From 9659bc129f520b635b7056cf5d746a35003a6b80 Mon Sep 17 00:00:00 2001 From: runge Date: Mon, 21 Dec 2009 11:02:31 -0500 Subject: x11vnc: -DENC_HAVE_OPENSSL=0 to disable enc.h but still have ssl. Tweak ps command in find_display. Try to handle AIX su. Ignore an initial newline at login: for -unixpw. --- x11vnc/ChangeLog | 5 +++++ x11vnc/README | 15 ++++++++++--- x11vnc/sslhelper.c | 10 +++++++-- x11vnc/ssltools.h | 17 +++++++++++---- x11vnc/unixpw.c | 59 +++++++++++++++++++++++++++++++++++++++++++++------- x11vnc/x11vnc.1 | 2 +- x11vnc/x11vnc_defs.c | 2 +- 7 files changed, 91 insertions(+), 19 deletions(-) diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog index 0f7e547..c3c8382 100644 --- a/x11vnc/ChangeLog +++ b/x11vnc/ChangeLog @@ -1,3 +1,8 @@ +2009-12-21 Karl Runge + * x11vnc: -DENC_HAVE_OPENSSL=0 to disable enc.h but still + have ssl. Tweak ps command in find_display. Try to handle + AIX su. Ignore an initial newline at login: for -unixpw. + 2009-12-18 Karl Runge * x11vnc: fix keycode and other remote control actions under DIRECT: with an extra XFlush and other safety measures. diff --git a/x11vnc/README b/x11vnc/README index 597e2ef..685f9a6 100644 --- a/x11vnc/README +++ b/x11vnc/README @@ -2,7 +2,7 @@ Copyright (C) 2002-2009 Karl J. Runge All rights reserved. -x11vnc README file Date: Fri Dec 18 22:19:55 EST 2009 +x11vnc README file Date: Mon Dec 21 00:00:59 EST 2009 The following information is taken from these URLs: @@ -842,6 +842,15 @@ make also want to make sure that /usr/lpp/X11/include, etc is being picked up by the configure and make. + For a recent build on AIX 5.3 we needed to add these CFLAGS to be able + to build with gcc: + env CFLAGS='-maix64 -Xlinker -bbigtoc' ./configure ... + + we also built our own libjpeg and libz using -maix64. + + BTW, one way to run an Xvfb-like virtual X server for testing on AIX + is something like "/usr/bin/X11/X -force -vfb -ac :1". + Building on Mac OS X: There is now [112]native Mac OS X support for x11vnc by using the raw framebuffer feature. This mode does not use or @@ -12905,7 +12914,7 @@ x11vnc: a VNC server for real X displays Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-18 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-21 x11vnc options: -display disp -auth file -N @@ -13032,7 +13041,7 @@ libvncserver-tight-extension options: % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-18 +x11vnc: allow VNC connections to real X11 displays. 0.9.9 lastmod: 2009-12-21 (type "x11vnc -opts" to just list the options.) diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c index 42a5728..5af3376 100644 --- a/x11vnc/sslhelper.c +++ b/x11vnc/sslhelper.c @@ -2940,11 +2940,11 @@ if (db) fprintf(stderr, "tv_sec: %d - '%s'\n", (int) tv.tv_sec, last_get); FD_ZERO(&rd); FD_SET(s_in, &rd); - if (db) fprintf(stderr, "is_ssl_readable: begin select(%d secs) %.6f\n", tv.tv_sec, dnow()); + if (db) fprintf(stderr, "is_ssl_readable: begin select(%d secs) %.6f\n", (int) tv.tv_sec, dnow()); do { nfd = select(s_in+1, &rd, NULL, NULL, &tv); } while (nfd < 0 && errno == EINTR); - if (db) fprintf(stderr, "is_ssl_readable: finish select(%d secs) %.6f\n", tv.tv_sec, dnow()); + if (db) fprintf(stderr, "is_ssl_readable: finish select(%d secs) %.6f\n", (int) tv.tv_sec, dnow()); if (db) fprintf(stderr, "https nfd: %d\n", nfd); @@ -4081,12 +4081,18 @@ if (db) rfbLog("raw_xfer bad write: %d -> %d | %d/%d errno=%d\n", csock, s_out #endif /* FORK_OK */ } +/* compile with -DENC_HAVE_OPENSSL=0 to disable enc stuff but still have ssl */ + #define ENC_MODULE + #if LIBVNCSERVER_HAVE_LIBSSL +#ifndef ENC_HAVE_OPENSSL #define ENC_HAVE_OPENSSL 1 +#endif #else #define ENC_HAVE_OPENSSL 0 #endif + #include "enc.h" static void symmetric_encryption_xfer(int csock, int s_in, int s_out) { diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h index 1d0b1ab..1be120f 100644 --- a/x11vnc/ssltools.h +++ b/x11vnc/ssltools.h @@ -893,14 +893,23 @@ char find_display[] = "\n" "# save uname, netstat, and ps output:\n" "uname=`uname`\n" -"nsout=`netstat -an`\n" +"is_bsd=\"\"\n" +"if echo \"$uname\" | grep -i bsd > /dev/null; then\n" +" is_bsd=1\n" +"fi\n" +"\n" "if [ \"X$uname\" = \"XDarwin\" ]; then\n" -" psout=`ps aux 2>/dev/null | grep -wv PID | grep -v grep`\n" -" pslist=`echo \"$psout\" | awk '{print $2}'`\n" +" psout=`ps aux 2>/dev/null | grep -wv PID | grep -v grep`\n" +"elif [ \"X$uname\" = \"XLinux\" -o \"X$is_bsd\" = \"X1\" ]; then\n" +" psout=`ps wwwaux 2>/dev/null | grep -wv PID | grep -v grep`\n" +"elif [ \"X$uname\" = \"XSunOS\" -a -x /usr/ucb/ps ]; then\n" +" psout=`/usr/ucb/ps wwwaux 2>/dev/null | grep -wv PID | grep -v grep`\n" "else\n" " psout=`ps -ef 2>/dev/null | grep -wv PID | grep -v grep`\n" -" pslist=`echo \"$psout\" | awk '{print $2}'`\n" "fi\n" +"pslist=`echo \"$psout\" | awk '{print $2}'`\n" +"\n" +"nsout=`netstat -an`\n" "\n" "rchk() {\n" " rr=rr \n" diff --git a/x11vnc/unixpw.c b/x11vnc/unixpw.c index 96a066d..ef28ef2 100644 --- a/x11vnc/unixpw.c +++ b/x11vnc/unixpw.c @@ -954,7 +954,7 @@ int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int pid_t pid, pidw; struct stat sbuf; static int first = 1; - char instr[32], cbuf[10]; + char instr[64], cbuf[10]; if (first) { set_db(); @@ -1210,7 +1210,7 @@ int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int * auth sufficient pam_self.so * it may be commented out without problem. */ - for (i=0; i<32; i++) { + for (i=0; i= 32-1) { + if (j >= sizeof(instr)-1) { rfbLog("su_verify: problem finding Password:\n"); fflush(stderr); return 0; @@ -1261,7 +1261,42 @@ int su_verify(char *user, char *pass, char *cmd, char *rbuf, int *rbuf_size, int instr[j++] = tolower((unsigned char)cbuf[0]); } - if (n <= 0 || strstr(pstr, instr) != pstr) { + problem = 0; + if (n <= 0) { + problem = 1; + } else if (strstr(pstr, instr) != pstr) { +#ifdef _AIX + if (UT.sysname && strstr(UT.sysname, "AIX")) { + /* handle: runge's Password: */ + char *luser = (char *) malloc(strlen(user) + 10); + + sprintf(luser, "%s's", user); + lowercase(luser); + if (strstr(luser, instr) == luser) { + if (!strcmp(luser, instr)) { + i = -1; + j = 0; + memset(instr, 0, sizeof(instr)); + free(luser); + continue; + } else { + i--; + if (i < -1) i = -1; + free(luser); + continue; + } + } else { + problem = 1; + } + free(luser); + } else +#endif + { + problem = 1; + } + } + + if (problem) { if (db) { fprintf(stderr, "\"Password:\" did not " @@ -1571,7 +1606,7 @@ static void set_db(void) { void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { int x, y, i, rc, nmax = 100; static char user_r[100], user[100], pass[100]; - static int u_cnt = 0, p_cnt = 0, first = 1; + static int u_cnt = 0, p_cnt = 0, t_cnt = 0, first = 1; static int echo = 1; char keystr[100]; char *str; @@ -1601,6 +1636,7 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { u_cnt = 0; p_cnt = 0; + t_cnt = 0; for (i=0; i 0) { @@ -1768,6 +1806,11 @@ void unixpw_keystroke(rfbBool down, rfbKeySym keysym, int init) { return; } + if (t_cnt == 1) { + /* accidental initial return, e.g. from xterm */ + return; + } + in_login = 0; in_passwd = 1; diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1 index adf87b4..68c73c3 100644 --- a/x11vnc/x11vnc.1 +++ b/x11vnc/x11vnc.1 @@ -2,7 +2,7 @@ .TH X11VNC "1" "December 2009" "x11vnc " "User Commands" .SH NAME x11vnc - allow VNC connections to real X11 displays - version: 0.9.9, lastmod: 2009-12-18 + version: 0.9.9, lastmod: 2009-12-21 .SH SYNOPSIS .B x11vnc [OPTION]... diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c index 42a8198..351fea7 100644 --- a/x11vnc/x11vnc_defs.c +++ b/x11vnc/x11vnc_defs.c @@ -47,7 +47,7 @@ int xtrap_base_event_type = 0; int xdamage_base_event_type = 0; /* date +'lastmod: %Y-%m-%d' */ -char lastmod[] = "0.9.9 lastmod: 2009-12-18"; +char lastmod[] = "0.9.9 lastmod: 2009-12-21"; /* X display info */ -- cgit v1.2.3