reverse connections for ss_vncviewer. java one-time-keys.

author: runge <runge> 2007-03-24 23:30:43 +0000
committer: runge <runge> 2007-03-24 23:30:43 +0000
commit: c5055013c0efd6a9fc7b3b97e76fa4722631db18 (patch)
tree: 42f49df776c051600420e18a43af0806e03ea3b0
parent: 61c56222b3becbbc8f0bafef7602baae9f8fd7d9 (diff)
download: libtdevnc-c5055013c0efd6a9fc7b3b97e76fa4722631db18.tar.gz
libtdevnc-c5055013c0efd6a9fc7b3b97e76fa4722631db18.zip
4 files changed, 385 insertions, 41 deletions
diff --git a/classes/ssl/SignedVncViewer.jar b/classes/ssl/SignedVncViewer.jar
index 5c77ae9..38cb51b 100644
--- a/classes/ssl/SignedVncViewer.jar
+++ b/classes/ssl/SignedVncViewer.jar
diff --git a/classes/ssl/VncViewer.jar b/classes/ssl/VncViewer.jar
index 23e4259..fb3da29 100644
--- a/classes/ssl/VncViewer.jar
+++ b/classes/ssl/VncViewer.jar
diff --git a/classes/ssl/ss_vncviewer b/classes/ssl/ss_vncviewer
index 3f8bd42..381e678 100755
--- a/classes/ssl/ss_vncviewer
+++ b/classes/ssl/ss_vncviewer
@@ -38,6 +38,9 @@
 #         (the first CONNECT is done through host1:port1 to host2:port2
 #         and then a 2nd CONNECT to the destination VNC server.)
 #
+# -showcert  Only fetch the certificate using the 'openssl s_client'
+#            command (openssl(1) must in installed).
+#
 #    See http://www.karlrunge.com/x11vnc/#faq-ssl-ca for details on SSL
 #    certificates with VNC.
 #
@@ -91,6 +94,7 @@
 #
 #         ss_vncviewer -sshssl -proxy fred@mygate.com mymachine:0
 #
+# -listen (or -reverse) set up a reverse connection.
 #
 # -alpha  turn on cursor alphablending hack if you are using the
 #         enhanced tightvnc vncviewer.
@@ -108,6 +112,8 @@ VNCVIEWERCMD=${VNCVIEWERCMD:-vncviewer}
 # Same for STUNNEL, e.g. set it to /path/to/stunnel or stunnel4, etc.
 #
 
+#set -xv 
+
 PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
 
 if [ "X$STUNNEL" = "X" ]; then
@@ -128,18 +134,27 @@ use_ssh=""
 use_sshssl=""
 direct_connect=""
 ssh_sleep=15
-ssh_cmd="sleep $ssh_sleep"
+if echo "$*" | grep '.*-listen' > /dev/null; then
+	ssh_sleep=1800
+fi
+ssh_cmd=""
 if [ "X$SS_VNCVIEWER_SSH_CMD" != "X" ]; then
 	ssh_cmd="$SS_VNCVIEWER_SSH_CMD"
 fi
 ssh_args=""
+showcert=""
+reverse=""
 
 if [ "X$1" = "X-viewerflavor" ]; then
 	if echo "$VNCVIEWERCMD" | grep -i chicken.of > /dev/null; then
 		echo "cotvnc"
 		exit 0
 	fi
-	str=`"$VNCVIEWERCMD" -h 2>&1 | head -5`
+	if echo "$VNCVIEWERCMD" | grep -i ultra > /dev/null; then
+		echo "ultravnc"
+		exit 0
+	fi
+	str=`$VNCVIEWERCMD -h 2>&1 | head -5`
 	if echo "$str" | grep -i 'TightVNC.viewer' > /dev/null; then
 		echo "tightvnc"
 	elif echo "$str" | grep -i 'RealVNC.Ltd' > /dev/null; then
@@ -173,6 +188,12 @@ do
                 ;;
 	"-alpha")	gotalpha=1
                 ;;
+	"-showcert")	showcert=1
+                ;;
+	"-listen")	reverse=1
+                ;;
+	"-reverse")	reverse=1
+                ;;
 	"-grab")	VNCVIEWER_GRAB_SERVER=1; export VNCVIEWER_GRAB_SERVER
                 ;;
 	"-h"*)	help; exit 0
@@ -185,10 +206,36 @@ do
     shift
 done
 
-if [ "X$gotalpha" != "X1" ]; then
+if [ "X$gotalpha" = "X1" ]; then
+	VNCVIEWER_ALPHABLEND=1
+	export VNCVIEWER_ALPHABLEND
+else
 	NO_ALPHABLEND=1
 	export NO_ALPHABLEND
 fi
+if [ "X$reverse" != "X" ]; then
+	ssh_sleep=1800
+	if [ "X$use_ssh" = "X1" ]; then
+		VNCVIEWER_LISTEN_LOCALHOST=1
+		export VNCVIEWER_LISTEN_LOCALHOST
+	fi
+	if [ "X$proxy" != "X" ]; then
+		if [ "X$use_ssh" = "X" -a "X$use_sshssl" = "X" ]; then
+			echo ""
+			echo "*Warning*: SSL -listen and a Web proxy does not make sense."
+			sleep 3
+		elif echo "$proxy" | grep "," > /dev/null; then
+			:
+		else
+			echo ""
+			echo "*Warning*: -listen and a single proxy/gateway does not make sense."
+			sleep 3
+		fi
+	fi
+fi
+if [ "X$ssh_cmd" = "X" ]; then
+	ssh_cmd="sleep $ssh_sleep"
+fi
 
 orig="$1"
 shift
@@ -207,13 +254,17 @@ if echo "$orig" | grep '^vnc://' > /dev/null; then
 	use_ssh=""
 	use_sshssl=""
 	direct_connect=1
+elif echo "$orig" | grep '^vncs://' > /dev/null; then
+	orig=`echo "$orig" | sed -e 's,vncs://,,'`
 fi
 
 # play around with host:display port:
 if echo "$orig" | grep ':' > /dev/null; then
 	:
 else
-	orig="$orig:0"
+	if [ "X$reverse" = "X" ]; then
+		orig="$orig:0"
+	fi
 fi
 
 host=`echo "$orig" | awk -F: '{print $1}'`
@@ -221,8 +272,14 @@ disp=`echo "$orig" | awk -F: '{print $2}'`
 if [ "X$host" = "X" ]; then
 	host=localhost
 fi
-if [ $disp -lt 200 ]; then
-	port=`expr $disp + 5900`
+if [ $disp -lt 0 ]; then
+	port=`expr 0 - $disp`
+elif [ $disp -lt 200 ]; then
+	if [ "X$reverse" = "X" ]; then
+		port=`expr $disp + 5900`
+	else
+		port=`expr $disp + 5500`
+	fi
 else
 	port=$disp
 fi
@@ -263,12 +320,47 @@ findfree() {
 	echo $use0
 }
 
-use=`findfree 5930`
+final() {
+	echo ""
+	if [ "X$SS_VNCVIEWER_RM" != "X" ]; then
+		rm -f $SS_VNCVIEWER_RM 2>/dev/null
+	fi
+	if [ "X$tcert" != "X" ]; then
+		rm -f $tcert
+	fi
+	if [ "X$pssh" != "X" ]; then
+		echo "Terminating background ssh process"
+		echo kill -TERM "$pssh"
+		kill -TERM "$pssh" 2>/dev/null
+		sleep 1
+		kill -KILL "$pssh" 2>/dev/null
+		pssh=""
+	fi
+	if [ "X$stunnel_pid" != "X" ]; then
+		echo "Terminating background stunnel process"
+		echo kill -TERM "$stunnel_pid"
+		kill -TERM "$stunnel_pid" 2>/dev/null
+		sleep 1
+		kill -KILL "$stunnel_pid" 2>/dev/null
+		stunnel_pid=""
+	fi
+}
 
-if [ $use -ge 5900 ]; then
-	N=`expr $use - 5900`
+if [ "X$reverse" = "X" ]; then
+	use=`findfree 5930`
+	if [ $use -ge 5900 ]; then
+		N=`expr $use - 5900`
+	else
+		N=$use
+	fi
 else
-	N=$use
+	p2=`expr $port + 30`
+	use=`findfree $p2`
+	if [ $use -ge 5500 ]; then
+		N=`expr $use - 5500`
+	else
+		N=$use
+	fi
 fi
 
 if echo "$0" | grep vncip > /dev/null; then
@@ -280,6 +372,7 @@ if [ "X$use_ssh" = "X1" ]; then
 	ssh_host="$host"
 	vnc_host="localhost"
 	ssh=${SSH:-"ssh -x"}
+
 	if echo "$proxy" | grep "," > /dev/null; then
 		proxy1=`echo "$proxy" | awk -F, '{print $1}'`
 		proxy2=`echo "$proxy" | awk -F, '{print $2}'`
@@ -312,6 +405,7 @@ if [ "X$use_ssh" = "X1" ]; then
 		stty sane
 		proxy="${ssh_user2}localhost:$proxport"
 	fi
+
 	if [ "X$proxy" != "X" ]; then
 		ssh_port=`echo "$proxy" | awk -F: '{print $2}'`
 		if [ "X$ssh_port" = "X" ]; then
@@ -333,6 +427,12 @@ if [ "X$use_ssh" = "X1" ]; then
 	if [ "X$SS_VNCVIEWER_USE_C" != "X" ]; then
 		C="-C"
 	fi
+	if [ "X$reverse" = "X" ]; then
+		ssh_redir="-L ${use}:${vnc_host}:${port}"
+	else
+		ssh_redir="-R ${port}:${vnc_host}:${use}"
+	fi
+	pmark=`sh -c 'echo $$'`
 	# the -t option actually speeds up typing response via VNC!!
 	if [ "X$SS_VNCVIEWER_SSH_ONLY" != "X" ]; then
 		echo "$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host \"$info\""
@@ -340,20 +440,32 @@ if [ "X$use_ssh" = "X1" ]; then
 		$ssh -x -p $ssh_port -t $C $ssh_args $ssh_host "$ssh_cmd"
 		exit $?
 	elif [ "X$SS_VNCVIEWER_NO_F" != "X" ]; then
-		echo "$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+		echo "$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
 		echo ""
-		$ssh -x -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+		$ssh -x -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
 	else
-		echo "$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host \"$info\""
+		echo "$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host \"$info\""
 		echo ""
-		$ssh -x -f -p $ssh_port -t $C -L ${use}:${vnc_host}:${port} $ssh_args $ssh_host "$ssh_cmd"
+		$ssh -x -f -p $ssh_port -t $C $ssh_redir $ssh_args $ssh_host "$ssh_cmd"
 	fi
 	if [ "$?" != "0" ]; then
 		echo ""
 		echo "ssh to $ssh_host failed."
 		exit 1
 	fi
-	echo ""
+	stty sane
+
+	c=0
+	pssh=""
+	while [ $c -lt 30 ]
+	do
+		p=`expr $pmark + $c`
+		if ps -p "$p" 2>&1 | grep "$ssh" > /dev/null; then
+			pssh=$p
+			break
+		fi
+		c=`expr $c + 1`
+	done
 	if [ "X$ssh_cmd" = "Xsleep $ssh_sleep" ] ; then
 		sleep 1
 	else
@@ -363,11 +475,23 @@ if [ "X$use_ssh" = "X1" ]; then
 	echo ""
 	#reset
 	stty sane
+	#echo "pssh=\"$pssh\""
 	if [ "X$use_sshssl" = "X" ]; then
 		echo "Running viewer:"
-		echo "$VNCVIEWERCMD" "$@" localhost:$N
-		echo ""
-		"$VNCVIEWERCMD" "$@" localhost:$N
+
+		trap "final" 0 2 15
+		if [ "X$reverse" = "X" ]; then
+			echo "$VNCVIEWERCMD" "$@" localhost:$N
+			echo ""
+			$VNCVIEWERCMD "$@" localhost:$N
+		else
+			echo ""
+			echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+			echo ""
+			echo "$VNCVIEWERCMD" "$@" -listen $N
+			echo ""
+			$VNCVIEWERCMD "$@" -listen $N
+		fi
 
 		exit $?
 	else
@@ -571,11 +695,39 @@ if [ "X$proxy" != "X" ]; then
 	ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
 	mytmp "$ptmp"
 	pcode "$ptmp"
-	connect="exec = $ptmp"
+	if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
+		if uname | grep Darwin >/dev/null; then
+			nd=`expr $use + 333`
+			SSVNC_LISTEN=$nd
+			export SSVNC_LISTEN
+			$ptmp 2>/dev/null &
+			sleep 3
+			host="localhost"
+			port="$nd"
+			connect="connect = localhost:$nd"
+		else
+			connect="exec = $ptmp"
+		fi
+	else
+		connect="exec = $ptmp"
+	fi
 else
 	connect="connect = $host:$port"
 fi
 
+if [ "X$showcert" = "X1" ]; then
+	if [ "X$proxy" != "X" ]; then
+		SSVNC_LISTEN=$use
+		export SSVNC_LISTEN
+		$ptmp 2>/dev/null &
+		sleep 3
+		host="localhost"
+		port="$use"
+	fi
+	openssl s_client -connect $host:$port 2>&1 < /dev/null
+	exit $?
+fi
+
 if [ "X$direct_connect" != "X" ]; then
 	echo ""
 	echo "Running viewer for direct connection:"
@@ -596,21 +748,37 @@ if [ "X$direct_connect" != "X" ]; then
 		SSVNC_LISTEN=$use
 		export SSVNC_LISTEN
 		$ptmp &
-		sleep 2
+		if [ "X$reverse" = "X" ]; then
+			sleep 2
+		fi
 		host="localhost"
 		disp="$N"
 	fi
-	echo "$VNCVIEWERCMD" "$@" $host:$disp
-	echo ""
-	"$VNCVIEWERCMD" "$@" $host:$disp
+	if [ "X$reverse" = "X" ]; then
+		echo "$VNCVIEWERCMD" "$@" $host:$disp
+		trap "final" 0 2 15
+		echo ""
+		$VNCVIEWERCMD "$@" $host:$disp
+	else
+		echo ""
+		echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+		echo ""
+		echo "$VNCVIEWERCMD" "$@" -listen $N
+		trap "final" 0 2 15
+		echo ""
+		$VNCVIEWERCMD "$@" -listen $N
+	fi
 	exit $?
 fi
 
 ##debug = 7
+## debug = 6
 tmp=/tmp/ss_vncviewer${RANDOM}.$$
 mytmp "$tmp"
 
-cat > "$tmp" <<END
+if [ "X$reverse" = "X" ]; then
+
+	cat > "$tmp" <<END
 foreground = yes
 pid =
 client = yes
@@ -622,7 +790,92 @@ $cert
 [vnc_stunnel]
 accept = localhost:$use
 $connect
+
+END
+else
+
+	p2=`expr 5500 + $N`
+	connect="connect = localhost:$p2"
+	if [ "X$cert" = "X" ]; then
+		tcert="/tmp/tcert.$$"
+		cat > $tcert <<END
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
++zZpJUUXLu4zz8Ryq8Q+sQgfNy7uTOpN9bUUaOk1TnD7gaDQnQWiNHmqbW2kL+DS
+OKngJVPo9dETAS8hf7+D1e1DBZxjTc1a4RQqWJixwpYj99ixWzu8VC2m/xXsjvOs
+jp4+DLBB490nbkwvstmhmiWm1CmI5O5xOkgioVNQqHvQMdVKOSz9PpbjvZiRX1Uo
+qoMrk+2NOqwP90TB35yPASXb9zXKpO7DLhkube+yYGf+yk46aD707L07Eb7cosFP
+S84vNZ9gX7rQ0UOwm5rYA/oZTBskgaqhtIzkLwIDAQABAoIBAD4ot/sXt5kRn0Ca
+CIkU9AQWlC+v28grR2EQW9JiaZrqcoDNUzUqbCTJsi4ZkIFh2lf0TsqELbZYNW6Y
+6AjJM7al4E0UqYSKJTv2WCuuRxdiRs2BMwthqyBmjeanev7bB6V0ybt7u3Y8xU/o
+MrTuYnr4vrEjXPKdLirwk7AoDbKsRXHSIiHEIBOq1+dUQ32t36ukdnnza4wKDLZc
+PKHiCdCk/wOGhuDlxD6RspqUAlRnJ8/aEhrgWxadFXw1hRhRsf/v1shtB0T3DmTe
+Jchjwyiw9mryb9JZAcKxW+fUc4EVvj6VdQGqYInQJY5Yxm5JAlVQUJicuuJEvn6A
+rj5osQECgYEA552CaHpUiFlB4HGkjaH00kL+f0+gRF4PANCPk6X3UPDVYzKnzmuu
+yDvIdEETGFWBwoztUrOOKqVvPEQ+kBa2+DWWYaERZLtg2cI5byfDJxQ3ldzilS3J
+1S3WgCojqcsG/hlxoQJ1dZFanUy/QhUZ0B+wlC+Zp1Q8AyuGQvhHp68CgYEA0lBI
+eqq2GGCdJuNHMPFbi8Q0BnX55LW5C1hWjhuYiEkb3hOaIJuJrqvayBlhcQa2cGqp
+uP34e9UCfoeLgmoCQ0b4KpL2NGov/mL4i8bMgog4hcoYuIi3qxN18vVR14VKEh4U
+RLk0igAYPU+IK2QByaQlBo9OSaKkcfm7U1/pK4ECgYAxr6VpGk0GDvfF2Tsusv6d
+GIgV8ZP09qSLTTJvvxvF/lQYeqZq7sjI5aJD5i3de4JhpO/IXQJzfZfWOuGc8XKA
+3qYK/Y2IqXXGYRcHFGWV/Y1LFd55mCADHlk0l1WdOBOg8P5iRu/Br9PbiLpCx9oI
+vrOXpnp03eod1/luZmqguwKBgQCWFRSj9Q7ddpSvG6HCG3ro0qsNsUMTI1tZ7UBX
+SPogx4tLf1GN03D9ZUZLZVFUByZKMtPLX/Hi7K9K/A9ikaPrvsl6GEX6QYzeTGJx
+3Pw0amFrmDzr8ySewNR6/PXahxPEuhJcuI31rPufRRI3ZLah3rFNbRbBFX+klkJH
+zTnoAQKBgDbUK/aQFGduSy7WUT7LlM3UlGxJ2sA90TQh4JRQwzur0ACN5GdYZkqM
+YBts4sBJVwwJoxD9OpbvKu3uKCt41BSj0/KyoBzjT44S2io2tj1syujtlVUsyyBy
+/ca0A7WBB8lD1D7QMIhYUm2O9kYtSCLlUTHt5leqGaRG38DqlX36
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArQCCQDSzxzxqhyqLzANBgkqhkiG9w0BAQQFADCBpzELMAkGA1UEBhMC
+VVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBkJvc3RvbjETMBEG
+A1UEChMKTXkgQ29tcGFueTEcMBoGA1UECxMTUHJvZHVjdCBEZXZlbG9wbWVudDEZ
+MBcGA1UEAxMQd3d3Lm5vd2hlcmUubm9uZTEhMB8GCSqGSIb3DQEJARYSYWRtaW5A
+bm93aGVyZS5ub25lMB4XDTA3MDMyMzE4MDc0NVoXDTI2MDUyMjE4MDc0NVowgacx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQ8wDQYDVQQHEwZC
+b3N0b24xEzARBgNVBAoTCk15IENvbXBhbnkxHDAaBgNVBAsTE1Byb2R1Y3QgRGV2
+ZWxvcG1lbnQxGTAXBgNVBAMTEHd3dy5ub3doZXJlLm5vbmUxITAfBgkqhkiG9w0B
+CQEWEmFkbWluQG5vd2hlcmUubm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL5H18W9MHMYK41ds4hYpIyCPs3vIinEwbeOy9BjP3NtXn3pTfs2aSVF
+Fy7uM8/EcqvEPrEIHzcu7kzqTfW1FGjpNU5w+4Gg0J0FojR5qm1tpC/g0jip4CVT
+6PXREwEvIX+/g9XtQwWcY03NWuEUKliYscKWI/fYsVs7vFQtpv8V7I7zrI6ePgyw
+QePdJ25ML7LZoZolptQpiOTucTpIIqFTUKh70DHVSjks/T6W472YkV9VKKqDK5Pt
+jTqsD/dEwd+cjwEl2/c1yqTuwy4ZLm3vsmBn/spOOmg+9Oy9OxG+3KLBT0vOLzWf
+YF+60NFDsJua2AP6GUwbJIGqobSM5C8CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA
+vGomHEp6TVU83X2EBUgnbOhzKJ9u3fOI/Uf5L7p//Vxqow7OR1cguzh/YEzmXOIL
+ilMVnzX9nj/bvcLAuqEP7MR1A8f4+E807p/L/Sf49BiCcwQq5I966sGKYXjkve+T
+2GTBNwMSq+5kLSf6QY8VZI+qnrAudEQMeJByQhTZZ0dH8Njeq8EGl9KUio+VWaiW
+CQK6xJuAvAHqa06OjLmwu1fYD4GLGSrOIiRVkSXV8qLIUmzxdJaIRznkFWsrCEKR
+wAH966SAOvd2s6yOHMvyDRIL7WHxfESB6rDHsdIW/yny1fBePjv473KrxyXtbz7I
+dMw1yW09l+eEo4A7GzwOdw==
+-----END CERTIFICATE-----
 END
+		chmod 600 $tcert
+		cert="cert = $tcert"
+	fi
+
+	STUNNEL_EXTRA_OPTS=`echo "$STUNNEL_EXTRA_OPTS" | sed -e 's/maxconn/#maxconn/'`
+
+	hloc=""
+	if [ "X$use_ssh" = "X1" ]; then
+		hloc="localhost:"
+	fi
+	cat > "$tmp" <<END
+foreground = yes
+pid =
+client = no
+debug = 6
+$STUNNEL_EXTRA_OPTS
+$verify
+$cert
+
+[vnc_stunnel]
+accept = $hloc$port
+$connect
+
+END
+
+fi
 
 echo ""
 echo "Using this stunnel configuration:"
@@ -632,25 +885,39 @@ echo ""
 sleep 1
 
 echo ""
-echo "Running: stunnel"
+echo "Running stunnel:"
 echo "$STUNNEL $tmp"
 $STUNNEL "$tmp" < /dev/tty > /dev/tty &
-pid=$!
+stunnel_pid=$!
 echo ""
 
 # pause here to let the user supply a possible passphrase for the
 # mycert key:
 if [ "X$mycert" != "X" ]; then
-	sleep 4
+	sleep 2
+	echo ""
+	echo "(pausing for possible certificate passphrase dialog)"
+	echo ""
+	sleep 2
 fi
 sleep 2
 rm -f "$tmp"
 
 echo ""
 echo "Running viewer:"
-echo "$VNCVIEWERCMD" "$@" localhost:$N
-echo ""
-"$VNCVIEWERCMD" "$@" localhost:$N
+if [ "X$reverse" = "X" ]; then
+	echo "$VNCVIEWERCMD" "$@" localhost:$N
+	trap "final" 0 2 15
+	echo ""
+	$VNCVIEWERCMD "$@" localhost:$N
+else
+	echo ""
+	echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
+	echo ""
+	echo "$VNCVIEWERCMD" "$@" -listen $N
+	trap "final" 0 2 15
+	echo ""
+	$VNCVIEWERCMD "$@" -listen $N
+fi
 
-kill $pid
 sleep 1
diff --git a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
index 8111b88..bd26a47 100644
--- a/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
+++ b/classes/ssl/tightvnc-1.3dev7_javasrc-vncviewer-ssl.patch
@@ -73,8 +73,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/RfbProto.java vnc_javasrc/RfbProto
      serverMajor = (b[4] - '0') * 100 + (b[5] - '0') * 10 + (b[6] - '0');
 diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSLSocketToMe.java
 --- vnc_javasrc.orig/SSLSocketToMe.java	1969-12-31 19:00:00.000000000 -0500
-+++ vnc_javasrc/SSLSocketToMe.java	2006-09-23 18:35:25.000000000 -0400
-@@ -0,0 +1,1301 @@
++++ vnc_javasrc/SSLSocketToMe.java	2007-02-21 23:27:10.000000000 -0500
+@@ -0,0 +1,1366 @@
 +/*
 + * SSLSocketToMe.java: add SSL encryption to Java VNC Viewer.
 + *
@@ -100,9 +100,14 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +import java.net.*;
 +import java.io.*;
 +import javax.net.ssl.*;
-+import java.security.cert.*;
 +import java.util.*;
 +
++import java.security.*;
++import java.security.cert.*;
++import java.security.spec.*;
++import java.security.cert.Certificate;
++import java.security.cert.CertificateFactory;
++
 +import java.awt.*;
 +import java.awt.event.*;
 +
@@ -149,6 +154,25 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +	java.security.cert.Certificate[] trustallCerts = null;
 +	java.security.cert.Certificate[] trusturlCerts = null;
 +
++	byte[] hex2bytes(String s) {
++		byte[] bytes = new byte[s.length()/2];
++		for (int i=0; i<s.length()/2; i++) {
++			int j = 2*i;
++			try {
++				int val = Integer.parseInt(s.substring(j, j+2), 16);
++				if (val > 127) {
++					val -= 256;
++				}
++				Integer I = new Integer(val);
++				bytes[i] = Byte.decode(I.toString()).byteValue();
++				
++			} catch (Exception e) {
++				;
++			}
++		}
++		return bytes;
++	}
++
 +	SSLSocketToMe(String h, int p, VncViewer v) throws Exception {
 +		host = h;
 +		port = p;
@@ -338,10 +362,48 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +		 * 2) to subsequently connect to the server if user agrees.
 +		 */
 +
++		KeyManager[] mykey = null;
++
++		if (viewer.oneTimeKey != null && viewer.oneTimeKey.indexOf(",") > 0) {
++			int idx = viewer.oneTimeKey.indexOf(",");
++
++			String onetimekey = viewer.oneTimeKey.substring(0, idx);
++			byte[] key = hex2bytes(onetimekey);
++			String onetimecert = viewer.oneTimeKey.substring(idx+1);
++			byte[] cert = hex2bytes(onetimecert);
++
++			KeyFactory kf = KeyFactory.getInstance("RSA");
++			PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
++			PrivateKey ff = kf.generatePrivate (keysp);
++			dbg("ff " + ff);
++			String cert_str = new String(cert);
++
++			CertificateFactory cf = CertificateFactory.getInstance("X.509");
++			Collection c = cf.generateCertificates(new ByteArrayInputStream(cert));
++			Certificate[] certs = new Certificate[c.toArray().length];
++			if (c.size() == 1) {
++				Certificate tmpcert = cf.generateCertificate(new ByteArrayInputStream(cert));
++				dbg("tmpcert" + tmpcert);
++				certs[0] = tmpcert;
++			} else {
++				certs = (Certificate[]) c.toArray();
++			}
++
++			KeyStore ks = KeyStore.getInstance("JKS");
++			ks.load(null, null);
++			ks.setKeyEntry("onetimekey", ff, "".toCharArray(), certs);
++			String da = KeyManagerFactory.getDefaultAlgorithm();
++			KeyManagerFactory kmf = KeyManagerFactory.getInstance(da);
++			kmf.init(ks, "".toCharArray());
++
++			mykey = kmf.getKeyManagers();
++		}
++
++
 +		/* trust loc certs: */
 +		try {
 +			trustloc_ctx = SSLContext.getInstance("SSL");
-+			trustloc_ctx.init(null, null, new
++			trustloc_ctx.init(mykey, null, new
 +			    java.security.SecureRandom());
 +
 +		} catch (Exception e) {
@@ -353,7 +415,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +		/* trust all certs: */
 +		try {
 +			trustall_ctx = SSLContext.getInstance("SSL");
-+			trustall_ctx.init(null, trustAllCerts, new
++			trustall_ctx.init(mykey, trustAllCerts, new
 +			    java.security.SecureRandom());
 +
 +		} catch (Exception e) {
@@ -365,7 +427,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +		/* trust url certs: */
 +		try {
 +			trusturl_ctx = SSLContext.getInstance("SSL");
-+			trusturl_ctx.init(null, trustUrlCert, new
++			trusturl_ctx.init(mykey, trustUrlCert, new
 +			    java.security.SecureRandom());
 +
 +		} catch (Exception e) {
@@ -377,7 +439,7 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +		/* trust the one cert from server: */
 +		try {
 +			trustone_ctx = SSLContext.getInstance("SSL");
-+			trustone_ctx.init(null, trustOneCert, new
++			trustone_ctx.init(mykey, trustOneCert, new
 +			    java.security.SecureRandom());
 +
 +		} catch (Exception e) {
@@ -563,6 +625,9 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +			if (viewer.trustAllVncCerts) {
 +				dbg("viewer.trustAllVncCerts-2");
 +				user_wants_to_see_cert = false;
++			} else if (viewer.trustUrlVncCert) {
++				dbg("viewer.trustUrlVncCert-1");
++				user_wants_to_see_cert = false;
 +			} else {
 +				bcd = new BrowserCertsDialog(serv, host + ":" + port);
 +				bcd.queryUser();
@@ -1378,8 +1443,8 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/SSLSocketToMe.java vnc_javasrc/SSL
 +}
 diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncViewer.java
 --- vnc_javasrc.orig/VncViewer.java	2004-03-04 08:34:25.000000000 -0500
-+++ vnc_javasrc/VncViewer.java	2006-12-01 02:31:26.000000000 -0500
-@@ -88,6 +88,14 @@
++++ vnc_javasrc/VncViewer.java	2007-02-21 23:24:37.000000000 -0500
+@@ -88,6 +88,16 @@
    int deferCursorUpdates;
    int deferUpdateRequests;
  
@@ -1388,13 +1453,15 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
 +  String CONNECT;
 +  String urlPrefix;
 +  String httpsPort;
++  String oneTimeKey;
 +  boolean forceProxy;
 +  boolean trustAllVncCerts;
++  boolean trustUrlVncCert;
 +
    // Reference to this applet for inter-applet communication.
    public static java.applet.Applet refApplet;
  
-@@ -626,6 +634,53 @@
+@@ -626,6 +636,63 @@
  
      // SocketFactory.
      socketFactory = readParameter("SocketFactory", false);
@@ -1435,6 +1502,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
 +    }
 +    System.out.println("urlPrefix: '" + urlPrefix + "'");
 +
++    oneTimeKey = readParameter("oneTimeKey", false);
++    if (oneTimeKey != null) {
++    	System.out.println("oneTimeKey: is set");
++    }
++
 +    forceProxy = false;
 +    str = readParameter("forceProxy", false);
 +    if (str != null && str.equalsIgnoreCase("Yes")) {
@@ -1445,6 +1517,11 @@ diff -x VncCanvas.java -Naur vnc_javasrc.orig/VncViewer.java vnc_javasrc/VncView
 +    if (str != null && str.equalsIgnoreCase("Yes")) {
 +      trustAllVncCerts = true;
 +    }
++    trustUrlVncCert = false;
++    str = readParameter("trustUrlVncCert", false);
++    if (str != null && str.equalsIgnoreCase("Yes")) {
++      trustUrlVncCert = true;
++    }
    }
  
    public String readParameter(String name, boolean required) {
author	runge <runge>	2007-03-24 23:30:43 +0000
committer	runge <runge>	2007-03-24 23:30:43 +0000
commit	c5055013c0efd6a9fc7b3b97e76fa4722631db18 (patch)
tree	42f49df776c051600420e18a43af0806e03ea3b0
parent	61c56222b3becbbc8f0bafef7602baae9f8fd7d9 (diff)
download	libtdevnc-c5055013c0efd6a9fc7b3b97e76fa4722631db18.tar.gz libtdevnc-c5055013c0efd6a9fc7b3b97e76fa4722631db18.zip