diff options
Diffstat (limited to 'classes/ssl/ssl_vncviewer')
| -rwxr-xr-x | classes/ssl/ssl_vncviewer | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/classes/ssl/ssl_vncviewer b/classes/ssl/ssl_vncviewer new file mode 100755 index 0000000..4f69a1c --- /dev/null +++ b/classes/ssl/ssl_vncviewer @@ -0,0 +1,142 @@ +#!/bin/sh +# +# ssl_vncviewer: wrapper for vncviewer to use stunnel SSL tunnel. +# +# You must have stunnel(8) installed on the system and in your +# PATH (n.b. stunnel is usually in an sbin subdir). +# +# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..." +# running as the VNC server. +# +# usage: ssl_vncviewer [cert-args] host:display <vncviewer-args> +# +# e.g.: ssl_vncviewer snoopy:0 +# ssl_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile" +# +# [cert-args] can be: +# -verify /path/to/cacert.pem +# -mycert /path/to/mycert.pem +# +# -verify specifies a CA cert PEM file (or a self-signed one) for +# authenticating the VNC server. +# +# -mycert specifies this client's cert+key PEM file for the VNC server to +# authenticate this client. +# + +VNCVIEWERCMD="vncviewer" +PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH + +help() { + head -26 $0 | tail +2 +} + +# grab our cmdline options: +while [ "X$1" != "X" ] +do + case $1 in + "-verify") shift; verify="$1" + ;; + "-mycert") shift; mycert="$1" + ;; + "-h"*) help; exit 0 + ;; + *) break + ;; + esac + shift +done + +orig="$1" +shift + +# play around with host:display port: +if ! echo "$orig" | grep ':' > /dev/null; then + orig="$orig:0" +fi + +host=`echo "$orig" | awk -F: '{print $1}'` +disp=`echo "$orig" | awk -F: '{print $2}'` +if [ $disp -lt 200 ]; then + port=`expr $disp + 5900` +fi + +# try to find an open listening port via netstat(1): +use="" +if uname | grep Linux > /dev/null; then + inuse=`netstat -ant | grep LISTEN | awk '{print $4}' | sed 's/^.*://'` + try=5920 + while [ $try -lt 6000 ] + do + if ! echo "$inuse" | grep -w $try > /dev/null; then + use=$try + break + fi + try=`expr $try + 1` + done +fi +if [ "X$use" = "X" ]; then + # otherwise choose a "random" one: + use=`date +%S` + use=`expr $use + 5920` +fi + +# create the stunnel config file: +if [ "X$verify" != "X" ]; then + if [ -d $verify ]; then + verify="CApath = $verify" + else + verify="CAfile = $verify" + fi + verify="$verify +verify = 2" +fi +if [ "X$mycert" != "X" ]; then + cert="cert = $mycert" +fi + +##debug = 7 +tmp=/tmp/ssl_vncviewer.$$ +cat > $tmp <<END +foreground = yes +pid = +client = yes +$verify +$cert + +[vnc_stunnel] +accept = $use +connect= $host:$port +END + +echo "" +echo "Using this stunnel configuration:" +cat $tmp +echo "" +sleep 1 + +echo "running: stunnel $tmp" +stunnel $tmp < /dev/tty > /dev/tty & +pid=$! +echo "" + +# pause here to let the user supply a possible passphrase for the +# mycert key: +if [ "X$mycert" != "X" ]; then + sleep 4 +fi +sleep 2 +rm -f $tmp + +if [ $use -ge 5900 ]; then + n=`expr $use - 5900` +fi + +if echo "$0" | grep vncip > /dev/null; then + # hack for runge's special wrapper script vncip. + vncip "$@" localhost:$n +else + $VNCVIEWERCMD "$@" localhost:$n +fi + +kill $pid |