#!/usr/bin/perl
#
#  Copyright (C) 2009-2016 D. R. Commander.  All Rights Reserved.
#  Copyright (C) 2010 University Corporation for Atmospheric Research.
#                     All Rights Reserved.
#  Copyright (C) 2005-2006 Sun Microsystems, Inc.  All Rights Reserved.
#  Copyright (C) 2002-2009 Constantin Kaplinsky.  All Rights Reserved.
#  Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.
#  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
#
#  This is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This software is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this software; if not, write to the Free Software
#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
#  USA.
#

#
# vncserver - wrapper script to start an X VNC server.
#

# First make sure we're operating in a sane environment.

$exedir = "";
$slashndx = rindex($0, "/");
if($slashndx>=0) {
    $exedir = substr($0, 0, $slashndx+1);
}

# The script looks for the Java classes in $exedir/../java first, then if
# it can't find them there, it looks in the directory specified by
# $vncClasses.

$vncClasses = "";

$xauth = "xauth";

&SanityCheck();

# Default configuration of the TurboVNC Server:

$geometry = "1240x900";
$depth = 24;
$vncUserDir = "$ENV{HOME}/.vnc";
$passwdFile = "$vncUserDir/passwd";
$authTypeVNC = 1;
$authTypeOTP = 1;
$generateOTP = 0;
$x509CertFile = "$vncUserDir/x509_cert.pem";
$x509KeyFile = "$vncUserDir/x509_private.pem";
$securityTypes = "";
$encTypeX509 = 1;
$enableHTTP = 1;
$skipxstartup = 0;
$autoLosslessRefresh = 0.0;
$deferUpdate = 1;
$useVGL = 0;
$autokill = 0;
$pamSession = 0;

# Read configuration from the system-wide and user files if present.

$configFile = "/etc/turbovncserver.conf";
ReadConfiguration();
$configFile = "$ENV{HOME}/.vnc/turbovncserver.conf";
ReadConfiguration();
ReadAuthConfiguration("/etc/turbovncserver-security.conf");

# Done reading configuration.

$defaultXStartup
    = ("#!/bin/sh\n\n".
       "unset SESSION_MANAGER\n".
       "unset DBUS_SESSION_BUS_ADDRESS\n".
       "\n".
       "# This works around pointer disappearance issues under GNOME 3\n".
       "if [ -x /usr/bin/dconf ]; then\n".
       "  dconf write /org/gnome/settings-daemon/plugins/cursor/active false\n".
       "fi\n".
       "\n".
       "OS=`uname -s`\n".
       "if [ \$OS = 'Linux' ]; then\n".
       "  case \"\$WINDOWMANAGER\" in\n".
       "    \*gnome\*)\n".
       "      if [ -e /etc/SuSE-release ]; then\n".
       "        PATH=\$PATH:/opt/gnome/bin\n".
       "        export PATH\n".
       "      fi\n".
       "      ;;\n".
       "  esac\n".
       "fi\n".
       "\n".
       "if [ \"\$TVNC_3DWM\" = \"1\" ]; then\n".
       "  if [ -z \"\$SSH_AGENT_PID\" -a -x /usr/bin/ssh-agent ]; then\n".
       "    TVNC_SSHAGENT=/usr/bin/ssh-agent\n".
       "  fi\n".
       "  if [ -z \"\$TVNC_VGLRUN\" ]; then\n".
       "    TVNC_VGLRUN=\"vglrun +wm\"\n".
       "  fi\n".
       "  # This is necessary to make Unity work on Ubuntu 16, and on Ubuntu 14, it\n".
       "  # ensures that the proper compiz profile is set up.  Otherwise, if you forget\n".
       "  # to specify -3dwm, compiz will automatically disable its OpenGL plugin,\n".
       "  # requiring you to reset the compiz plugin state before Unity will work\n".
       "  # again.\n".
       "  if [ -f /usr/share/gnome-session/sessions/ubuntu.session ]; then\n".
       "    SESSION=ubuntu\n".
       "    DESKTOP_SESSION=\$SESSION; export DESKTOP_SESSION\n".
       "    GDMSESSION=\$SESSION; export GDMSESSION\n".
       "    SESSIONTYPE=gnome-session; export SESSIONTYPE\n".
       "    XDG_CURRENT_DESKTOP=Unity; export XDG_CURRENT_DESKTOP\n".
       "    XDG_SESSION_TYPE=x11; export XDG_SESSION_TYPE\n".
       "    STARTUP=\"/usr/bin/gnome-session --session=\$SESSION\"; export STARTUP\n".
       "  fi\n".
       "else\n".
       "  if [ -f /usr/bin/mate-session ]; then\n".
       "    DESKTOP_SESSION=mate; export DESKTOP_SESSION\n".
       "    STARTUP=\"/usr/bin/mate-session\"; export STARTUP\n".
       "  elif [ -f /usr/bin/gnome-session ]; then\n".
       "    for SESSION in \"gnome-fallback\" \"ubuntu-2d\" \"2d-gnome\"; do\n".
       "      if [ -f /usr/share/gnome-session/sessions/\$SESSION.session ]; then\n".
       "        DESKTOP_SESSION=\$SESSION; export DESKTOP_SESSION\n".
       "        GDMSESSION=\$SESSION; export GDMSESSION\n".
       "        SESSIONTYPE=gnome-session; export SESSIONTYPE\n".
       "        XDG_CURRENT_DESKTOP=\$SESSION; export XDG_CURRENT_DESKTOP\n".
       "        STARTUP=\"/usr/bin/gnome-session --session=\$SESSION\"; export STARTUP\n".
       "        # Ubuntu 14 runs gnome-session-check-accelerated, even though the\n".
       "        # gnome-fallback session doesn't need OpenGL, so we set an atom to make\n".
       "        # gnome-session-check-accelerated think it has already been run.\n".
       "        xprop -root -f _GNOME_SESSION_ACCELERATED 32c -set _GNOME_SESSION_ACCELERATED 1\n".
       "      fi\n".
       "    done\n".
       "    # Launch GNOME 2D (Metacity) session under Ubuntu 16\n".
       "    if [ -f /usr/share/gnome-session/sessions/gnome-flashback-metacity.session ]; then\n".
       "      SESSION=gnome-flashback-metacity\n".
       "      DESKTOP_SESSION=\$SESSION; export DESKTOP_SESSION\n".
       "      GDMSESSION=\$SESSION; export GDMSESSION\n".
       "      SESSIONTYPE=gnome-session; export SESSIONTYPE\n".
       "      XDG_CURRENT_DESKTOP=\"GNOME-Flashback:Unity\"; export XDG_CURRENT_DESKTOP\n".
       "      XDG_SESSION_DESKTOP=\$SESSION; export XDG_SESSION_DESKTOP\n".
       "      STARTUP=\"/usr/bin/gnome-session --session=\$SESSION\ --disable-acceleration-check\"; export STARTUP\n".
       "    fi\n".
       "  fi\n".
       "fi\n".
       "\n".
       "if [ -x /etc/X11/xinit/xinitrc ]; then\n".
       "  exec \$TVNC_SSHAGENT \$TVNC_VGLRUN /etc/X11/xinit/xinitrc\n".
       "fi\n".
       "if [ -f /etc/X11/xinit/xinitrc ]; then\n".
       "  exec \$TVNC_SSHAGENT \$TVNC_VGLRUN sh /etc/X11/xinit/xinitrc\n".
       "fi\n".
       "if [ -x \$HOME/.xinitrc ]; then\n".
       "  exec \$TVNC_SSHAGENT \$TVNC_VGLRUN \$HOME/.xinitrc\n".
       "fi\n".
       "if [ -f \$HOME/.xinitrc ]; then\n".
       "  exec \$TVNC_SSHAGENT \$TVNC_VGLRUN sh \$HOME/.xinitrc\n".
       "fi\n".
       "if [ -x /usr/local/lib/X11/xinit/xinitrc ]; then\n".
       "  exec \$TVNC_SSHAGENT \$TVNC_VGLRUN /usr/local/lib/X11/xinit/xinitrc\n".
       "fi\n".
       "if [ -f /usr/local/lib/X11/xinit/xinitrc ]; then\n".
       "  exec \$TVNC_SSHAGENT \$TVNC_VGLRUN sh /usr/local/lib/X11/xinit/xinitrc\n".
       "fi\n".
       "if [ \$OS = 'SunOS' -a -f \$HOME/.dt/sessions/lastsession ]; then\n".
       "  if [ -x `cat \$HOME/.dt/sessions/lastsession` ]; then\n".
       "    exec `cat \$HOME/.dt/sessions/lastsession`\n".
       "  fi\n".
       "fi\n".
       "if [ -f /usr/dt/config/Xsession.jds ]; then\n".
       "  exec /usr/dt/config/Xsession.jds\n".
       "else\n".
       "  if [ -f /usr/dt/config/Xinitrc.jds ]; then\n".
       "    exec /usr/dt/config/Xinitrc.jds\n".
       "  else\n".
       "    if [ -f /usr/dt/bin/Xsession ]; then\n".
       "      exec /usr/dt/bin/Xsession\n".
       "    else\n".
       "      if [ -x /opt/sfw/bin/fvwm2 ]; then\n".
       "        /opt/sfw/bin/fvwm2\n".
       "      else\n".
       "        which fvwm2 && {\n".
       "          fvwm2\n".
       "        } || {\n".
       "          which twm && {\n".
       "            if [ -f \$HOME/.Xresources ]; then xrdb \$HOME/.Xresources; fi\n".
       "            xsetroot -solid grey\n".
       "            xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n".
       "            twm\n".
       "          } || {\n".
       "            echo No window manager found!\n".
       "          }\n".
       "        }\n".
       "      fi\n".
       "    fi\n".
       "  fi\n".
       "fi\n");

$xauthorityFile = "$ENV{XAUTHORITY}";

$vncUserDirUnderTmp = ($vncUserDir =~ m|^/tmp/.+|) ? 1 : 0;
if (! $xstartup) {
    $xstartup = ($vncUserDirUnderTmp) ?
      "$ENV{HOME}/.turbovncstartup" : "$vncUserDir/xstartup.turbovnc";
}
unless ($xauthorityFile) {
    if ($vncUserDirUnderTmp) {
        $xauthorityFile = "$vncUserDir/.Xauthority";
    } else {
        $xauthorityFile = "$ENV{HOME}/.Xauthority";
    }
}

chop($host = `uname -n`);
chop($os = `uname`);

if (-d "/etc/X11/fontpath.d") {
    $fontPath = "catalogue:/etc/X11/fontpath.d";
}

@fontpaths = ('/usr/share/X11/fonts', '/usr/share/fonts', '/usr/share/fonts/X11', '/usr/local/lib/X11/fonts');
if (! -l "/usr/lib/X11") {push(@fontpaths, '/usr/lib/X11/fonts');}
if (! -l "/usr/X11") {push(@fontpaths, '/usr/X11/lib/X11/fonts');}
if (! -l "/usr/openwin") {push(@fontpaths, '/usr/openwin/lib/X11/fonts');}
if (! -l "/usr/X11R6") {push(@fontpaths, '/usr/X11R6/lib/X11/fonts');}
if (! -l "/opt/X11/share/fonts") {push(@fontpaths, '/opt/X11/share/fonts');}
push(@fontpaths, '/usr/share/fonts/default');

@fonttypes = ('F3bitmaps',
             'misc',
             '75dpi',
             '100dpi',
             'Speedo',
             'Type1',
             'ghostscript',
             'liberation',
             'TTF',
             'OTF');

if (($fontPath eq "")) {
    foreach $_fpath (@fontpaths) {
        if (-f "$_fpath/encodings/encodings.dir") {
            $ENV{FONT_ENCODINGS_DIRECTORY}= "$_fpath/encodings";
        }
        foreach $_ftype (@fonttypes) {
            if (-f "$_fpath/$_ftype/fonts.dir") {
                if (! -l "$_fpath/$_ftype") {
                    $fontPath .= "$_fpath/$_ftype,";
                }
            }
        }
    }
}
if ($fontPath) {
    if (substr($fontPath, -1, 1) eq ',') {
        chop $fontPath;
    }
}

if ($os eq "SunOS") {
    $defFontPath = "inet/:7100";
} else {
    $defFontPath = "unix/:7100";
}

if ($os eq "Darwin") {
    $fontPath = "$fontPath,/Library/Fonts,/System/Library/Fonts";
}

@xkbdirs = ('/usr/X11R6/lib/X11/xkb', '/usr/local/share/X11/xkb', '/opt/X11/share/X11/xkb');
foreach $_xkbdir (@xkbdirs) {
  if (-d "$_xkbdir") {
    $xkbdir = "$_xkbdir";
  }
}

@xkbcompdirs = ('/usr/X11R6/bin', '/usr/X11/lib/X11/xkb', '/usr/local/bin', '/opt/X11/bin');
foreach $_xkbcompdir (@xkbcompdirs) {
  if (-x "$_xkbcompdir/xkbcomp") {
    $xkbcompdir = "$_xkbcompdir";
  }
}

# Check command line options

&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
              "-help",0,"-h",0,"--help",0,"-fg",0,"-list",0,"-fp",1,"-otp",0,
              "-securitytypes",1,"-nohttp",0,"-nohttpd",0,"-rfbauth",1,
              "-noxstartup",0,"-xstartup",1,"-log",1,"-3dwm",0,"-debug",0,
              "-x509cert",1,"-x509key",1,"-autokill",0);

&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});

&Kill() if ($opt{'-kill'});

&List() if ($opt{'-list'});

# Uncomment this line if you want default geometry, depth and pixelformat
# to match the current X display:
# &GetXDisplayDefaults();

if ($opt{'-geometry'}) {
    $geometry = $opt{'-geometry'};
}
if ($opt{'-depth'}) {
    $depth = $opt{'-depth'};
    $pixelformat = "";
}
if ($opt{'-pixelformat'}) {
    $pixelformat = $opt{'-pixelformat'};
}
if ($opt{'-nohttp'}) {
    $enableHTTP = 0;
}
if ($opt{'-nohttpd'}) {
    $enableHTTP = 0;
}
if ($opt{'-noxstartup'}) {
    $skipxstartup = 1;
}
if ($opt{'-xstartup'}) {
    $xstartup = $opt{'-xstartup'};
}
if ($opt{'-3dwm'}) {
    $useVGL = 1;
}
if ($opt{'-fp'}) {
    $fontPath = $opt{'-fp'};
}
if ($opt{'-deferupdate'}) {
    $deferUpdate = $opt{'-deferupdate'};
}
if ($opt{'-debug'}) {
    $opt{'-fg'} = 1;
}
if ($opt{'-autokill'}) {
    $autokill = 1;
}
$authTypeVNCPermitted = $authTypeVNC;
$encTypeX509Permitted = $encTypeX509;
if ($opt{'-securitytypes'}) {
  $securityTypes = $opt{'-securitytypes'};
  my $enableVNC = 0;
  my $enableOTP = 0;
  my $enableX509 = 0;
  my $secTypes = $securityTypes;
  $secTypes =~ s/[\t\ \r\n]//g;
  foreach $tok (split/[,=]/, $secTypes) {
    if (substr(lc $tok, -3) eq 'otp') {
      $enableOTP = 1;
    }
    if (substr(lc $tok, -3) eq 'vnc') {
      $enableVNC = 1;
    }
    if (substr(lc $tok, 0, 4) eq 'x509') {
      $enableX509 = 1;
    }
  }
  if ($enableVNC == 0) {
    $authTypeVNC = 0;
  }
  if ($enableOTP == 0) {
    $authTypeOTP = 0;
  }
  if ($enableX509 == 0) {
    $encTypeX509 = 0;
  }
}
if ($opt{'-rfbauth'}) {
    if ($authTypeVNC) {
        $passwdFile = $opt{'-rfbauth'};
    }
    else {
        if ($authTypeVNCPermitted) {
            print ("VNC Password auth is not enabled.  Ignoring -rfbauth.\n");
        } else {
            print ("VNC Password auth is not permitted on this system.  Ignoring -rfbauth.\n");
        }
    }
}
if ($opt{'-x509cert'}) {
    if ($encTypeX509) {
        $x509CertFile = $opt{'-x509cert'};
    }
    else {
        if ($encTypeX509Permitted) {
            print ("X509 encryption is not enabled.  Ignoring -x509cert.\n");
        } else {
            print ("X509 encryption is not permitted on this system.  Ignoring -x509cert.\n");
        }
    }
}
if ($opt{'-x509key'}) {
    if ($encTypeX509) {
        $x509KeyFile = $opt{'-x509key'};
    }
    else {
        if ($encTypeX509Permitted) {
            print ("X509 encryption is not enabled.  Ignoring -x509key.\n");
        } else {
            print ("X509 encryption is not permitted on this system.  Ignoring -x509key.\n");
        }
    }
}
if ($opt{'-otp'}) {
    $generateOTP = 1;
}

if ($generateOTP && $authTypeOTP == 0) {
    print ("One-Time Password authentication is not enabled.  Ignoring request to generate\n");
    print ("    initial OTP.\n");
    $generateOTP = 0;
}

&CheckGeometryAndDepth();

# Create the user's vnc directory if necessary.

unless (-e $vncUserDir) {
    unless (mkdir($vncUserDir, 0700)) {
        die "$prog: Could not create $vncUserDir.\n";
    }
}
($z,$z,$mode) = lstat("$vncUserDir");
if (!-d _ || !-o _ || ($vncUserDirUnderTmp && ($mode & 0777) != 0700)) {
    die "$prog: Wrong type or access mode of $vncUserDir.\n";
}

# Make sure the user has a password.
if ($authTypeVNC && "$passwdFile" eq "$vncUserDir/passwd") {
    ($z,$z,$mode) = lstat("$vncUserDir/passwd");
    if (-e _ && (!-f _ || !-o _)) {
        die "$prog: Wrong type or ownership on $vncUserDir/passwd.\n";
    }

    if (!-e _ || ($mode & 077) != 0) {
        warn "\nYou will require a password to access your desktops.\n\n";
        system($exedir."vncpasswd $vncUserDir/passwd");
        if (($? & 0xFF00) != 0) {
            exit 1;
        }
    }
}

# Find display number.

if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
    $displayNumber = $1;
    shift(@ARGV);
    unless (&CheckDisplayNumber($displayNumber)) {
        die "A VNC server is already running as :$displayNumber\n";
    }
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
    &Usage();
} else {
    $displayNumber = &GetDisplayNumber();
}

$vncPort = 5900 + $displayNumber;

if ($opt{'-log'}) {
    $desktopLog = $opt{'-log'};
} else {
    $desktopLog = "$vncUserDir/$host:$displayNumber.log";
}
unlink($desktopLog);

if ($opt{'-name'}) {
    $desktopName = $opt{'-name'};
} else {
    $desktopName = "TurboVNC: $host:$displayNumber ($ENV{USER})" unless($desktopName);
}

# Make an X server cookie - use /dev/urandom on systems that have it,
# otherwise use perl's random number generator, seeded with the sum
# of the current time, our PID and part of the encrypted form of the password.

my $cookie = "";
if (open(URANDOM, '<', '/dev/urandom')) {
  my $randata;
  if (sysread(URANDOM, $randata, 16) == 16) {
    $cookie = unpack 'h*', $randata;
  }
  close(URANDOM);
}
if ($cookie eq "") {
  if (-e "$vncUserDir/passwd") {
      srand(time+$$+unpack("L",`cat $vncUserDir/passwd`));
  } else {
      srand(time+$$);
  }
  for (1..16) {
    $cookie .= sprintf("%02x", int(rand(256)) % 256);
  }
}

system("$xauth -f $xauthorityFile add $host:$displayNumber . $cookie");
system("$xauth -f $xauthorityFile add $host/unix:$displayNumber . $cookie");
if ($vncUserDirUnderTmp) {
    system("$xauth merge $xauthorityFile");
}

# Now start the X VNC Server

$cmd = $exedir."Xvnc :$displayNumber";
$cmd .= " -dpi $dpi" if ($dpi);
$cmd .= " -desktop " . &quotedString($desktopName);
$cmd .= " -httpd $vncClasses" if ($enableHTTP && $vncClasses);
$cmd .= " -auth $xauthorityFile";
$cmd .= " -dontdisconnect";
$cmd .= " -geometry $geometry" if ($geometry);
$cmd .= " -depth $depth" if ($depth);
$cmd .= " -pixelformat $pixelformat" if ($pixelformat);
$cmd .= " -rfbwait 120000";
$cmd .= " -rfbauth $passwdFile" if ($authTypeVNC);
$cmd .= " -x509cert $x509CertFile" if ($encTypeX509);
$cmd .= " -x509key $x509KeyFile" if ($encTypeX509);
$cmd .= " -securitytypes $securityTypes" if ($securityTypes);
$cmd .= " -rfbport $vncPort";
$cmd .= " -fp $fontPath" if ($fontPath);
$cmd .= " -alr ".$autoLosslessRefresh if ($autoLosslessRefresh > 0.0);
#$cmd .= " -nolisten local" if ($os eq "SunOS");
$cmd .= " -deferupdate $deferUpdate";
$cmd .= " -xkbdir $xkbdir" if ($xkbdir);
$cmd .= " -xkbcompdir $xkbcompdir" if ($xkbcompdir);
$cmd .= " -pamsession" if ($pamSession);

foreach $arg (@ARGV) {
    $cmd .= " " . &quotedString($arg);
}
if (!$opt{'-debug'}) {
    $cmd .= " >> " . &quotedString($desktopLog) . " 2>&1";
}

# Run $cmd and record the process ID.

$pidFile = "$vncUserDir/$host:$displayNumber.pid";
system("$cmd & echo \$! >$pidFile");

# Give Xvnc a chance to start up

sleep(1);
unless (kill 0, `cat $pidFile`) {
    warn "\nWARNING: The first attempt to start Xvnc failed, possibly because the vncserver\n";
    warn "script was not able to figure out an appropriate X11 font path for this system\n";
    warn "or because the font path you specified with the -fp argument was not valid.\n";
    warn "Attempting to restart Xvnc using the X Font Server (xfs) ...\n";
    $cmd =~ s@-fp [^ ]+@@;
    $cmd .= " -fp $defFontPath" if ($defFontPath);
    system("$cmd & echo \$! >$pidFile");
    sleep(1);
}
unless (kill 0, `cat $pidFile`) {
    warn "Could not start Xvnc.\n\n";
    open(LOG, "<$desktopLog");
    while (<LOG>) { print; }
    close(LOG);
    die "\n";
}

warn "\nDesktop '$desktopName' started on display $host:$displayNumber\n\n";

if ($generateOTP == 1) {
    warn "One-Time Password authentication enabled.  Generating initial OTP ...\n";

    system($exedir."vncpasswd -o -display $host:$displayNumber");
    if (($? & 0xFF00) != 0) {
        print "Could not generate initial OTP.\n";
        exit 1;
    }

    warn "Run 'vncpasswd -o' from within the TurboVNC session or\n    'vncpasswd -o -display $host:$displayNumber' from within this shell\n    to generate additional OTPs\n";
}

# Create the user's xstartup script if necessary.

if (! $skipxstartup) {
    unless (-e "$xstartup" or $opt{'-xstartup'}) {
        warn "Creating default startup script $xstartup\n";
        open(XSTARTUP, ">$xstartup");
        print XSTARTUP $defaultXStartup;
        close(XSTARTUP);
        chmod 0755, "$xstartup";
    }

    # Run the X startup script.

    warn "Starting applications specified in $xstartup\n";
    if ($useVGL) {
        warn "(Enabling 3D window manager support)\n";
        $ENV{TVNC_3DWM}= "1";
    }
}
warn "Log file is $desktopLog\n\n";

# If the unix domain socket exists then use that (DISPLAY=:n) otherwise use
# TCP (DISPLAY=host:n)

if (-e "/tmp/.X11-unix/X$displayNumber") {
    $ENV{DISPLAY}= ":$displayNumber";
} else {
    $ENV{DISPLAY}= "$host:$displayNumber";
}
$ENV{VNCDESKTOP}= $desktopName;
$ENV{VGL_COMPRESS}= "0";

system($exedir."tvncconfig >> " . &quotedString($desktopLog) . " 2>&1 &");

if (! $skipxstartup) {
  if ($opt{'-fg'}) {
    system("$xstartup >> " . &quotedString($desktopLog) . " 2>&1");
    if (kill 0, `cat $pidFile`) {
        $opt{'-kill'} = ':'.$displayNumber;
        &Kill();
    }
  } else {
    if ($autokill) {
      system("($xstartup; $0 -kill :$displayNumber) >> "
             . &quotedString($desktopLog) . " 2>&1 &");
    } else {
      system("$xstartup >> " . &quotedString($desktopLog) . " 2>&1 &");
    }
  }
}

exit;


###############################################################################
#
# CheckGeometryAndDepth simply makes sure that the geometry and depth values
# are sensible.
#

sub CheckGeometryAndDepth
{
    if ($geometry =~ /^(\d+)x(\d+)$/) {
        $width = $1; $height = $2;

        if (($width<1) || ($height<1)) {
            die "$prog: geometry $geometry is invalid\n";
        }

        while (($width % 4)!=0) {
            $width = $width + 1;
        }

        while (($height % 2)!=0) {
            $height = $height + 1;
        }

        $geometry = "${width}x$height";
    } else {
        die "$prog: geometry $geometry is invalid\n";
    }

    if (($depth < 8) || ($depth > 32)) {
        die "Depth must be between 8 and 32\n";
    }
}


#
# GetDisplayNumber gets the lowest available display number.  A display number
# n is taken if something is listening on the VNC server port (5900+n) or the
# X server port (6000+n).
#

sub GetDisplayNumber
{
    foreach $n (1..99) {
        if (&CheckDisplayNumber($n)) {
            return $n+0; # Bruce Mah's workaround for bug in perl 5.005_02
        }
    }

    die "$prog: no free display number on $host.\n";
}


#
# CheckDisplayNumber checks if the given display number is available.  A
# display number n is taken if something is listening on the VNC server port
# (5900+n) or the X server port (6000+n).
#

sub CheckDisplayNumber
{
    local ($n) = @_;

    socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n";
    eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))';
    unless (bind(S, pack('S n x12', $AF_INET, 6000 + $n))) {
        close(S);
        return 0;
    }
    close(S);

    socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n";
    eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))';
    unless (bind(S, pack('S n x12', $AF_INET, 5900 + $n))) {
        close(S);
        return 0;
    }
    close(S);

    if (-e "/tmp/.X$n-lock") {
        warn "\nWarning: $host:$n is taken because of /tmp/.X$n-lock\n";
        warn "Remove this file if there is no X server $host:$n\n";
        return 0;
    }

    if (-e "/tmp/.X11-unix/X$n") {
        warn "\nWarning: $host:$n is taken because of /tmp/.X11-unix/X$n\n";
        warn "Remove this file if there is no X server $host:$n\n";
        return 0;
    }

    return 1;
}


#
# GetXDisplayDefaults uses xdpyinfo to find out the geometry, depth and pixel
# format of the current X display being used.  If successful, it sets the
# options as appropriate so that the X VNC server will use the same settings
# (minus an allowance for window manager decorations on the geometry).  Using
# the same depth and pixel format means that the VNC server won't have to
# translate pixels when the desktop is being viewed on this X display (for
# TrueColor displays anyway).
#

sub GetXDisplayDefaults
{
    local (@lines, @matchlines, $width, $height, $defaultVisualId, $i,
           $red, $green, $blue);

    $wmDecorationWidth = 4;        # a guess at typical size for window manager
    $wmDecorationHeight = 24;        # decoration size

    return unless (defined($ENV{DISPLAY}));

    @lines = `xdpyinfo 2>/dev/null`;

    return if ($? != 0);

    @matchlines = grep(/dimensions/, @lines);
    if (@matchlines) {
        ($width, $height) = ($matchlines[0] =~ /(\d+)x(\d+) pixels/);

        $width -= $wmDecorationWidth;
        $height -= $wmDecorationHeight;

        $geometry = "${width}x$height";
    }

    @matchlines = grep(/default visual id/, @lines);
    if (@matchlines) {
        ($defaultVisualId) = ($matchlines[0] =~ /id:\s+(\S+)/);

        for ($i = 0; $i < @lines; $i++) {
            if ($lines[$i] =~ /^\s*visual id:\s+$defaultVisualId$/) {
                if (($lines[$i+1] !~ /TrueColor/) ||
                    ($lines[$i+2] !~ /depth/) ||
                    ($lines[$i+4] !~ /red, green, blue masks/))
                {
                    return;
                }
                last;
            }
        }

        return if ($i >= @lines);

        ($depth) = ($lines[$i+2] =~ /depth:\s+(\d+)/);
        ($red,$green,$blue)
            = ($lines[$i+4]
               =~ /masks:\s+0x([0-9a-f]+), 0x([0-9a-f]+), 0x([0-9a-f]+)/);

        $red = hex($red);
        $green = hex($green);
        $blue = hex($blue);

        if ($red > $blue) {
            $red = int(log($red) / log(2)) - int(log($green) / log(2));
            $green = int(log($green) / log(2)) - int(log($blue) / log(2));
            $blue = int(log($blue) / log(2)) + 1;
            $pixelformat = "rgb$red$green$blue";
        } else {
            $blue = int(log($blue) / log(2)) - int(log($green) / log(2));
            $green = int(log($green) / log(2)) - int(log($red) / log(2));
            $red = int(log($red) / log(2)) + 1;
            $pixelformat = "bgr$blue$green$red";
        }
    }
}


#
# quotedString returns a string which yields the original string when parsed
# by a shell.
#

sub quotedString
{
    local ($in) = @_;

    $in =~ s/\'/\'\"\'\"\'/g;

    return "'$in'";
}


#
# removeSlashes turns slashes into underscores for use as a file name.
#

sub removeSlashes
{
    local ($in) = @_;

    $in =~ s|/|_|g;

    return "$in";
}


#
# Usage
#

sub Usage
{
    die("TurboVNC Server v2.1 (build 20180112)\n".
        "\n".
        "Usage: $prog [<OPTIONS>] [:<DISPLAY#>]\n".
        "       $prog -kill :<DISPLAY#>\n".
        "       $prog -list\n".
        "\n".
        "<OPTIONS> are Xvnc options, or:\n".
        "\n".
        "        -geometry <WIDTH>x<HEIGHT>\n".
        "        -depth <DEPTH>\n".
        "        -pixelformat rgb<NNN>\n".
        "        -pixelformat bgr<NNN>\n".
        "        -fp <FONT-PATH>\n".
        "        -name <DESKTOP-NAME>\n".
        "        -nohttpd\n".
        "        -otp\n".
        "        -fg\n".
        "        -x509cert <CERT-FILE>\n".
        "        -x509key <KEY-FILE>\n".
        "        -autokill\n".
        "        -noxstartup\n".
        "        -xstartup <SCRIPT>\n".
        "        -3dwm\n".
        "        -log <FILE>\n".
        "\n".
        "See vncserver and Xvnc manual pages for more information.\n");
}


#
# List
#

sub List
{
    opendir(dir, $vncUserDir);
    my @filelist = readdir(dir);
    closedir(dir);
    print "\nTurboVNC server sessions:\n\n";
    print "X DISPLAY #\tPROCESS ID\n";
    foreach my $file (@filelist) {
        if ($file =~ /$host:(\d+)$\.pid/) {
            print ":".$1."\t\t".`cat $vncUserDir/$file`;
        }
    }
    exit;
}


#
# Kill
#

sub Kill
{
    $opt{'-kill'} =~ s/(:\d+)\.\d+$/$1/; # e.g. turn :1.0 into :1

    if ($opt{'-kill'} =~ /^:\d+$/) {
        $pidFile = "$vncUserDir/$host$opt{'-kill'}.pid";
    } else {
        if ($opt{'-kill'} !~ /^$host:/) {
            die "\nCan't tell if $opt{'-kill'} is on $host\n".
                "Use -kill :<number> instead\n\n";
        }
        $pidFile = "$vncUserDir/$opt{'-kill'}.pid";
    }

    unless (-r $pidFile) {
        die "\nCan't find file $pidFile\n".
            "You'll have to kill the Xvnc process manually\n\n";
    }

    $SIG{'HUP'} = 'IGNORE';
    chop($pid = `cat $pidFile`);
    warn "Killing Xvnc process ID $pid\n";

    if (kill 0, $pid) {
        system("kill $pid");
        sleep(1);
        if (kill 0, $pid) {
            print "Xvnc seems to be deadlocked.  Kill the process manually and then re-run\n";
            print "    ".$0." -kill ".$opt{'-kill'}."\n";
            print "to clean up the socket files.\n";
            exit
        }

    } else {
        warn "Xvnc process ID $pid already killed\n";
        $opt{'-kill'} =~ s/://;

        if (-e "/tmp/.X11-unix/X$opt{'-kill'}") {
            print "Xvnc did not appear to shut down cleanly.";
            print " Removing /tmp/.X11-unix/X$opt{'-kill'}\n";
            unlink "/tmp/.X11-unix/X$opt{'-kill'}";
        }
        if (-e "/tmp/.X$opt{'-kill'}-lock") {
            print "Xvnc did not appear to shut down cleanly.";
            print " Removing /tmp/.X$opt{'-kill'}-lock\n";
            unlink "/tmp/.X$opt{'-kill'}-lock";
        }
    }

    unlink $pidFile;
    exit;
}


#
# ParseOptions takes a list of possible options and a boolean indicating
# whether the option has a value following, and sets up an associative array
# %opt of the values of the options given on the command line. It removes all
# the arguments it uses from @ARGV and returns them in @optArgs.
#

sub ParseOptions
{
    local (@optval) = @_;
    local ($opt, @opts, %valFollows, @newargs);

    while (@optval) {
        $opt = shift(@optval);
        push(@opts,$opt);
        $valFollows{$opt} = shift(@optval);
    }

    @optArgs = ();
    %opt = ();

    arg: while (defined($arg = shift(@ARGV))) {
        foreach $opt (@opts) {
            if ($arg eq $opt) {
                push(@optArgs, $arg);
                if ($valFollows{$opt}) {
                    if (@ARGV == 0) {
                        &Usage();
                    }
                    $opt{$opt} = shift(@ARGV);
                    push(@optArgs, $opt{$opt});
                } else {
                    $opt{$opt} = 1;
                }
                next arg;
            }
        }
        push(@newargs,$arg);
    }

    @ARGV = @newargs;
}


#
# Routine to make sure we're operating in a sane environment.
#

sub SanityCheck
{
    local ($cmd);

    #
    # Get the program name
    #

    ($prog) = ($0 =~ m|([^/]+)$|);

    #
    # Check we have all the commands we'll need on the path.
    #

  cmd:
    foreach $cmd ("uname") {
        for (split(/:/,$ENV{PATH})) {
            if (-x "$_/$cmd") {
                next cmd;
            }
        }
        die "$prog: couldn't find \"$cmd\" on your PATH.\n";
    }
    if (-x "/usr/X11R6/bin/xauth") {
        $xauth = "/usr/X11R6/bin/xauth";
    }
    elsif (-x "/usr/openwin/bin/xauth") {
        $xauth = "/usr/openwin/bin/xauth";
    }
    else {
      cmd1:
        foreach $cmd ("xauth") {
            for (split(/:/,$ENV{PATH})) {
                if (-x "$_/$cmd") {
                    next cmd1;
                }
            }
            die "$prog: couldn't find \"$cmd\" on your PATH.\n";
        }
    }

    cmd2:
      foreach $cmd ($exedir."Xvnc", $exedir."vncpasswd") {
          for (split(/:/,$ENV{PATH})) {
              if (-x "$cmd") {
                  if (-d "$exedir/../java") {
                      $vncClasses = "$exedir/../java";
                  }
                  next cmd2;
              }
          }
          die "$prog: couldn't find \"$cmd\".\n";
      }

    #
    # Check the HOME and USER environment variables are both set.
    #

    unless (defined($ENV{HOME})) {
        die "$prog: The HOME environment variable is not set.\n";
    }
#    unless (defined($ENV{USER})) {
#        die "$prog: The USER environment variable is not set.\n";
#    }

    #
    # Find socket constants. 'use Socket' is a perl5-ism, so we wrap it in an
    # eval, and if it fails we try 'require "sys/socket.ph"'.  If this fails,
    # we just guess at the values.  If you find perl moaning here, just
    # hard-code the values of AF_INET and SOCK_STREAM.  You can find these out
    # for your platform by looking in /usr/include/sys/socket.h and related
    # files.
    #

    chop($os = `uname`);
    chop($osrev = `uname -r`);

    eval 'use Socket';
    if ($@) {
        eval 'require "sys/socket.ph"';
        if ($@) {
            if (($os eq "SunOS") && ($osrev !~ /^4/)) {
                $AF_INET = 2;
                $SOCK_STREAM = 2;
            } else {
                $AF_INET = 2;
                $SOCK_STREAM = 1;
            }
        } else {
            $AF_INET = &AF_INET;
            $SOCK_STREAM = &SOCK_STREAM;
        }
    } else {
        $AF_INET = &AF_INET;
        $SOCK_STREAM = &SOCK_STREAM;
    }
}

sub ReadConfiguration
{
  my @configurableVariables =
    qw(geometry
       depth
       desktopName
       dpi
       vncClasses
       vncUserDir
       fontPath
       securityTypes
       generateOTP
       autoLosslessRefresh
       enableHTTP
       autokill
       pamSession
      );

  if (open CONF, "<$configFile") {
    while (<CONF>) {
      if (/^\s*\$(\w+)\s*=\s*(.*)$/) {
        for my $var (@configurableVariables) {
          if ($1 eq $var) {
            eval $_;
            last;
          }
        }
      }
    }
    close CONF;
  }
}

sub ReadAuthConfiguration ($)
{
  my $acf = shift;
  my $enableVNC = 0;
  my $enableOTP = 0;
  my $enableX509 = 0;
  my $permissionsSet = 0;

  return unless (open(ACF, $acf));

  while (<ACF>) {
    $_ =~ s/[\t\ \r\n]//g;
    @tokens = split(/=/, $_);
    if (@tokens[0] eq 'permitted-auth-methods') {
      $permissionsSet = 1;
      foreach $tok (split/[,=]/, $_) {
        if (lc $tok eq 'otp') {
          $enableOTP = 1;
        }
        if (lc $tok eq 'vnc') {
          $enableVNC = 1;
        }
      }
    }
    if (@tokens[0] eq 'permitted-security-types') {
      $permissionsSet = 1;
      foreach $tok (split/[,=]/, $_) {
        if (substr(lc $tok, -3) eq 'otp') {
          $enableOTP = 1;
        }
        if (substr(lc $tok, -3) eq 'vnc') {
          $enableVNC = 1;
        }
        if (substr(lc $tok, 0, 4) eq 'x509') {
          $enableX509 = 1;
        }
      }
    }
  }

  return unless ($permissionsSet == 1);

  if ($enableVNC == 0) {
    $authTypeVNC = 0;
  }
  if ($enableOTP == 0) {
    $authTypeOTP = 0;
  }
  if ($enableX509 == 0) {
    $encTypeX509 = 0;
  }

  close(ACF);
}
