classes/ssl: Many improvements to Java SSL applet, onetimekey

          serverCert param, debugging printout, user dialogs, catch
          socket exceptions, autodetect x11vnc for GET=1.
x11vnc: misc/scripts: desktop.cgi, inet6to4, panner.pl.
          X11VNC_HTTPS_DOWNLOAD_WAIT_TIME, -unixpw %xxx documented, and
          can run user cmd in UNIXPW_CMD. FD_XDMCP_IF for create script,
          autodetect dm on udp6 only.  Queries: pointer_x, pointer_y,
          pointer_same, pointer_root.  Switch on -xkd if keysyms per key >
          4 in all cases.  daemon mode improvements for connect_switch,
          inet6to4, ultravnc_repeater.pl.  Dynamic change of -clip do
          not create new fb if WxH is unchanged.

1 files changed, 73 insertions, 19 deletions

diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1
index 4d193c3..41e41ad 100644
--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
@@ -1,8 +1,8 @@
 .\" This file was automatically generated from x11vnc -help output.
-.TH X11VNC "1" "February 2010" "x11vnc " "User Commands"
+.TH X11VNC "1" "March 2010" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.9.10, lastmod: 2010-02-21
+         version: 0.9.10, lastmod: 2010-03-20
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -558,6 +558,11 @@ to the program location and in standard locations
 \fB-http_ssl\fR
 .IP
 As \fB-http,\fR but force lookup for ssl classes subdir.
+.IP
+Note that for HTTPS, single-port Java applet delivery
+you can set X11VNC_HTTPS_DOWNLOAD_WAIT_TIME to the
+max number of seconds to wait for the applet download
+to finish.  The default is 15.
 .PP
 \fB-avahi\fR
 .IP
@@ -1061,9 +1066,31 @@ Use "deny" to explicitly deny some users if you use
 the user is allowed, but the option values associated
 with it do apply as normal.
 .IP
-There are also some utilities for testing password
+There are also some utilities for checking passwords
 if [list] starts with the "%" character.  See the
-quick_pw() function in the source for details.
+quick_pw() function for more details.  Description:
+"%-" or "%stdin" means read one line from stdin.
+"%env" means it is in $UNIXPW env var.  A leading
+"%/" or "%." means read the first line from the
+filename that follows after the % character. % by
+itself means prompt for the username and password.
+Otherwise: %user:pass   E.g. \fB-unixpw\fR %fred:swordfish
+For the other cases user:pass is read from the indicated
+source.  If the password is correct 'Y user' is printed
+and the program exit code is 0.  If the password is
+incorrect it prints 'N user' and the exit code is 1.
+If there is some other error the exit code is 2.
+This feature enables x11vnc to be a general unix user
+password checking tool; it could be used from scripts
+or other programs.  These % password checks also apply
+to the \fB-unixpw_nis\fR and \fB-unixpw_cmd\fR options.
+.IP
+For the % password check, if the env. var. UNIXPW_CMD
+is set to a command then it is run as the user (assuming
+the password is correct.)  The output of the command is
+not printed, the program or script must manage that by
+some other means.  The exit code of x11vnc will depend
+on the exit code of the command that is run.
 .IP
 Use \fB-nounixpw\fR to disable unixpw mode if it was enabled
 earlier in the cmd line (e.g. \fB-svc\fR mode)
@@ -1184,8 +1211,11 @@ and if it has the permissions to do so.
 .PP
 \fB-find\fR
 .IP
-Find the user's display using FINDDISPLAY. This is an
-alias for "\fB-display\fR \fIWAIT:cmd=FINDDISPLAY\fR".
+Find the user's display using FINDDISPLAY. This
+is an alias for "\fB-display\fR \fIWAIT:cmd=FINDDISPLAY\fR".
+.IP
+Note: if a \fB-display\fR occurs later on the command line
+it will override the \fB-find\fR setting.
 .IP
 For this and the next few options see \fB-display\fR WAIT:...
 below for all of the details.
@@ -1232,6 +1262,9 @@ if that doesn't succeed create an X session via the
 FINDCREATEDISPLAY method.  This is an alias for
 "\fB-display\fR \fIWAIT:cmd=FINDCREATEDISPLAY-Xvfb\fR".
 .IP
+Note: if a \fB-display\fR occurs later on the command line
+it will override the \fB-create\fR setting.
+.IP
 SSH NOTE: for both \fB-find\fR and \fB-create\fR you can (should!)
 add the "\fB-localhost\fR" option to force SSH tunnel access.
 .PP
@@ -1263,6 +1296,10 @@ Example: \fB-svc\fR ... \fB-create_xsrv\fR Xdummy,X
 Terminal services mode based on SSL access.  Alias for
 \fB-display\fR WAIT:cmd=FINDCREATEDISPLAY-Xvfb \fB-unixpw\fR \fB-users\fR
 unixpw= \fB-ssl\fR SAVE   Also "\fB-service\fR".
+.IP
+Note: if a \fB-display,\fR \fB-unixpw,\fR \fB-users,\fR or \fB-ssl\fR occurs
+later on the command line it will override the \fB-svc\fR
+setting.
 .PP
 \fB-svc_xdummy\fR
 .IP
@@ -1282,6 +1319,10 @@ Display manager Terminal services mode based on SSL.
 Alias for \fB-display\fR WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp
 \fB-unixpw\fR \fB-users\fR unixpw= \fB-ssl\fR SAVE  Also "\fB-xdm_service\fR".
 .IP
+Note: if a \fB-display,\fR \fB-unixpw,\fR \fB-users,\fR or \fB-ssl\fR occurs
+later on the command line it will override the \fB-xdmsvc\fR
+setting.
+.IP
 To create a session a user will have to first log in
 to the \fB-unixpw\fR dialog and then log in again to the
 XDM/GDM/KDM prompt.  Subsequent re-connections will
@@ -1654,6 +1695,11 @@ to be a unique name for the session, it is set as an
 X property, that makes FINDDISPLAY only find sessions
 with that tag value.
 .IP
+Set FD_XDMCP_IF to the network interface that the
+display manager is running on; default is 'localhost'
+but you may need to set it to '::1' on some IPv6 only
+systems or misconfigured display managers.
+.IP
 If you want the FINDCREATEDISPLAY session to contact an
 XDMCP login manager (xdm/gdm/kdm) on the same machine,
 then use "Xvfb.xdmcp" instead of "Xvfb", etc.
@@ -2370,7 +2416,7 @@ exits.
 .IP
 Use the 
 .IR stunnel (8)
-(www.stunnel.org) to provide an
+(stunnel.mirt.net) to provide an
 encrypted SSL tunnel between viewers and x11vnc.
 .IP
 This external tunnel method was implemented prior to the
@@ -5838,6 +5884,14 @@ grab_state      get state of pointer and keyboard grab.
 .IP
 pointer_pos     print XQueryPointer x,y cursor position.
 .IP
+pointer_x       print XQueryPointer x cursor position.
+.IP
+pointer_y       print XQueryPointer y cursor position.
+.IP
+pointer_same    print XQueryPointer ptr on same screen.
+.IP
+pointer_root    print XQueryPointer curr ptr rootwin.
+.IP
 mouse_x         print x11vnc's idea of cursor position.
 .IP
 mouse_y         print x11vnc's idea of cursor position.
@@ -6234,18 +6288,18 @@ loop loopbg desktopname guess_desktop guess_dbus
 http_url auth xauth users rootshift clipshift scale_str
 scaled_x scaled_y scale_numer scale_denom scale_fac_x
 scale_fac_y scaling_blend scaling_nomult4 scaling_pad
-scaling_interpolate inetd privremote unsafe safer
-nocmds passwdfile unixpw unixpw_nis unixpw_list ssl
-ssl_pem sslverify stunnel stunnel_pem https httpsredir
-usepw using_shm logfile o flag rmflag rc norc h help
-V version lastmod bg sigpipe threads readrate netrate
-netlatency pipeinput clients client_count pid ext_xtest
-ext_xtrap ext_xrecord ext_xkb ext_xshm ext_xinerama
-ext_overlay ext_xfixes ext_xdamage ext_xrandr rootwin
-num_buttons button_mask mouse_x mouse_y grab_state
-pointer_pos bpp depth indexed_color dpy_x dpy_y wdpy_x
-wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth
-passwd viewpasswd
+scaling_interpolate inetd privremote unsafe safer nocmds
+passwdfile unixpw unixpw_nis unixpw_list ssl ssl_pem
+sslverify stunnel stunnel_pem https httpsredir usepw
+using_shm logfile o flag rmflag rc norc h help V version
+lastmod bg sigpipe threads readrate netrate netlatency
+pipeinput clients client_count pid ext_xtest ext_xtrap
+ext_xrecord ext_xkb ext_xshm ext_xinerama ext_overlay
+ext_xfixes ext_xdamage ext_xrandr rootwin num_buttons
+button_mask mouse_x mouse_y grab_state pointer_pos
+pointer_x pointer_y pointer_same pointer_root bpp depth
+indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y
+cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd
 .PP
 \fB-QD\fR \fIvariable\fR
 .IP