroke. This is often used for accenting characters,\n" " e.g. to put \"`\" on top of \"a\" by pressing the dead\n" " key and then \"a\". Note that this interpretation\n" " is not part of core X11, it is up to the toolkit or\n" " application to decide how to react to the sequence.\n" " The X11 names for these keysyms are \"dead_grave\",\n" " \"dead_acute\", etc. However some VNC viewers send the\n" " keysyms \"grave\", \"acute\" instead thereby disabling\n" " the accenting. To work around this -remap can be used.\n" " For example \"-remap grave-dead_grave,acute-dead_acute\"\n" " As a convenience, \"-remap DEAD\" applies these remaps:\n" "\n" " g grave-dead_grave\n" " a acute-dead_acute\n" " c asciicircum-dead_circumflex\n" " t asciitilde-dead_tilde\n" " m macron-dead_macron\n" " b breve-dead_breve\n" " D abovedot-dead_abovedot\n" " d diaeresis-dead_diaeresis\n" " o degree-dead_abovering\n" " A doubleacute-dead_doubleacute\n" " r caron-dead_caron\n" " e cedilla-dead_cedilla\n" "\n" " If you just want a subset use the first letter\n" " label, e.g. \"-remap DEAD=ga\" to get the first two.\n" " Additional remaps may also be supplied via commas,\n" " e.g. \"-remap DEAD=ga,Super_R-Button2\". Finally,\n" " \"DEAD=missing\" means to apply all of the above as\n" " long as the left hand member is not already in the\n" " X11 keymap.\n" "\n" "-norepeat Option -norepeat disables X server key auto repeat when\n" "-repeat VNC clients are connected and VNC keyboard input is\n" " not idle for more than 5 minutes. This works around a\n" " repeating keystrokes bug (triggered by long processing\n" " delays between key down and key up client events: either\n" " from large screen changes or high latency).\n" " Default: %s\n" "\n" " Note: your VNC viewer side will likely do autorepeating,\n" " so this is no loss unless someone is simultaneously at\n" " the real X display.\n" "\n" " Use \"-norepeat N\" to set how many times norepeat will\n" " be reset if something else (e.g. X session manager)\n" " undoes it. The default is 2. Use a negative value\n" " for unlimited resets.\n" "\n" "-nofb Ignore video framebuffer: only process keyboard and\n" " pointer. Intended for use with Win2VNC and x2vnc\n" " dual-monitor setups.\n" "-nobell Do not watch for XBell events. (no beeps will be heard)\n" " Note: XBell monitoring requires the XKEYBOARD extension.\n" "-nosel Do not manage exchange of X selection/cutbuffer between\n" " VNC viewers and the X server at all.\n" "-noprimary Do not poll the PRIMARY selection for changes to send\n" " back to clients. (PRIMARY is still set on received\n" " changes, however).\n" "-nosetprimary Do not set the PRIMARY selection for changes received\n" " from VNC clients.\n" "-noclipboard Do not poll the CLIPBOARD selection for changes to send\n" " back to clients. (CLIPBOARD is still set on received\n" " changes, however).\n" "-nosetclipboard Do not set the CLIPBOARD selection for changes\n" " received from VNC clients.\n" "-seldir string If direction string is \"send\", only send the selection\n" " to viewers, and if it is \"recv\" only receive it from\n" " viewers. To work around apps setting the selection\n" " too frequently and messing up the other end. You can\n" " actually supply a comma separated list of directions,\n" " including \"debug\" to turn on debugging output.\n" "\n" "-cursor [mode] Sets how the pointer cursor shape (little icon at the\n" "-nocursor mouse pointer) should be handled. The \"mode\" string\n" " is optional and is described below. The default\n" " is to show some sort of cursor shape(s). How this\n" " is done depends on the VNC viewer and the X server.\n" " Use -nocursor to disable cursor shapes completely.\n" "\n" " Some VNC viewers support the TightVNC CursorPosUpdates\n" " and CursorShapeUpdates extensions (cuts down on\n" " network traffic by not having to send the cursor image\n" " every time the pointer is moved), in which case these\n" " extensions are used (see -nocursorshape and -nocursorpos\n" " below to disable). For other viewers the cursor shape\n" " is written directly to the framebuffer every time the\n" " pointer is moved or changed and gets sent along with\n" " the other framebuffer updates. In this case, there\n" " will be some lag between the vnc viewer pointer and\n" " the remote cursor position.\n" "\n" " If the X display supports retrieving the cursor shape\n" " information from the X server, then the default is\n" " to use that mode. On Solaris this can be done with\n" " the SUN_OVL extension using -overlay (see also the\n" " -overlay_nocursor option). A similar overlay scheme\n" " is used on IRIX. Xorg (e.g. Linux) and recent Solaris\n" " Xsun servers support the XFIXES extension to retrieve\n" " the exact cursor shape from the X server. If XFIXES\n" " is present it is preferred over Overlay and is used by\n" " default (see -noxfixes below). This can be disabled\n" " with -nocursor, and also some values of the \"mode\"\n" " option below.\n" " \n" " Note that under XFIXES cursors with transparency (alpha\n" " channel) will usually not be exactly represented and one\n" " may find Overlay preferable. See also the -alphacut\n" " and -alphafrac options below as fudge factors to try\n" " to improve the situation for cursors with transparency\n" " for a given theme.\n" "\n" " The \"mode\" string can be used to fine-tune the\n" " displaying of cursor shapes. It can be used the\n" " following ways:\n" "\n" " \"-cursor arrow\" - just show the standard arrow\n" " nothing more or nothing less.\n" "\n" " \"-cursor none\" - same as \"-nocursor\"\n" "\n" " \"-cursor X\" - when the cursor appears to be on the\n" " root window, draw the familiar X shape. Some desktops\n" " such as GNOME cover up the root window completely,\n" " and so this will not work, try \"X1\", etc, to try to\n" " shift the tree depth. On high latency links or slow\n" " machines there will be a time lag between expected and\n" " the actual cursor shape.\n" "\n" " \"-cursor some\" - like \"X\" but use additional\n" " heuristics to try to guess if the window should have\n" " a windowmanager-like resizer cursor or a text input\n" " I-beam cursor. This is a complete hack, but may be\n" " useful in some situations because it provides a little\n" " more feedback about the cursor shape.\n" "\n" " \"-cursor most\" - try to show as many cursors as\n" " possible. Often this will only be the same as \"some\"\n" " unless the display has overlay visuals or XFIXES\n" " extensions available. On Solaris and IRIX if XFIXES\n" " is not available, -overlay mode will be attempted.\n" "\n" "-arrow n Choose an alternate \"arrow\" cursor from a set of\n" " some common ones. n can be 1 to %d. Default is: %d\n" " Ignored when in XFIXES cursor-grabbing mode.\n" "\n" "-noxfixes Do not use the XFIXES extension to draw the exact cursor\n" " shape even if it is available.\n" "-alphacut n When using the XFIXES extension for the cursor shape,\n" " cursors with transparency will not usually be displayed\n" " exactly (but opaque ones will). This option sets n as\n" " a cutoff for cursors that have transparency (\"alpha\n" " channel\" with values ranging from 0 to 255) Any cursor\n" " pixel with alpha value less than n becomes completely\n" " transparent. Otherwise the pixel is completely opaque.\n" " Default %d\n" " \n" "-alphafrac fraction With the threshold in -alphacut some cursors will become\n" " almost completely transparent because their alpha values\n" " are not high enough. For those cursors adjust the\n" " alpha threshold until fraction of the non-zero alpha\n" " channel pixels become opaque. Default %.2f\n" "-alpharemove By default, XFIXES cursors pixels with transparency have\n" " the alpha factor multiplied into the RGB color values\n" " (i.e. that corresponding to blending the cursor with a\n" " black background). Specify this option to remove the\n" " alpha factor. (useful for light colored semi-transparent\n" " cursors).\n" "-noalphablend In XFIXES mode do not send cursor alpha channel data\n" " to libvncserver. The default is to send it. The\n" " alphablend effect will only be visible in -nocursorshape\n" " mode or for clients with cursorshapeupdates turned\n" " off. (However there is a hack for 32bpp with depth 24,\n" " it uses the extra 8 bits to store cursor transparency\n" " for use with a hacked vncviewer that applies the\n" " transparency locally. See the FAQ for more info).\n" "\n" "-nocursorshape Do not use the TightVNC CursorShapeUpdates extension\n" " even if clients support it. See -cursor above.\n" "-cursorpos Option -cursorpos enables sending the X cursor position\n" "-nocursorpos back to all vnc clients that support the TightVNC\n" " CursorPosUpdates extension. Other clients will be able\n" " to see the pointer motions. Default: %s\n" "-xwarppointer Move the pointer with XWarpPointer(3X) instead of\n" " the XTEST extension. Use this as a workaround\n" " if the pointer motion behaves incorrectly, e.g.\n" " on touchscreens or other non-standard setups.\n" " Also sometimes needed on XINERAMA displays.\n" "\n" "-buttonmap string String to remap mouse buttons. Format: IJK-LMN, this\n" " maps buttons I -> L, etc., e.g. -buttonmap 13-31\n" "\n" " Button presses can also be mapped to keystrokes: replace\n" " a button digit on the right of the dash with ::\n" " or :+: etc. for multiple keys. For example,\n" " if the viewing machine has a mouse-wheel (buttons 4 5)\n" " but the x11vnc side does not, these will do scrolls:\n" " -buttonmap 12345-123:Prior::Next:\n" " -buttonmap 12345-123:Up+Up+Up::Down+Down+Down:\n" "\n" " See header file for a list of Keysyms,\n" " or use the xev(1) program. Note: mapping of button\n" " clicks to Keysyms may not work if -modtweak or -xkb is\n" " needed for the Keysym.\n" "\n" " If you include a modifier like \"Shift_L\" the\n" " modifier's up/down state is toggled, e.g. to send\n" " \"The\" use :Shift_L+t+Shift_L+h+e: (the 1st one is\n" " shift down and the 2nd one is shift up). (note: the\n" " initial state of the modifier is ignored and not reset)\n" " To include button events use \"Button1\", ... etc.\n" "\n" "-nodragging Do not update the display during mouse dragging events\n" " (mouse button held down). Greatly improves response on\n" " slow setups, but you lose all visual feedback for drags,\n" " text selection, and some menu traversals. It overrides\n" " any -pointer_mode setting.\n" "\n" "-wireframe [str] Try to detect window moves or resizes when a mouse\n" "-nowireframe button is held down and show a wireframe instead of\n" " the full opaque window. This is based completely on\n" " heuristics and may not always work: it depends on your\n" " window manager and even how you move things around.\n" " See -pointer_mode below for discussion of the \"bogging\n" " down\" problem this tries to avoid.\n" " Default: %s\n" "\n" " Shorter aliases: -wf [str] and -nowf\n" "\n" " The value \"str\" is optional and, of course, is\n" " packed with many tunable parameters for this scheme:\n" "\n" " Format: shade,linewidth,percent,T+B+L+R,mod,t1+t2+t3+t4\n" " Default: %s\n" "\n" " If you leave nothing between commas: \",,\" the default\n" " value is used. If you don't specify enough commas,\n" " the trailing parameters are set to their defaults.\n" "\n" " \"shade\" indicate the \"color\" for the wireframe,\n" " usually a greyscale: 0-255, however for 16 and 32bpp you\n" " can specify an rgb.txt X color (e.g. \"dodgerblue\") or\n" " a value > 255 is treated as RGB (e.g. red is 0xff0000).\n" " \"linewidth\" sets the width of the wireframe in pixels.\n" " \"percent\" indicates to not apply the wireframe scheme\n" " to windows with area less than this percent of the\n" " full screen.\n" "\n" " \"T+B+L+R\" indicates four integers for how close in\n" " pixels the pointer has to be from the Top, Bottom, Left,\n" " or Right edges of the window to consider wireframing.\n" " This is a speedup to quickly exclude a window from being\n" " wireframed: set them all to zero to not try the speedup\n" " (scrolling and selecting text will likely be slower).\n" "\n" " \"mod\" specifies if a button down event in the\n" " interior of the window with a modifier key (Alt, Shift,\n" " etc.) down should indicate a wireframe opportunity.\n" " It can be \"0\" or \"none\" to skip it, \"1\" or \"all\"\n" " to apply it to any modifier, or \"Shift\", \"Alt\",\n" " \"Control\", \"Meta\", \"Super\", or \"Hyper\" to only\n" " apply for that type of modifier key.\n" "\n" " \"t1+t2+t3+t4\" specify four floating point times in\n" " seconds: t1 is how long to wait for the pointer to move,\n" " t2 is how long to wait for the window to start moving\n" " or being resized (for some window managers this can be\n" " rather long), t3 is how long to keep a wireframe moving\n" " before repainting the window. t4 is the minimum time\n" " between sending wireframe \"animations\". If a slow\n" " link is detected, these values may be automatically\n" " changed to something better for a slow link.\n" "\n" "-wirecopyrect mode Since the -wireframe mechanism evidently tracks moving\n" "-nowirecopyrect windows accurately, a speedup can be obtained by\n" " telling the VNC viewers to locally copy the translated\n" " window region. This is the VNC CopyRect encoding:\n" " the framebuffer update doesn't need to send the actual\n" " new image data.\n" "\n" " Shorter aliases: -wcr [mode] and -nowcr\n" "\n" " \"mode\" can be \"never\" (same as -nowirecopyrect)\n" " to never try the copyrect, \"top\" means only do it if\n" " the window was not covered by any other windows, and\n" " \"always\" means to translate the orginally unobscured\n" " region (this may look odd as the remaining pieces come\n" " in, but helps on a slow link). Default: \"%s\"\n" "\n" " Note: there can be painting errors or slow response\n" " when using -scale so you may want to disable CopyRect\n" " in this case \"-wirecopyrect never\" on the command\n" " line or by remote-control. Or you can also use the\n" " \"-scale xxx:nocr\" scale option.\n" "\n" "-debug_wireframe Turn on debugging info printout for the wireframe\n" " heuristics. \"-dwf\" is an alias. Specify multiple\n" " times for more output.\n" "\n" "-scrollcopyrect mode Like -wirecopyrect, but use heuristics to try to guess\n" "-noscrollcopyrect if a window has scrolled its contents (either vertically\n" " or horizontally). This requires the RECORD X extension\n" " to \"snoop\" on X applications (currently for certain\n" " XCopyArea and XConfigureWindow X protocol requests).\n" " Examples: Hitting in a terminal window when the\n" " cursor was at the bottom, the text scrolls up one line.\n" " Hitting arrow in a web browser window, the web\n" " page scrolls up a small amount. Or scrolling with a\n" " scrollbar or mouse wheel.\n" "\n" " Shorter aliases: -scr [mode] and -noscr\n" "\n" " This scheme will not always detect scrolls, but when\n" " it does there is a nice speedup from using the VNC\n" " CopyRect encoding (see -wirecopyrect). The speedup\n" " is both in reduced network traffic and reduced X\n" " framebuffer polling/copying. On the other hand, it may\n" " induce undesired transients (e.g. a terminal cursor\n" " being scrolled up when it should not be) or other\n" " painting errors (window tearing, bunching-up, etc).\n" " These are automatically repaired in a short period\n" " of time. If this is unacceptable disable the feature\n" " with -noscrollcopyrect.\n" "\n" " Screen clearing kludges: for testing at least, there\n" " are some \"magic key sequences\" (must be done in less\n" " than 1 second) to aid repairing painting errors that\n" " may be seen when using this mode:\n" "\n" " 3 Alt_L's in a row: resend whole screen,\n" " 4 Alt_L's in a row: reread and resend whole screen,\n" " 3 Super_L's in a row: mark whole screen for polling,\n" " 4 Super_L's in a row: reset RECORD context,\n" " 5 Super_L's in a row: try to push a black screen\n" "\n" " note: Alt_L is the Left \"Alt\" key (a single key)\n" " Super_L is the Left \"Super\" key (Windows flag).\n" " Both of these are modifier keys, and so should not\n" " generate characters when pressed by themselves. Also,\n" " your VNC viewer may have its own refresh hot-key\n" " or button.\n" "\n" " \"mode\" can be \"never\" (same as -noscrollcopyrect)\n" " to never try the copyrect, \"keys\" means to try it\n" " in response to keystrokes only, \"mouse\" means to\n" " try it in response to mouse events only, \"always\"\n" " means to do both. Default: \"%s\"\n" "\n" " Note: there can be painting errors or slow response\n" " when using -scale so you may want to disable CopyRect\n" " in this case \"-scrollcopyrect never\" on the command\n" " line or by remote-control. Or you can also use the\n" " \"-scale xxx:nocr\" scale option.\n" "\n" "-scr_area n Set the minimum area in pixels for a rectangle\n" " to be considered for the -scrollcopyrect detection\n" " scheme. This is to avoid wasting the effort on small\n" " rectangles that would be quickly updated the normal way.\n" " E.g. suppose an app updated the position of its skinny\n" " scrollbar first and then shifted the large panel\n" " it controlled. We want to be sure to skip the small\n" " scrollbar and get the large panel. Default: %d\n" "\n" "-scr_skip list Skip scroll detection for applications matching\n" " the comma separated list of strings in \"list\".\n" " Some applications implement their scrolling in\n" " strange ways where the XCopyArea, etc, also applies\n" " to invisible portions of the window: if we CopyRect\n" " those areas it looks awful during the scroll and\n" " there may be painting errors left after the scroll.\n" " Soffice.bin is the worst known offender.\n" "\n" " Use \"##\" to denote the start of the application class\n" " (e.g. \"##XTerm\") and \"++\" to denote the start\n" " of the application instance name (e.g. \"++xterm\").\n" " The string your list is matched against is of the form\n" " \"^^WM_NAME##Class++Instance\"\n" " The \"xlsclients -la\" command will provide this info.\n" "\n" " If a pattern is prefixed with \"KEY:\" it only applies\n" " to Keystroke generated scrolls (e.g. Up arrow). If it\n" " is prefixed with \"MOUSE:\" it only applies to Mouse\n" " induced scrolls (e.g. dragging on a scrollbar).\n" " Default: %s\n" "\n" "-scr_inc list Opposite of -scr_skip: this list is consulted first\n" " and if there is a match the window will be monitored\n" " via RECORD for scrolls irrespective of -scr_skip.\n" " Use -scr_skip '*' to skip anything that does not match\n" " your -scr_inc. Use -scr_inc '*' to include everything.\n" "\n" "-scr_keys list For keystroke scroll detection, only apply the RECORD\n" " heuristics to the comma separated list of keysyms in\n" " \"list\". You may find the RECORD overhead for every\n" " one of your keystrokes disrupts typing too much, but you\n" " don't want to turn it off completely with \"-scr mouse\"\n" " and -scr_parms does not work or is too confusing.\n" "\n" " The listed keysyms can be numeric or the keysym\n" " names in the header file or from the\n" " xev(1) program. Example: \"-scr_keys Up,Down,Return\".\n" " One probably wants to have application specific lists\n" " (e.g. for terminals, etc) but that is too icky to think\n" " about for now...\n" "\n" " If \"list\" begins with the \"-\" character the list\n" " is taken as an exclude list: all keysyms except those\n" " list will be considered. The special string \"builtin\"\n" " expands to an internal list of keysyms that are likely\n" " to cause scrolls. BTW, by default modifier keys,\n" " Shift_L, Control_R, etc, are skipped since they almost\n" " never induce scrolling by themselves.\n" "\n" "-scr_term list Yet another cosmetic kludge. Apply shell/terminal\n" " heuristics to applications matching comma separated\n" " list (same as for -scr_skip/-scr_inc). For example an\n" " annoying transient under scroll detection is if you\n" " hit Enter in a terminal shell with full text window,\n" " the solid text cursor block will be scrolled up.\n" " So for a short time there are two (or more) block\n" " cursors on the screen. There are similar scenarios,\n" " (e.g. an output line is duplicated).\n" " \n" " These transients are induced by the approximation of\n" " scroll detection (e.g. it detects the scroll, but not\n" " the fact that the block cursor was cleared just before\n" " the scroll). In nearly all cases these transient errors\n" " are repaired when the true X framebuffer is consulted\n" " by the normal polling. But they are distracting, so\n" " what this option provides is extra \"padding\" near the\n" " bottom of the terminal window: a few extra lines near\n" " the bottom will not be scrolled, but rather updated\n" " from the actual X framebuffer. This usually reduces\n" " the annoying artifacts. Use \"none\" to disable.\n" " Default: \"%s\"\n" "\n" "-scr_keyrepeat lo-hi If a key is held down (or otherwise repeats rapidly) and\n" " this induces a rapid sequence of scrolls (e.g. holding\n" " down an Arrow key) the \"scrollcopyrect\" detection\n" " and overhead may not be able to keep up. A time per\n" " single scroll estimate is performed and if that estimate\n" " predicts a sustainable scrollrate of keys per second\n" " between \"lo\" and \"hi\" then repeated keys will be\n" " DISCARDED to maintain the scrollrate. For example your\n" " key autorepeat may be 25 keys/sec, but for a large\n" " window or slow link only 8 scrolls per second can be\n" " sustained, then roughly 2 out of every 3 repeated keys\n" " will be discarded during this period. Default: \"%s\"\n" "\n" "-scr_parms string Set various parameters for the scrollcopyrect mode.\n" " The format is similar to that for -wireframe and packed\n" " with lots of parameters:\n" "\n" " Format: T+B+L+R,t1+t2+t3,s1+s2+s3+s4+s5\n" " Default: %s\n" "\n" " If you leave nothing between commas: \",,\" the default\n" " value is used. If you don't specify enough commas,\n" " the trailing parameters are set to their defaults.\n" "\n" " \"T+B+L+R\" indicates four integers for how close in\n" " pixels the pointer has to be from the Top, Bottom, Left,\n" " or Right edges of the window to consider scrollcopyrect.\n" " If -wireframe overlaps it takes precedence. This is a\n" " speedup to quickly exclude a window from being watched\n" " for scrollcopyrect: set them all to zero to not try\n" " the speedup (things like selecting text will likely\n" " be slower).\n" "\n" " \"t1+t2+t3\" specify three floating point times in\n" " seconds that apply to scrollcopyrect detection with\n" " *Keystroke* input: t1 is how long to wait after a key\n" " is pressed for the first scroll, t2 is how long to keep\n" " looking after a Keystroke scroll for more scrolls.\n" " t3 is how frequently to try to update surrounding\n" " scrollbars outside of the scrolling area (0.0 to\n" " disable)\n" "\n" " \"s1+s2+s3+s4+s5\" specify five floating point times\n" " in seconds that apply to scrollcopyrect detection with\n" " *Mouse* input: s1 is how long to wait after a mouse\n" " button is pressed for the first scroll, s2 is how long\n" " to keep waiting for additional scrolls after the first\n" " Mouse scroll was detected. s3 is how frequently to\n" " try to update surrounding scrollbars outside of the\n" " scrolling area (0.0 to disable). s4 is how long to\n" " buffer pointer motion (to try to get fewer, bigger\n" " mouse scrolls). s5 is the maximum time to spend just\n" " updating the scroll window without updating the rest\n" " of the screen.\n" "\n" "-fixscreen string Periodically \"repair\" the screen based on settings\n" " in \"string\". Hopefully you won't need this option,\n" " it is intended for cases when the -scrollcopyrect or\n" " -wirecopyrect features leave too many painting errors,\n" " but it can be used for any scenario. This option\n" " periodically performs costly operations and so\n" " interactive response may be reduced when it is on.\n" " You can use 3 Alt_L's (the Left \"Alt\" key) taps in\n" " a row (as described under -scrollcopyrect) instead to\n" " manually request a screen repaint when it is needed.\n" "\n" " \"string\" is a comma separated list of one or more of\n" " the following: \"V=t\", \"C=t\", \"X=t\", and \"8=t\".\n" " In these \"t\" stands for a time in seconds (it is\n" " a floating point even though one should usually use\n" " values > 2 to avoid wasting resources). V sets how\n" " frequently the entire screen should be sent to viewers\n" " (it is like the 3 Alt_L's). C sets how long to wait\n" " after a CopyRect to repaint the full screen. X sets\n" " how frequently to reread the full X11 framebuffer from\n" " the X server and push it out to connected viewers.\n" " Use of X should be rare, please report a bug if you\n" " find you need it. 8= applies only for -8to24 mode: it\n" " sets how often the non-default visual regions of the\n" " screen (e.g. 8bpp windows) are refreshed. Examples:\n" " -fixscreen V=10 -fixscreen C=10\n" "\n" "-debug_scroll Turn on debugging info printout for the scroll\n" " heuristics. \"-ds\" is an alias. Specify it multiple\n" " times for more output.\n" "\n" "-noxrecord Disable any use of the RECORD extension. This is\n" " currently used by the -scrollcopyrect scheme and to\n" " monitor X server grabs.\n" "\n" "-grab_buster Some of the use of the RECORD extension can leave a\n" "-nograb_buster tiny window for XGrabServer deadlock. This is only if\n" " the whole-server grabbing application expects mouse or\n" " keyboard input before releasing the grab. It is usually\n" " a window manager that does this. x11vnc takes care to\n" " avoid the the problem, but if caught x11vnc will freeze.\n" " Without -grab_buster, the only solution is to go the\n" " physical display and give it some input to satisfy the\n" " grabbing app. Or manually kill and restart the window\n" " manager if that is feasible. With -grab_buster, x11vnc\n" " will fork a helper thread and if x11vnc appears to be\n" " stuck in a grab after a period of time (20-30 sec) then\n" " it will inject some user input: button clicks, Escape,\n" " mouse motion, etc to try to break the grab. If you\n" " experience a lot of grab deadlock, please report a bug.\n" "\n" "-debug_grabs Turn on debugging info printout with respect to\n" " XGrabServer() deadlock for -scrollcopyrect mode.\n" "\n" "-debug_sel Turn on debugging info printout with respect to\n" " PRIMARY, CLIPBOARD, and CUTBUFFER0 selections.\n" "\n" "-pointer_mode n Various pointer motion update schemes. \"-pm\" is\n" " an alias. The problem is pointer motion can cause\n" " rapid changes on the screen: consider the rapid\n" " changes when you drag a large window around opaquely.\n" " Neither x11vnc's screen polling and vnc compression\n" " routines nor the bandwidth to the vncviewers can keep\n" " up these rapid screen changes: everything will bog down\n" " when dragging or scrolling. So a scheme has to be used\n" " to \"eat\" much of that pointer input before re-polling\n" " the screen and sending out framebuffer updates. The\n" " mode number \"n\" can be 0 to %d and selects one of\n" " the schemes desribed below.\n" "\n" " Note that the -wireframe and -scrollcopyrect modes\n" " complement -pointer_mode by detecting (and improving)\n" " certain periods of \"rapid screen change\".\n" "\n" " n=0: does the same as -nodragging. (all screen polling\n" " is suspended if a mouse button is pressed.)\n" "\n" " n=1: was the original scheme used to about Jan 2004:\n" " it basically just skips -input_skip keyboard or pointer\n" " events before repolling the screen.\n" "\n" " n=2 is an improved scheme: by watching the current rate\n" " of input events it tries to detect if it should try to\n" " \"eat\" additional pointer events before continuing.\n" "\n" " n=3 is basically a dynamic -nodragging mode: it detects\n" " when the mouse motion has paused and then refreshes\n" " the display.\n" "\n" " n=4 attempts to measures network rates and latency,\n" " the video card read rate, and how many tiles have been\n" " changed on the screen. From this, it aggressively tries\n" " to push screen \"frames\" when it decides it has enough\n" " resources to do so. NOT FINISHED.\n" "\n" " The default n is %d. Note that modes 2, 3, 4 will skip\n" " -input_skip keyboard events (but it will not count\n" " pointer events). Also note that these modes are not\n" " available in -threads mode which has its own pointer\n" " event handling mechanism.\n" "\n" " To try out the different pointer modes to see which\n" " one gives the best response for your usage, it is\n" " convenient to use the remote control function, for\n" " example \"x11vnc -R pm:4\" or the tcl/tk gui (Tuning ->\n" " pointer_mode -> n).\n" "\n" "-input_skip n For the pointer handling when non-threaded: try to\n" " read n user input events before scanning display. n < 0\n" " means to act as though there is always user input.\n" " Default: %d\n" "\n" "-speeds rd,bw,lat x11vnc tries to estimate some speed parameters that\n" " are used to optimize scheduling (e.g. -pointer_mode\n" " 4, -wireframe, -scrollcopyrect) and other things.\n" " Use the -speeds option to set these manually.\n" " The triple \"rd,bw,lat\" corresponds to video h/w\n" " read rate in MB/sec, network bandwidth to clients in\n" " KB/sec, and network latency to clients in milliseconds,\n" " respectively. If a value is left blank, e.g. \"-speeds\n" " ,100,15\", then the internal scheme is used to estimate\n" " the empty value(s).\n" "\n" " Typical PC video cards have read rates of 5-10 MB/sec.\n" " If the framebuffer is in main memory instead of video\n" " h/w (e.g. SunRay, shadowfb, dummy driver, Xvfb), the\n" " read rate may be much faster. \"x11perf -getimage500\"\n" " can be used to get a lower bound (remember to factor\n" " in the bytes per pixel). It is up to you to estimate\n" " the network bandwith and latency to clients. For the\n" " latency the ping(1) command can be used.\n" "\n" " For convenience there are some aliases provided,\n" " e.g. \"-speeds modem\". The aliases are: \"modem\" for\n" " 6,4,200; \"dsl\" for 6,100,50; and \"lan\" for 6,5000,1\n" "\n" "-wmdt string For some features, e.g. -wireframe and -scrollcopyrect,\n" " x11vnc has to work around issues for certain window\n" " managers or desktops (currently kde and xfce).\n" " By default it tries to guess which one, but it can\n" " guess incorrectly. Use this option to indicate which\n" " wm/dt. \"string\" can be \"gnome\", \"kde\", \"cde\",\n" " \"xfce\", or \"root\" (classic X wm). Anything else\n" " is interpreted as \"root\".\n" "\n" "-debug_pointer Print debugging output for every pointer event.\n" "-debug_keyboard Print debugging output for every keyboard event.\n" " Same as -dp and -dk, respectively. Use multiple\n" " times for more output.\n" "\n" "-defer time Time in ms to wait for updates before sending to client\n" " (deferUpdateTime) Default: %d\n" "-wait time Time in ms to pause between screen polls. Used to cut\n" " down on load. Default: %d\n" "-wait_ui factor Factor by which to cut the -wait time if there\n" " has been recent user input (pointer or keyboard).\n" " Improves response, but increases the load whenever you\n" " are moving the mouse or typing. Default: %.2f\n" "-nowait_bog Do not detect if the screen polling is \"bogging down\"\n" " and sleep more. Some activities with no user input can\n" " slow things down a lot: consider a large terminal window\n" " with a long build running in it continously streaming\n" " text output. By default x11vnc will try to detect this\n" " (3 screen polls in a row each longer than 0.25 sec with\n" " no user input), and sleep up to 1.5 secs to let things\n" " \"catch up\". Use this option to disable that detection.\n" "-slow_fb time Floating point time in seconds delay all screen polling.\n" " For special purpose usage where a low frame rate is\n" " acceptable and desirable, but you want the user input\n" " processed at the normal rate so you cannot use -wait.\n" "-readtimeout n Set libvncserver rfbMaxClientWait to n seconds. On\n" " slow links that take a long time to paint the first\n" " screen libvncserver may hit the timeout and drop the\n" " connection. Default: %d seconds.\n" "-nap Monitor activity and if it is low take longer naps\n" "-nonap between screen polls to really cut down load when idle.\n" " Default: %s\n" "-sb time Time in seconds after NO activity (e.g. screen blank)\n" " to really throttle down the screen polls (i.e. sleep\n" " for about 1.5 secs). Use 0 to disable. Default: %d\n" "\n" "-nofbpm If the system supports the FBPM (Frame Buffer Power\n" "-fbpm Management) extension (i.e. some Sun systems), then\n" " prevent the video h/w from going into a reduced power\n" " state when VNC clients are connected.\n" "\n" " FBPM capable video h/w save energy when the workstation\n" " is idle by going into low power states (similar to DPMS\n" " for monitors). This interferes with x11vnc's polling\n" " of the framebuffer data.\n" "\n" " \"-nofbpm\" means prevent FBPM low power states whenever\n" " VNC clients are connected, while \"-fbpm\" means to not\n" " monitor the FBPM state at all. See the xset(1) manpage\n" " for details. -nofbpm is basically the same as running\n" " \"xset fbpm force on\" periodically. Default: %s\n" "\n" "-noxdamage Do not use the X DAMAGE extension to detect framebuffer\n" " changes even if it is available. Use -xdamage if your\n" " default is to have it off.\n" "\n" " x11vnc's use of the DAMAGE extension: 1) significantly\n" " reduces the load when the screen is not changing much,\n" " and 2) detects changed areas (small ones by default)\n" " more quickly.\n" "\n" " Currently the DAMAGE extension is overly conservative\n" " and often reports large areas (e.g. a whole terminal\n" " or browser window) as damaged even though the actual\n" " changed region is much smaller (sometimes just a few\n" " pixels). So heuristics were introduced to skip large\n" " areas and use the damage rectangles only as \"hints\"\n" " for the traditional scanline polling. The following\n" " tuning parameters are introduced to adjust this\n" " behavior:\n" "\n" "-xd_area A Set the largest DAMAGE rectangle area \"A\" (in\n" " pixels: width * height) to trust as truly damaged:\n" " the rectangle will be copied from the framebuffer\n" " (slow) no matter what. Set to zero to trust *all*\n" " rectangles. Default: %d\n" "-xd_mem f Set how long DAMAGE rectangles should be \"remembered\",\n" " \"f\" is a floating point number and is in units of the\n" " scanline repeat cycle time (%d iterations). The default\n" " (%.1f) should give no painting problems. Increase it if\n" " there are problems or decrease it to live on the edge\n" " (perhaps useful on a slow machine).\n" "\n" "-sigpipe string Broken pipe (SIGPIPE) handling. \"string\" can be\n" " \"ignore\" or \"exit\". For \"ignore\" libvncserver\n" " will handle the abrupt loss of a client and continue,\n" " for \"exit\" x11vnc will cleanup and exit at the 1st\n" " broken connection. Default: \"ignore\". This option\n" " is obsolete.\n" "-threads Whether or not to use the threaded libvncserver\n" "-nothreads algorithm [rfbRunEventLoop] if libpthread is available\n" " Default: %s\n" "\n" "-fs f If the fraction of changed tiles in a poll is greater\n" " than f, the whole screen is updated. Default: %.2f\n" "-gaps n Heuristic to fill in gaps in rows or cols of n or\n" " less tiles. Used to improve text paging. Default: %d\n" "-grow n Heuristic to grow islands of changed tiles n or wider\n" " by checking the tile near the boundary. Default: %d\n" "-fuzz n Tolerance in pixels to mark a tiles edges as changed.\n" " Default: %d\n" "-debug_tiles Print debugging output for tiles, fb updates, etc.\n" "\n" "-snapfb Instead of polling the X display framebuffer (fb) for\n" " changes, periodically copy all of X display fb into main\n" " memory and examine that copy for changes. Under some\n" " circumstances this will improve interactive response,\n" " or at least make things look smoother, but in others\n" " (most!) it will make the response worse. If the video\n" " h/w fb is such that reading small tiles is very slow\n" " this mode could help. To keep the \"framerate\" up\n" " the screen size x bpp cannot be too large. Note that\n" " this mode is very wasteful of memory I/O resources\n" " (it makes full screen copies even if nothing changes).\n" " It may be of use in video capture-like applications,\n" " or where window tearing is a problem.\n" "\n" "-rawfb string Experimental option, instead of polling X, poll the\n" " memory object specified in \"string\". For shared\n" " memory segments it is of the form: \"shm:N@WxHxB\"\n" " which specifies a shmid N and framebuffer Width, Height,\n" " and Bits per pixel. To memory map mmap(2) a file use:\n" " \"map:/path/to/a/file@WxHxB\". If there is trouble\n" " with mmap, use \"file:/...\" for slower lseek(2)\n" " based reading. If you do not supply a type \"map\"\n" " is assumed if the file exists.\n" "\n" " If string is \"setup:cmd\", then the command \"cmd\"\n" " is run and the first line from it is read and used\n" " as \"string\". This allows initializing the device,\n" " determining WxHxB, etc. These are often done as root\n" " so take care.\n" "\n" " Optional suffixes are \":R/G/B\" and \"+O\" to specify\n" " red, green, and blue masks and an offset into the\n" " memory object. If the masks are not provided x11vnc\n" " guesses them based on the bpp.\n" "\n" " Examples:\n" " -rawfb shm:210337933@800x600x32:ff/ff00/ff0000\n" " -rawfb map:/dev/fb0@1024x768x32\n" " -rawfb map:/tmp/Xvfb_screen0@640x480x8+3232\n" " -rawfb file:/tmp/my.pnm@250x200x24+37\n" "\n" " (see ipcs(1) and fbset(1) for the first two examples)\n" "\n" " All user input is discarded by default (but see the\n" " -pipeinput option). Most of the X11 (screen, keyboard,\n" " mouse) options do not make sense and many will cause\n" " this mode to crash, so please think twice before\n" " setting/changing them.\n" "\n" " If you don't want x11vnc to close the X DISPLAY in\n" " rawfb mode, then capitalize the prefix, SHM:, MAP:,\n" " FILE: Keeping the display open enables the default\n" " remote-control channel, which could be useful. Also,\n" " if you also specify -noviewonly, then the mouse and\n" " keyboard input are STILL sent to the X display, this\n" " usage should be very rare, i.e. doing something strange\n" " with /dev/fb0.\n" "\n" "-pipeinput cmd Another experimental option: it lets you supply an\n" " external command in \"cmd\" that x11vnc will pipe\n" " all of the user input events to in a simple format.\n" " In -pipeinput mode by default x11vnc will not process\n" " any of the user input events. If you prefix \"cmd\"\n" " with \"tee:\" it will both send them to the pipe\n" " command and process them. For a description of the\n" " format run \"-pipeinput tee:/bin/cat\". Another prefix\n" " is \"reopen\" which means to reopen pipe if it exits.\n" " Separate multiple prefixes with commas.\n" "\n" " In combination with -rawfb one might be able to\n" " do amusing things (e.g. control non-X devices).\n" " To facilitate this, if -rawfb is in effect then the\n" " value is stored in X11VNC_RAWFB_STR for the pipe command\n" " to use if it wants. Do 'env | grep X11VNC' for more.\n" "\n" "-gui [gui-opts] Start up a simple tcl/tk gui based on the the remote\n" " control options -remote/-query described below.\n" " Requires the \"wish\" program to be installed on the\n" " machine. \"gui-opts\" is not required: the default\n" " is to start up both the full gui and x11vnc with the\n" " gui showing up on the X display in the environment\n" " variable DISPLAY.\n" "\n" " \"gui-opts\" can be a comma separated list of items.\n" " Currently there are these types of items: 1) a gui\n" " mode, a 2) gui \"simplicity\", 3) the X display the\n" " gui should display on, 4) a \"tray\" or \"icon\" mode,\n" " and 5) a gui geometry.\n" "\n" " 1) The gui mode can be \"start\", \"conn\", or \"wait\"\n" " \"start\" is the default mode above and is not required.\n" " \"conn\" means do not automatically start up x11vnc,\n" " but instead just try to connect to an existing x11vnc\n" " process. \"wait\" means just start the gui and nothing\n" " else (you will later instruct the gui to start x11vnc\n" " or connect to an existing one.)\n" "\n" " 2) The gui simplicity is off by default (a power-user\n" " gui with all options is presented) To start with\n" " something less daunting supply the string \"simple\"\n" " (\"ez\" is an alias for this). Once the gui is\n" " started you can toggle between the two with \"Misc ->\n" " simple_gui\".\n" "\n" " 3) Note the possible confusion regarding the potentially\n" " two different X displays: x11vnc polls one, but you\n" " may want the gui to appear on another. For example, if\n" " you ssh in and x11vnc is not running yet you may want\n" " the gui to come back to you via your ssh redirected X\n" " display (e.g. localhost:10).\n" "\n" " If you do not specify a gui X display in \"gui-opts\"\n" " then the DISPLAY environment variable and -display\n" " option are tried (in that order). Regarding the x11vnc\n" " X display the gui will try to communication with, it\n" " first tries -display and then DISPLAY. For example,\n" " \"x11vnc -display :0 -gui otherhost:0\", will remote\n" " control an x11vnc polling :0 and display the gui on\n" " otherhost:0 The \"tray/icon\" mode below reverses this\n" " preference, preferring to display on the x11vnc display.\n" "\n" " 4) When \"tray\" or \"icon\" is specified, the gui\n" " presents itself as a small icon with behavior typical\n" " of a \"system tray\" or \"dock applet\". The color\n" " of the icon indicates status (connected clients) and\n" " there is also a balloon status. Clicking on the icon\n" " gives a menu from which properties, etc, can be set and\n" " the full gui is available under \"Advanced\". To be\n" " fully functional, the gui mode should be \"start\"\n" " (the default).\n" "\n" " For \"icon\" the gui just a small standalone window.\n" " For \"tray\" it will attempt to embed itself in the\n" " \"system tray\" if possible. If \"=setpass\" is appended then\n" " at startup the X11 user will be prompted to set the\n" " VNC session password. If = is appended\n" " that icon will attempt to embed itself in the window\n" " given by hexnumber. Use =noadvanced to disable the\n" " full gui. (To supply more than one, use \"+\" sign).\n" " E.g. -gui tray=setpass and -gui icon=0x3600028\n" "\n" " Other modes: \"full\", the default and need not be\n" " specified. \"-gui none\", do not show a gui, useful\n" " to override a ~/.x11vncrc setting, etc.\n" "\n" " 5) When \"geom=+X+Y\" is specified, that geometry\n" " is passed to the gui toplevel. This is the icon in\n" " icon/tray mode, or the full gui otherwise. You can\n" " also specify width and height, i.e. WxH+X+Y, but it\n" " is not recommended. In \"tray\" mode the geometry is\n" " ignored unless the system tray manager does not seem\n" " to be running. One could imagine using something like\n" " \"-gui tray,geom=+4000+4000\" with a display manager\n" " to keep the gui invisible until someone logs in...\n" "\n" " More icon tricks, \"icon=minimal\" gives an icon just\n" " with the VNC display number. You can also set the font\n" " with \"iconfont=...\". The following could be useful:\n" " \"-gui icon=minimal,iconfont=5x8,geom=24x10+0-0\"\n" "\n" " General examples of the -gui option: \"x11vnc -gui\",\n" " \"x11vnc -gui ez\" \"x11vnc -gui localhost:10\",\n" " \"x11vnc -gui conn,host:0\", \"x11vnc -gui tray,ez\"\n" " \"x11vnc -gui tray=setpass\"\n" "\n" " If you do not intend to start x11vnc from the gui\n" " (i.e. just remote control an existing one), then the\n" " gui process can run on a different machine from the\n" " x11vnc server as long as X permissions, etc. permit\n" " communication between the two.\n" "\n" "-remote command Remotely control some aspects of an already running\n" " x11vnc server. \"-R\" and \"-r\" are aliases for\n" " \"-remote\". After the remote control command is\n" " sent to the running server the 'x11vnc -remote ...'\n" " command exits. You can often use the -query command\n" " (see below) to see if the x11vnc server processed your\n" " -remote command.\n" "\n" " The default communication channel is that of X\n" " properties (specifically X11VNC_REMOTE), and so this\n" " command must be run with correct settings for DISPLAY\n" " and possibly XAUTHORITY to connect to the X server\n" " and set the property. Alternatively, use the -display\n" " and -auth options to set them to the correct values.\n" " The running server cannot use the -novncconnect option\n" " because that disables the communication channel.\n" " See below for alternate channels.\n" "\n" " For example: 'x11vnc -remote stop' (which is the same as\n" " 'x11vnc -R stop') will close down the x11vnc server.\n" " 'x11vnc -R shared' will enable shared connections, and\n" " 'x11vnc -R scale:3/4' will rescale the desktop.\n" "\n" " The following -remote/-R commands are supported:\n" "\n" " stop terminate the server, same as \"quit\"\n" " \"exit\" or \"shutdown\".\n" " ping see if the x11vnc server responds.\n" " Return is: ans=ping:\n" " blacken try to push a black fb update to all\n" " clients (due to timings a client\n" " could miss it). Same as \"zero\", also\n" " \"zero:x1,y1,x2,y2\" for a rectangle.\n" " refresh send the entire fb to all clients.\n" " reset recreate the fb, polling memory, etc.\n" /* ext. cmd. */ " id:windowid set -id window to \"windowid\". empty\n" " or \"root\" to go back to root window\n" " sid:windowid set -sid window to \"windowid\"\n" " waitmapped wait until subwin is mapped.\n" " nowaitmapped do not wait until subwin is mapped.\n" " clip:WxH+X+Y set -clip mode to \"WxH+X+Y\"\n" " flashcmap enable -flashcmap mode.\n" " noflashcmap disable -flashcmap mode.\n" " shiftcmap:n set -shiftcmap to n.\n" " notruecolor enable -notruecolor mode.\n" " truecolor disable -notruecolor mode.\n" " overlay enable -overlay mode (if applicable).\n" " nooverlay disable -overlay mode.\n" " overlay_cursor in -overlay mode, enable cursor drawing.\n" " overlay_nocursor disable cursor drawing. same as\n" " nooverlay_cursor.\n" " 8to24 enable -8to24 mode (if applicable).\n" " no8to24 disable -8to24 mode.\n" " 8to24_opts:str set the -8to24 opts to \"str\".\n" " visual:vis set -visual to \"vis\"\n" " scale:frac set -scale to \"frac\"\n" " scale_cursor:f set -scale_cursor to \"f\"\n" " viewonly enable -viewonly mode.\n" /* access view,share,forever */ " noviewonly disable -viewonly mode.\n" " shared enable -shared mode.\n" " noshared disable -shared mode.\n" " forever enable -forever mode.\n" " noforever disable -forever mode.\n" " timeout:n reset -timeout to n, if there are\n" " currently no clients, exit unless one\n" " connects in the next n secs.\n" " filexfer enable filetransfer for new clients.\n" " nofilexfer disable filetransfer for new clients.\n" /* access */ " http enable http client connections.\n" " nohttp disable http client connections.\n" " deny deny any new connections, same as \"lock\"\n" " nodeny allow new connections, same as \"unlock\"\n" /* access, filename */ " connect:host do reverse connection to host, \"host\"\n" " may be a comma separated list of hosts\n" " or host:ports. See -connect. Passwords\n" " required as with fwd connections.\n" " See X11VNC_REVERSE_CONNECTION_NO_AUTH=1\n" " disconnect:host disconnect any clients from \"host\"\n" " same as \"close:host\". Use host\n" " \"all\" to close all current clients.\n" " If you know the client internal hex ID,\n" " e.g. 0x3 (returned by \"-query clients\"\n" " and RFB_CLIENT_ID) you can use that too.\n" /* access */ " allowonce:host For the next connection only, allow\n" " connection from \"host\".\n" /* access */ " allow:hostlist set -allow list to (comma separated)\n" " \"hostlist\". See -allow and -localhost.\n" " Do not use with -allow /path/to/file\n" " Use \"+host\" to add a single host, and\n" " use \"-host\" to delete a single host\n" " localhost enable -localhost mode\n" " nolocalhost disable -localhost mode\n" " listen:str set -listen to str, empty to disable.\n" " nolookup enable -nolookup mode.\n" " lookup disable -nolookup mode.\n" " input:str set -input to \"str\", empty to disable.\n" " client_input:str set the K, M, B -input on a per-client\n" " basis. select which client as for\n" " disconnect, e.g. client_input:host:MB\n" " or client_input:0x2:K\n" /* ext. cmd. */ " accept:cmd set -accept \"cmd\" (empty to disable).\n" " afteraccept:cmd set -afteraccept (empty to disable).\n" " gone:cmd set -gone \"cmd\" (empty to disable).\n" " noshm enable -noshm mode.\n" " shm disable -noshm mode (i.e. use shm).\n" " flipbyteorder enable -flipbyteorder mode, you may need\n" " to set noshm for this to do something.\n" " noflipbyteorder disable -flipbyteorder mode.\n" " onetile enable -onetile mode. (you may need to\n" " set shm for this to do something)\n" " noonetile disable -onetile mode.\n" /* ext. cmd. */ " solid enable -solid mode\n" " nosolid disable -solid mode.\n" " solid_color:color set -solid color (and apply it).\n" " blackout:str set -blackout \"str\" (empty to disable).\n" " See -blackout for the form of \"str\"\n" " (basically: WxH+X+Y,...)\n" " Use \"+WxH+X+Y\" to append a single\n" " rectangle use \"-WxH+X+Y\" to delete one\n" " xinerama enable -xinerama mode. (if applicable)\n" " noxinerama disable -xinerama mode.\n" " xtrap enable -xtrap input mode(if applicable)\n" " noxtrap disable -xtrap input mode.\n" " xrandr enable -xrandr mode. (if applicable)\n" " noxrandr disable -xrandr mode.\n" " xrandr_mode:mode set the -xrandr mode to \"mode\".\n" " padgeom:WxH set -padgeom to WxH (empty to disable)\n" " If WxH is \"force\" or \"do\" the padded\n" " geometry fb is immediately applied.\n" " quiet enable -quiet mode.\n" " noquiet disable -quiet mode.\n" " modtweak enable -modtweak mode.\n" " nomodtweak enable -nomodtweak mode.\n" " xkb enable -xkb modtweak mode.\n" " noxkb disable -xkb modtweak mode.\n" " skip_keycodes:str enable -xkb -skip_keycodes \"str\".\n" " sloppy_keys enable -sloppy_keys mode.\n" " nosloppy_keys disable -sloppy_keys mode.\n" " skip_dups enable -skip_dups mode.\n" " noskip_dups disable -skip_dups mode.\n" " add_keysyms enable -add_keysyms mode.\n" " noadd_keysyms stop adding keysyms. those added will\n" " still be removed at exit.\n" " clear_mods enable -clear_mods mode and clear them.\n" " noclear_mods disable -clear_mods mode.\n" " clear_keys enable -clear_keys mode and clear them.\n" " noclear_keys disable -clear_keys mode.\n" /* filename */ " remap:str set -remap \"str\" (empty to disable).\n" " See -remap for the form of \"str\"\n" " (basically: key1-key2,key3-key4,...)\n" " Use \"+key1-key2\" to append a single\n" " keymapping, use \"-key1-key2\" to delete.\n" " norepeat enable -norepeat mode.\n" " repeat disable -norepeat mode.\n" " nofb enable -nofb mode.\n" " fb disable -nofb mode.\n" " bell enable bell (if supported).\n" " nobell disable bell.\n" " nosel enable -nosel mode.\n" " sel disable -nosel mode.\n" " noprimary enable -noprimary mode.\n" " primary disable -noprimary mode.\n" " nosetprimary enable -nosetprimary mode.\n" " setprimary disable -nosetprimary mode.\n" " noclipboard enable -noclipboard mode.\n" " clipboard disable -noclipboard mode.\n" " nosetclipboard enable -nosetclipboard mode.\n" " setclipboard disable -nosetclipboard mode.\n" " seldir:str set -seldir to \"str\"\n" " cursor:mode enable -cursor \"mode\".\n" " show_cursor enable showing a cursor.\n" " noshow_cursor disable showing a cursor. (same as\n" " \"nocursor\")\n" " arrow:n set -arrow to alternate n.\n" " xfixes enable xfixes cursor shape mode.\n" " noxfixes disable xfixes cursor shape mode.\n" " alphacut:n set -alphacut to n.\n" " alphafrac:f set -alphafrac to f.\n" " alpharemove enable -alpharemove mode.\n" " noalpharemove disable -alpharemove mode.\n" " alphablend disable -noalphablend mode.\n" " noalphablend enable -noalphablend mode.\n" " cursorshape disable -nocursorshape mode.\n" " nocursorshape enable -nocursorshape mode.\n" " cursorpos disable -nocursorpos mode.\n" " nocursorpos enable -nocursorpos mode.\n" " xwarp enable -xwarppointer mode.\n" " noxwarp disable -xwarppointer mode.\n" " buttonmap:str set -buttonmap \"str\", empty to disable\n" " dragging disable -nodragging mode.\n" " nodragging enable -nodragging mode.\n" " wireframe enable -wireframe mode. same as \"wf\"\n" " nowireframe disable -wireframe mode. same as \"nowf\"\n" " wireframe:str enable -wireframe mode string.\n" " wireframe_mode:str enable -wireframe mode string.\n" " wirecopyrect:str set -wirecopyrect string. same as \"wcr:\"\n" " scrollcopyrect:str set -scrollcopyrect string. same \"scr\"\n" " noscrollcopyrect disable -scrollcopyrect mode. \"noscr\"\n" " scr_area:n set -scr_area to n\n" " scr_skip:list set -scr_skip to \"list\"\n" " scr_inc:list set -scr_inc to \"list\"\n" " scr_keys:list set -scr_keys to \"list\"\n" " scr_term:list set -scr_term to \"list\"\n" " scr_keyrepeat:str set -scr_keyrepeat to \"str\"\n" " scr_parms:str set -scr_parms parameters.\n" " fixscreen:str set -fixscreen to \"str\".\n" " noxrecord disable all use of RECORD extension.\n" " xrecord enable use of RECORD extension.\n" " reset_record reset RECORD extension (if avail.)\n" " pointer_mode:n set -pointer_mode to n. same as \"pm\"\n" " input_skip:n set -input_skip to n.\n" " speeds:str set -speeds to str.\n" " wmdt:str set -wmdt to str.\n" " debug_pointer enable -debug_pointer, same as \"dp\"\n" " nodebug_pointer disable -debug_pointer, same as \"nodp\"\n" " debug_keyboard enable -debug_keyboard, same as \"dk\"\n" " nodebug_keyboard disable -debug_keyboard, same as \"nodk\"\n" " defer:n set -defer to n ms,same as deferupdate:n\n" " wait:n set -wait to n ms.\n" " wait_ui:f set -wait_ui factor to f.\n" " wait_bog disable -nowait_bog mode.\n" " nowait_bog enable -nowait_bog mode.\n" " slow_fb:f set -slow_fb to f seconds.\n" " readtimeout:n set read timeout to n seconds.\n" " nap enable -nap mode.\n" " nonap disable -nap mode.\n" " sb:n set -sb to n s, same as screen_blank:n\n" " fbpm disable -nofbpm mode.\n" " nofbpm enable -nofbpm mode.\n" " xdamage enable xdamage polling hints.\n" " noxdamage disable xdamage polling hints.\n" " xd_area:A set -xd_area max pixel area to \"A\"\n" " xd_mem:f set -xd_mem remembrance to \"f\"\n" " fs:frac set -fs fraction to \"frac\", e.g. 0.5\n" " gaps:n set -gaps to n.\n" " grow:n set -grow to n.\n" " fuzz:n set -fuzz to n.\n" " snapfb enable -snapfb mode.\n" " nosnapfb disable -snapfb mode.\n" " rawfb:str set -rawfb mode to \"str\".\n" " progressive:n set libvncserver -progressive slice\n" " height parameter to n.\n" " desktop:str set -desktop name to str for new clients.\n" " rfbport:n set -rfbport to n.\n" /* access */ " httpport:n set -httpport to n.\n" " httpdir:dir set -httpdir to dir (and enable http).\n" " enablehttpproxy enable -enablehttpproxy mode.\n" " noenablehttpproxy disable -enablehttpproxy mode.\n" " alwaysshared enable -alwaysshared mode.\n" " noalwaysshared disable -alwaysshared mode.\n" " (may interfere with other options)\n" " nevershared enable -nevershared mode.\n" " nonevershared disable -nevershared mode.\n" " (may interfere with other options)\n" " dontdisconnect enable -dontdisconnect mode.\n" " nodontdisconnect disable -dontdisconnect mode.\n" " (may interfere with other options)\n" " debug_xevents enable debugging X events.\n" " nodebug_xevents disable debugging X events.\n" " debug_xdamage enable debugging X DAMAGE mechanism.\n" " nodebug_xdamage disable debugging X DAMAGE mechanism.\n" " debug_wireframe enable debugging wireframe mechanism.\n" " nodebug_wireframe disable debugging wireframe mechanism.\n" " debug_scroll enable debugging scrollcopy mechanism.\n" " nodebug_scroll disable debugging scrollcopy mechanism.\n" " debug_tiles enable -debug_tiles\n" " nodebug_tiles disable -debug_tiles\n" " debug_grabs enable -debug_grabs\n" " nodebug_grabs disable -debug_grabs\n" " debug_sel enable -debug_sel\n" " nodebug_sel disable -debug_sel\n" " dbg enable -dbg crash shell\n" " nodbg disable -dbg crash shell\n" "\n" " noremote disable the -remote command processing,\n" " it cannot be turned back on.\n" "\n" " The vncconnect(1) command from standard VNC\n" " distributions may also be used if string is prefixed\n" " with \"cmd=\" E.g. 'vncconnect cmd=stop'. Under some\n" " circumstances xprop(1) can used if it supports -set\n" " (see the FAQ).\n" "\n" " If \"-connect /path/to/file\" has been supplied to the\n" " running x11vnc server then that file can be used as a\n" " communication channel (this is the only way to remote\n" " control one of many x11vnc's polling the same X display)\n" " Simply run: 'x11vnc -connect /path/to/file -remote ...'\n" " or you can directly write to the file via something\n" " like: \"echo cmd=stop > /path/to/file\", etc.\n" "\n" "-query variable Like -remote, except just query the value of\n" " \"variable\". \"-Q\" is an alias for \"-query\".\n" " Multiple queries can be done by separating variables\n" " by commas, e.g. -query var1,var2. The results come\n" " back in the form ans=var1:value1,ans=var2:value2,...\n" " to the standard output. If a variable is read-only,\n" " it comes back with prefix \"aro=\" instead of \"ans=\".\n" "\n" " Some -remote commands are pure actions that do not make\n" " sense as variables, e.g. \"stop\" or \"disconnect\", in\n" " these cases the value returned is \"N/A\". To direct a\n" " query straight to the X11VNC_REMOTE property or connect\n" " file use \"qry=...\" instead of \"cmd=...\"\n" "\n" " Here is the current list of \"variables\" that can\n" " be supplied to the -query command. This includes the\n" " \"N/A\" ones that return no useful info. For variables\n" " names that do not correspond to an x11vnc option or\n" " remote command, we hope the name makes it obvious what\n" " the returned value corresponds to (hint: the ext_*\n" " variables correspond to the presence of X extensions):\n" "\n" " ans= stop quit exit shutdown ping blacken zero\n" " refresh reset close disconnect id sid waitmapped\n" " nowaitmapped clip flashcmap noflashcmap shiftcmap\n" " truecolor notruecolor overlay nooverlay overlay_cursor\n" " overlay_yescursor nooverlay_nocursor nooverlay_cursor\n" " nooverlay_yescursor overlay_nocursor 8to24 no8to24\n" " 8to24_opts visual scale scale_cursor viewonly noviewonly\n" " shared noshared forever noforever once timeout filexfer\n" " nofilexfer deny lock nodeny unlock connect allowonce\n" " allow localhost nolocalhost listen lookup nolookup\n" " accept afteraccept gone shm noshm flipbyteorder\n" " noflipbyteorder onetile noonetile solid_color\n" " solid nosolid blackout xinerama noxinerama xtrap\n" " noxtrap xrandr noxrandr xrandr_mode padgeom quiet q\n" " noquiet modtweak nomodtweak xkb noxkb skip_keycodes\n" " sloppy_keys nosloppy_keys skip_dups noskip_dups\n" " add_keysyms noadd_keysyms clear_mods noclear_mods\n" " clear_keys noclear_keys remap repeat norepeat fb nofb\n" " bell nobell sel nosel primary noprimary setprimary\n" " nosetprimary clipboard noclipboard setclipboard\n" " nosetclipboard seldir cursorshape nocursorshape\n" " cursorpos nocursorpos cursor show_cursor noshow_cursor\n" " nocursor arrow xfixes noxfixes xdamage noxdamage\n" " xd_area xd_mem alphacut alphafrac alpharemove\n" " noalpharemove alphablend noalphablend xwarppointer\n" " xwarp noxwarppointer noxwarp buttonmap dragging\n" " nodragging wireframe_mode wireframe wf nowireframe\n" " nowf wirecopyrect wcr nowirecopyrect nowcr scr_area\n" " scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n" " scr_parms scrollcopyrect scr noscrollcopyrect noscr\n" " fixscreen noxrecord xrecord reset_record pointer_mode\n" " pm input_skip input client_input speeds wmdt\n" " debug_pointer dp nodebug_pointer nodp debug_keyboard\n" " dk nodebug_keyboard nodk deferupdate defer wait_ui\n" " wait_bog nowait_bog slow_fb wait readtimeout nap nonap\n" " sb screen_blank fbpm nofbpm fs gaps grow fuzz snapfb\n" " nosnapfb rawfb progressive rfbport http nohttp httpport\n" " httpdir enablehttpproxy noenablehttpproxy alwaysshared\n" " noalwaysshared nevershared noalwaysshared dontdisconnect\n" " nodontdisconnect desktop debug_xevents nodebug_xevents\n" " debug_xevents debug_xdamage nodebug_xdamage\n" " debug_xdamage debug_wireframe nodebug_wireframe\n" " debug_wireframe debug_scroll nodebug_scroll debug_scroll\n" " debug_tiles dbt nodebug_tiles nodbt debug_tiles\n" " debug_grabs nodebug_grabs debug_sel nodebug_sel dbg\n" " nodbg noremote\n" "\n" " aro= noop display vncdisplay desktopname guess_desktop\n" " http_url auth xauth users rootshift clipshift\n" " scale_str scaled_x scaled_y scale_numer scale_denom\n" " scale_fac scaling_blend scaling_nomult4 scaling_pad\n" " scaling_interpolate inetd privremote unsafe safer nocmds\n" " passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem\n" " sslverify stunnel stunnel_pem https usepw using_shm\n" " logfile o flag rc norc h help V version lastmod bg\n" " sigpipe threads readrate netrate netlatency pipeinput\n" " clients client_count pid ext_xtest ext_xtrap ext_xrecord\n" " ext_xkb ext_xshm ext_xinerama ext_overlay ext_xfixes\n" " ext_xdamage ext_xrandr rootwin num_buttons button_mask\n" " mouse_x mouse_y bpp depth indexed_color dpy_x dpy_y\n" " wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y\n" " rfbauth passwd viewpasswd\n" "\n" "-QD variable Just like -query variable, but returns the default\n" " value for that parameter (no running x11vnc server\n" " is consulted)\n" "\n" "-sync By default -remote commands are run asynchronously, that\n" " is, the request is posted and the program immediately\n" " exits. Use -sync to have the program wait for an\n" " acknowledgement from the x11vnc server that command was\n" " processed (somehow). On the other hand -query requests\n" " are always processed synchronously because they have\n" " to wait for the answer.\n" "\n" " Also note that if both -remote and -query requests are\n" " supplied on the command line, the -remote is processed\n" " first (synchronously: no need for -sync), and then\n" " the -query request is processed in the normal way.\n" " This allows for a reliable way to see if the -remote\n" " command was processed by querying for any new settings.\n" " Note however that there is timeout of a few seconds so\n" " if the x11vnc takes longer than that to process the\n" " requests the requestor will think that a failure has\n" " taken place.\n" "\n" "-noremote Do not process any remote control commands or queries.\n" "-yesremote Do process remote control commands or queries.\n" " Default: %s\n" "\n" " A note about security wrt remote control commands.\n" " If someone can connect to the X display and change\n" " the property X11VNC_REMOTE, then they can remotely\n" " control x11vnc. Normally access to the X display is\n" " protected. Note that if they can modify X11VNC_REMOTE\n" " on the X server, they have enough permissions to also\n" " run their own x11vnc and thus have complete control\n" " of the desktop. If the \"-connect /path/to/file\"\n" " channel is being used, obviously anyone who can write\n" " to /path/to/file can remotely control x11vnc. So be\n" " sure to protect the X display and that file's write\n" " permissions. See -privremote below.\n" "\n" " If you are paranoid and do not think -noremote is\n" " enough, to disable the X11VNC_REMOTE property channel\n" " completely use -novncconnect, or use the -safer option\n" " that shuts many things off.\n" "\n" "-unsafe A few remote commands are disabled by default\n" " (currently: id:pick, accept:, gone:, and\n" " rawfb:setup:) because they are associated with\n" " running external programs. If you specify -unsafe, then\n" " these remote-control commands are allowed. Note that\n" " you can still specify these parameters on the command\n" " line, they just cannot be invoked via remote-control.\n" "-safer Equivalent to: -novncconnect -noremote and prohibiting\n" " -gui and the -connect file. Shuts off communcation\n" " channels.\n" "-privremote Perform some sanity checks and disable remote-control\n" " commands if it appears that the X DISPLAY and/or\n" " connectfile can be accessed by other users. Once\n" " remote-control is disabled it cannot be turned back on.\n" "-nocmds No external commands (e.g. system(3), popen(3), exec(3))\n" " will be run.\n" "\n" "-deny_all For use with -remote nodeny: start out denying all\n" " incoming clients until \"-remote nodeny\" is used to\n" " let them in.\n" "%s\n" "\n" "These options are passed to libvncserver:\n" "\n" ; /* have both our help and rfbUsage to stdout for more(1), etc. */ dup2(1, 2); /* register extension(s) to get their help output */ #ifdef LIBVNCSERVER_WITH_TIGHTVNC_FILETRANSFER rfbRegisterTightVNCFileTransferExtension(); #endif if (mode == 1) { char *p; int l = 0; fprintf(stderr, "x11vnc: allow VNC connections to real " "X11 displays. %s\n\nx11vnc options:\n", lastmod); p = strtok(help, "\n"); while (p) { int w = 23; char tmp[100]; if (p[0] == '-') { strncpy(tmp, p, w); fprintf(stderr, " %s", tmp); l++; if (l % 3 == 0) { fprintf(stderr, "\n"); } } p = strtok(NULL, "\n"); } fprintf(stderr, "\n\nlibvncserver options:\n"); rfbUsage(); fprintf(stderr, "\n"); exit(1); } fprintf(stderr, help, lastmod, POLL_8TO24_DELAY, scaling_copyrect ? ":cr":":nocr", view_only ? "on":"off", shared ? "on":"off", vnc_connect ? "-vncconnect":"-novncconnect", xinerama ? "-xinerama":"-noxinerama", use_modifier_tweak ? "-modtweak":"-nomodtweak", skip_duplicate_key_events ? "-skip_dups":"-noskip_dups", add_keysyms ? "-add_keysyms":"-noadd_keysyms", no_autorepeat ? "-norepeat":"-repeat", alt_arrow_max, alt_arrow, alpha_threshold, alpha_frac, cursor_pos_updates ? "-cursorpos":"-nocursorpos", wireframe ? "-wireframe":"-nowireframe", WIREFRAME_PARMS, wireframe_copyrect_default, scroll_copyrect_default, scrollcopyrect_min_area, scroll_skip_str0 ? scroll_skip_str0 : "(empty)", scroll_term_str0, max_keyrepeat_str0, SCROLL_COPYRECT_PARMS, pointer_mode_max, pointer_mode, ui_skip, defer_update, waitms, wait_ui, rfbMaxClientWait/1000, take_naps ? "take naps":"no naps", screen_blank, watch_fbpm ? "-nofbpm":"-fbpm", xdamage_max_area, NSCAN, xdamage_memory, use_threads ? "-threads":"-nothreads", fs_frac, gaps_fill, grow_fill, tile_fuzz, accept_remote_cmds ? "-yesremote":"-noremote", "" ); rfbUsage(); #endif exit(1); } void xopen_display_fail_message(char *disp) { fprintf(stderr, "\n"); fprintf(stderr, "*** x11vnc was unable to open the X DISPLAY: \"%s\"," " it cannot continue.\n", disp); fprintf(stderr, "*** There may be \"Xlib:\" error messages above" " with details about the failure.\n"); fprintf(stderr, "\n"); fprintf(stderr, "Some tips and guidelines:\n"); fprintf(stderr, "\n"); fprintf(stderr, " * An X server (the one you wish to view) must" " be running before x11vnc is\n"); fprintf(stderr, " started: x11vnc does not start the X server.\n"); fprintf(stderr, "\n"); fprintf(stderr, " * You must use -display , -OR- set and" " export your DISPLAY\n"); fprintf(stderr, " environment variable to refer to the display of" " the desired X server.\n"); fprintf(stderr, " - Usually the display is simply \":0\" (in fact" " x11vnc uses this if you forget\n"); fprintf(stderr, " to specify it), but in some multi-user" " situations it could be \":1\", \":2\",\n"); fprintf(stderr, " or even \":137\". Ask your administrator" " or a guru if you are having\n"); fprintf(stderr, " difficulty determining what your X DISPLAY is.\n"); fprintf(stderr, "\n"); fprintf(stderr, " * Next, you need to have sufficient permissions" " (Xauthority) \n"); fprintf(stderr, " to connect to the X DISPLAY. Here are some" " Tips:\n"); fprintf(stderr, "\n"); fprintf(stderr, " - Often, you just need to run x11vnc as the user" " logged into the X session.\n"); fprintf(stderr, " So make sure to be that user when you type" " x11vnc.\n"); fprintf(stderr, " - Being root is usually not enough because the" " incorrect MIT-MAGIC-COOKIE\n"); fprintf(stderr, " file will be accessed. The cookie file contains" " the secret key that\n"); fprintf(stderr, " allows x11vnc to connect to the desired" " X DISPLAY.\n"); fprintf(stderr, " - You can explicity indicate which MIT-MAGIC-COOKIE" " file should be used\n"); fprintf(stderr, " by the -auth option, e.g.:\n"); fprintf(stderr, " x11vnc -auth /home/someuser/.Xauthority" " -display :0\n"); fprintf(stderr, " you must have read permission for that file.\n"); fprintf(stderr, "\n"); fprintf(stderr, " - If NO ONE is logged into an X session yet, but" " there is a greeter login\n"); fprintf(stderr, " program like \"gdm\", \"kdm\", \"xdm\", or" " \"dtlogin\" running, you will need\n"); fprintf(stderr, " to find and use the raw display manager" " MIT-MAGIC-COOKIE file.\n"); fprintf(stderr, " Some examples for various display managers:\n"); fprintf(stderr, "\n"); fprintf(stderr, " gdm: -auth /var/gdm/:0.Xauth\n"); fprintf(stderr, " kdm: -auth /var/lib/kdm/A:0-crWk72\n"); fprintf(stderr, " xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk\n"); fprintf(stderr, " dtlogin: -auth /var/dt/A:0-UgaaXa\n"); fprintf(stderr, "\n"); fprintf(stderr, " Only root will have read permission for the" " file, and so x11vnc must be run\n"); fprintf(stderr, " as root. The random characters in the filenames" " will of course change,\n"); fprintf(stderr, " and the directory the cookie file resides in may" " also be system dependent.\n"); fprintf(stderr, " Sometimes the command \"ps wwaux | grep auth\"" " can reveal the file location.\n"); fprintf(stderr, "\n"); fprintf(stderr, "See also: http://www.karlrunge.com/x11vnc/#faq\n"); } void nopassword_warning_msg(int gotloc) { char str1[] = "###############################################################\n" "#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#\n" "#@ @#\n" "#@ ** WARNING ** WARNING ** WARNING ** WARNING ** @#\n" "#@ @#\n" "#@ YOU ARE RUNNING X11VNC WITHOUT A PASSWORD!! @#\n" "#@ @#\n" "#@ This means anyone with network access to this computer @#\n" "#@ will be able to easily view and control your desktop. @#\n" "#@ @#\n" "#@ >>> If you did not mean to do this Press CTRL-C now!! <<< @#\n" "#@ @#\n" "#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#\n" ; char str2[] = "#@ @#\n" "#@ You can create an x11vnc password file by running: @#\n" "#@ @#\n" "#@ x11vnc -storepasswd password /path/to/passfile @#\n" "#@ @#\n" "#@ and then starting x11vnc via: @#\n" "#@ @#\n" "#@ x11vnc -rfbauth /path/to/passfile @#\n" "#@ @#\n" "#@ an existing ~/.vnc/passwd file will work too. @#\n" "#@ @#\n" "#@ Running \"x11vnc -storepasswd\" with no arguments @#\n" "#@ will prompt for a passwd to store in ~/.vnc/passwd. @#\n" "#@ @#\n" "#@ You can also use the -passwdfile or -passwd options. @#\n" "#@ (note -passwd is unsafe if local users are not trusted) @#\n" "#@ @#\n" "#@ Make sure any -rfbauth and -passwdfile password files @#\n" "#@ cannot be read by untrusted users. @#\n" "#@ @#\n" "#@ Use x11vnc -usepw to automatically use your @#\n" "#@ ~/.vnc/passwd or ~/.vnc/passwdfile password files. @#\n" "#@ (and prompt you to create ~/.vnc/passwd if neither @#\n" "#@ file exists.) @#\n" "#@ @#\n" "#@ @#\n" "#@ Even with a password, the subsequent VNC traffic is @#\n" "#@ sent in the clear. Consider tunnelling via ssh(1): @#\n" "#@ @#\n" "#@ http://www.karlrunge.com/x11vnc/#tunnelling @#\n" "#@ @#\n" "#@ Or using the x11vnc SSL options: -ssl and -stunnel @#\n" "#@ @#\n" "#@ Please Read the documention for more info about @#\n" "#@ passwords, security, and encryption. @#\n" "#@ @#\n" "#@ http://www.karlrunge.com/x11vnc/#faq-passwd @#\n" ; char str3[] = "#@ @#\n" "#@ You are using the -localhost option and that is a good @#\n" "#@ thing!! Especially if you ssh(1) into this machine and @#\n" "#@ use port redirection. Nevertheless, without a password @#\n" "#@ other users could possibly do redirection as well to @#\n" "#@ gain access to your desktop. @#\n" ; char str4[] = "#@ @#\n" "#@ To disable this warning use the -nopw option, or put @#\n" "#@ the setting in your ~/.x11vncrc file. @#\n" "#@ @#\n" "#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#\n" "###############################################################\n" ; char str5[] = "###############################################################\n\n" ; if (inetd) { return; } fprintf(stderr, "%s", str1); fflush(stderr); #if !PASSWD_REQUIRED usleep(2500 * 1000); #endif if (!quiet) { fprintf(stderr, "%s", str2); if (gotloc) { fprintf(stderr, "%s", str3); } fprintf(stderr, "%s", str4); } else { fprintf(stderr, "%s", str5); } fflush(stderr); #if !PASSWD_REQUIRED usleep(500 * 1000); #endif }