diff -rud -x .bzr freenx-server-0.7.3/ChangeLog freenx-server.fixes/ChangeLog --- freenx-server-0.7.3/ChangeLog 2008-08-22 02:44:43.000000000 +0200 +++ freenx-server.fixes/ChangeLog 2009-11-23 10:16:13.106350517 +0100 @@ -1,3 +1,20 @@ +xx.11.2008 FreeNX 0.7.4 + * Opened the 0.7.4 development. + * Fixed missing export of NX_ETC_DIR in Makefile, + so node.conf.sample is installed correctly. + (fabianx@bat.berlios.de) + * Fixed broken round-robin load balance algorithm. + (fabianx@bat.berlios.de) + * Fixed --terminate|--suspend|--force-terminate for + load balancing case. + (fabianx@bat.berlios.de) + * Fixed --terminate|--suspend|--force-terminate for + usermode case. + (fabianx@bat.berlios.de) + * Fixed non-encrypted session mode. You might need to + set EXTERNAL_PROXY_IP in node.conf. + (fabianx@bat.berlios.de) + 18.08.2008 FreeNX 0.7.3 "Priscilla One Year Edition" * Opened the 0.7.3 development. * Added logging of failed authentication attempts Only in freenx-server.fixes: data diff -rud -x .bzr freenx-server-0.7.3/init.d/freenx-server freenx-server.fixes/init.d/freenx-server --- freenx-server-0.7.3/init.d/freenx-server 2008-03-02 11:29:52.000000000 +0100 +++ freenx-server.fixes/init.d/freenx-server 2009-11-23 10:16:13.100350348 +0100 @@ -1,28 +1,43 @@ #!/bin/bash -# -# Sample startup script for FreeNX server -# -# Coypright (c) 2007 by Fabian Franz . -# -# License: GNU GPL, version 2 -# -# SVN: $Id: freenx-server 485 2008-03-02 10:29:52Z fabianx $ -# -# Read the config file -. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) -- +### BEGIN INIT INFO +# Provides: freenx_server +# Required-Start: sshd +# Required-Stop: sshd +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: FreeNX Server +# Description: Cleanup FreeNX Server session database at boot time +### END INIT INFO + +PATH_BIN=/usr/lib/nx case "$1" in start) - [ ! -d "/tmp/.X11-unix" ] && mkdir -m1755 /tmp/.X11-unix/ + if [ ! -e "/var/run/freenx-server" ]; then + [ ! -d "/tmp/.X11-unix" ] && mkdir -m1755 /tmp/.X11-unix/ + $PATH_BIN/nxserver --cleanup + $PATH_BIN/nxserver --start + touch "/var/run/freenx-server"; + else + echo "Not starting freenx-server, it's already started." + fi + ;; + restart|force-reload) $PATH_BIN/nxserver --cleanup $PATH_BIN/nxserver --start + touch "/var/run/freenx-server"; ;; stop) $PATH_BIN/nxserver --stop $PATH_BIN/nxserver --cleanup - ;; + rm -f /var/run/freenx-server + ;; + status) + [ ! -e "/var/run/freenx-server" ] || exit 3 + exit 0; + ;; *) - echo "Usage: $0 " + echo "Usage: $0 " ;; esac diff -rud -x .bzr freenx-server-0.7.3/Makefile freenx-server.fixes/Makefile --- freenx-server-0.7.3/Makefile 2008-08-18 04:16:25.000000000 +0200 +++ freenx-server.fixes/Makefile 2009-11-23 10:16:13.102350032 +0100 @@ -8,7 +8,7 @@ all: cd nxviewer-passwd && xmkmf && make Makefiles && make depend source nxloadconfig &&\ - export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION &&\ + export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION NX_ETC_DIR &&\ for i in $(SUBDIRS) ; \ do\ echo "making" all "in $$i..."; \ @@ -35,14 +35,29 @@ #$(MAKE) suid_install clean: - make -C nxviewer-passwd clean for i in $(SUBDIRS) ; \ do\ echo "making" clean "in $$i..."; \ - $(MAKE) -C $$i clean || exit 1;\ + if test -e "$$i/Makefile"; \ + then $(MAKE) -C $$i clean || exit 1;\ + else echo ignoring $$i;\ + fi;\ done + rm -f nxviewer-passwd/Makefile.back + rm -f nxviewer-passwd/Makefile + rm -f nxviewer-passwd/nxpasswd/Makefile + rm -f nxviewer-passwd/libvncauth/Makefile install: source nxloadconfig &&\ - export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION &&\ + export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION NX_ETC_DIR &&\ $(MAKE) nxenv_install + +debian-tarball: + mkdir freenx-server + cp -r * freenx-server || echo 0 + sed "s/NX_VERSION=3.2.0-74-SVN/NX_VERSION=3.2.0-74-TEAMBZR`bzr revno`/" nxloadconfig > freenx-server/nxloadconfig + rm -rf freenx-server/.bzr* + rm -rf freenx-server/freenx-server + [ -d ".bzr" ] && tar -czf ../freenx-server_0.7.3+teambzr`bzr revno`.orig.tar.gz freenx-server + rm -rf freenx-server diff -rud -x .bzr freenx-server-0.7.3/node.conf.sample freenx-server.fixes/node.conf.sample --- freenx-server-0.7.3/node.conf.sample 2008-08-22 02:44:43.000000000 +0200 +++ freenx-server.fixes/node.conf.sample 2009-11-23 10:16:13.102350032 +0100 @@ -37,7 +37,7 @@ # # https://mail.kde.org/mailman/listinfo/freenx-knx # -# SVN: $Id: node.conf.sample 580 2008-08-22 00:44:43Z fabianx $ +# SVN: $Id: node.conf.sample 613 2008-09-01 20:42:31Z fabianx $ ######################################################################### # General FreeNX directives @@ -47,6 +47,11 @@ # different than the default hostname (as returned by `hostname`) #SERVER_NAME="$(hostname)" +# The node ip which is used by NX Node in unecnrypted session mode. +# Set it if you want to use a specific external ip or the autodetection +# is not working. +#EXTERNAL_PROXY_IP="" + # The port number where local 'sshd' is listening. #SSHD_PORT=22 @@ -501,6 +506,11 @@ #USER_X_STARTUP_SCRIPT=.Xclients #DEFAULT_X_SESSION=/etc/X11/xdm/Xsession +# When the session is started some distros execute some scripts to get the +# environment ready. Set 1 if you want DEFAULT_X_SESSION to be called before +# executing the session. +#BOOTSTRAP_X_SESSION="0" + # The key that contains the name of the script that starts a KDE session. # It's run when a 'unix-kde' session is requested by the client. #COMMAND_START_KDE=startkde diff -rud -x .bzr freenx-server-0.7.3/nxdesktop_helper freenx-server.fixes/nxdesktop_helper --- freenx-server-0.7.3/nxdesktop_helper 2008-08-06 00:52:30.000000000 +0200 +++ freenx-server.fixes/nxdesktop_helper 2009-11-23 10:16:13.099350087 +0100 @@ -37,8 +37,11 @@ agent_password=$(url_decode "$agent_password") agent_password=$(url_decode "$agent_password") +[ "$agent_domain" = "" ] || DOMAIN="-d $agent_domain" +[ "$windows_app" = "$0" ] || [ "$windows_app" = "" ] || APPLICATION="-s \"$windows_app\"" + # setup commandline -set -- -u "$agent_user" -k "$agent_keyboard" -d "$agent_domain" -f -s "$windows_app" $AGENT_EXTRA_OPTIONS_RDP "$agent_server" +set -- -u "$agent_user" -k "$agent_keyboard" $APPLICATION $DOMAIN -f $AGENT_EXTRA_OPTIONS_RDP "$agent_server" if [ -n "$agent_password" ] then diff -rud -x .bzr freenx-server-0.7.3/nxdialog freenx-server.fixes/nxdialog --- freenx-server-0.7.3/nxdialog 2008-03-11 00:01:03.000000000 +0100 +++ freenx-server.fixes/nxdialog 2009-11-23 10:16:13.102350032 +0100 @@ -76,7 +76,10 @@ # This is now fixed in NXClient 3.0.0, but still people sometimes use # older clients. -NXCLIENT="/usr/NX/bin/nxclient" +[ -x "/usr/bin/nxclient" ] && NXCLIENT="/usr/bin/nxclient" +[ -x "/usr/NX/bin/nxclient" ] && NXCLIENT="/usr/NX/bin/nxclient" +[ -z "$NXCLIENT" ] && NXCLIENT="/usr/NX/bin/nxclient" + [ -x "$NXCLIENT" -a "$DIALOG_TYPE" != "printer" -a "$(file -bi $NXCLIENT)" != 'application/x-shellscript' ] \ && exec ${NXCLIENT} "${PARAMS[@]}" diff -rud -x .bzr freenx-server-0.7.3/nxkeygen freenx-server.fixes/nxkeygen --- freenx-server-0.7.3/nxkeygen 2008-03-11 00:01:03.000000000 +0100 +++ freenx-server.fixes/nxkeygen 2009-11-23 10:16:13.099350087 +0100 @@ -18,7 +18,7 @@ # Read the config file . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) -- -NX_KEY_DIR="$NX_HOME_DIR/.ssh" +[ -z "$NX_KEY_DIR" ] && NX_KEY_DIR="$NX_HOME_DIR/.ssh" DATE="`date '+%Y%m%d-%H%M%S'`" NX_CLIENT_KEY="${NX_KEY_DIR}/client.id_dsa.key" NX_SERVER_KEY="${NX_KEY_DIR}/server.id_dsa.pub.key" @@ -69,5 +69,10 @@ echo "on their computers." } +if [ -f "${NX_SERVER_KEY}" -a -f "${NX_CLIENT_KEY}" -a ! -z "$NX_DONT_OVERRIDE" ]; then + echo "Not overriding the existing key" + exit +fi + main "$@" diff -rud -x .bzr freenx-server-0.7.3/nxloadconfig freenx-server.fixes/nxloadconfig --- freenx-server-0.7.3/nxloadconfig 2008-08-22 02:44:43.000000000 +0200 +++ freenx-server.fixes/nxloadconfig 2009-11-23 10:16:13.103349734 +0100 @@ -5,7 +5,7 @@ # # License: GPL, version 2 # -# SVN: $Id: nxloadconfig 580 2008-08-22 00:44:43Z fabianx $ +# SVN: $Id: nxloadconfig 613 2008-09-01 20:42:31Z fabianx $ # # ======================================================================== @@ -52,7 +52,7 @@ # DO NOT TOUCH unless you REALLY know what you are doing ######################################################################### -NX_VERSION=3.2.0-73 +NX_VERSION=3.2.0-74-SVN NX_LICENSE="OS (GPL, using backend: %BACKEND%)" # Where can different nx components be found @@ -85,7 +85,15 @@ # General FreeNX directives SERVER_NAME="$(hostname)" -SSHD_PORT=22 +EXTERNAL_PROXY_IP="" +if [ -r "/etc/ssh/sshd_config" ] +then + SSHD_PORT=$(grep "^ *Port " -m 1 /etc/ssh/sshd_config | awk '{ print $2 ;}') + [ -z $(echo "$SSHD_PORT" | egrep "^[1-9][0-9]{0,4}$") ] && SSHD_PORT=22 +else + SSHD_PORT=22 +fi + # Authentication / Security directives @@ -184,8 +192,14 @@ DEFAULT_X_WM="" KILL_DEFAULT_X_WM="1" +BOOTSTRAP_X_SESSION="0" USER_X_STARTUP_SCRIPT=.Xclients DEFAULT_X_SESSION=/etc/X11/xdm/Xsession +COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom" +if [ ! -x "$COMMAND_GDM_X_SESSION" ] +then + COMMAND_GDM_X_SESSION="/etc/X11/Xsession" +fi COMMAND_START_KDE=startkde COMMAND_START_GNOME=gnome-session COMMAND_START_CDE=cdwm @@ -207,6 +221,21 @@ COMMAND_X11VNC="x11vnc" COMMAND_TASKSET="taskset" +COMMAND_NXSHADOWACL="$PATH_BIN/nxshadowacl" +COMMAND_NXACL="$PATH_BIN/nxacl" +COMMAND_NXCHECKLOAD="$PATH_BIN/nxcheckload" +COMMAND_NXAGENT="$PATH_BIN/nxagent" + +# Guest directives +ENABLE_GUEST_LOGIN="0" +COMMAND_GUEST_LOGIN="/usr/lib/nx/guest/nxnode" +# Try to use protected enviroment for guest sessions +COMMAND_GUEST_X_SESSION="/usr/share/gdm/guest-session/Xsession custom" +if [ ! -x "/usr/share/gdm/guest-session/Xsession" ] +then + COMMAND_GUEST_X_SESSION=$COMMAND_GDM_X_SESSION +fi + # Misc directives ENABLE_1_5_0_BACKEND="" @@ -287,12 +316,25 @@ { ! mywhich "$PATH_BIN/nxdesktop"; } >/dev/null 2>&1 && ENABLE_EXTERNAL_NXDESKTOP="1" { ! mywhich "$PATH_BIN/nxviewer"; } >/dev/null 2>&1 && ENABLE_EXTERNAL_NXVIEWER="1" { ! mywhich "$COMMAND_VNCPASSWD" && which vncpasswd; } >/dev/null 2>&1 && COMMAND_VNCPASSWD=$(which vncpasswd) + { ! mywhich "$COMMAND_NXSHADOWACL" && test -f /etc/nxserver/nxshadowacl; } >/dev/null 2>&1 && COMMAND_NXSHADOWACL=/etc/nxserver/nxshadowacl + { ! mywhich "$COMMAND_NXACL" && test -f /etc/nxserver/nxacl; } >/dev/null 2>&1 && COMMAND_NXACL=/etc/nxserver/nxacl + { ! mywhich "$COMMAND_NXCHECKLOAD" && test -f /etc/nxserver/nxcheckload; } >/dev/null 2>&1 && COMMAND_NXCHECKLOAD=/etc/nxserver/nxcheckload + { ! mywhich "$COMMAND_NXAGENT" && which nxagent; } >/dev/null 2>&1 && COMMAND_NXAGENT=$(which nxagent) fi ######################################################################### # node.conf file evaluation ######################################################################### +SHARED_CONFS="/usr/share/freenx-server" +if [ -d $SHARED_CONFS/node.conf.d ] +then + for i in $SHARED_CONFS/node.conf.d/* + do + [ -e $i ] && . $i + done +fi + if [ -d $NX_ETC_DIR/node.conf.d ] then for i in $NX_ETC_DIR/node.conf.d/* @@ -317,7 +359,7 @@ [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB [ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2" -NX_BACKEND_VERSION=$(strings $PATH_BIN/nxagent 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g') +NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g') [ "$ENABLE_1_5_0_BACKEND" = "1" ] && NX_BACKEND_VERSION="1.5.0" # forced the backend @@ -354,19 +396,19 @@ ERROR="yes" && echo "Error: Invalid value \"PATH_BIN=$PATH_BIN\"" # Check for NX agents ... - [ ! -x "$PATH_BIN/nxagent" ] && \ + [ ! -x "$COMMAND_NXAGENT" ] && \ ERROR="yes" && echo "Error: Could not find nxagent in $PATH_BIN. Please install some OSS components." - if [ "ENABLE_EXTERNAL_NXDESKTOP" = "1" ] + if [ "$ENABLE_EXTERNAL_NXDESKTOP" = "1" ] then [ ! mywhich "$COMMAND_RDESKTOP" >/dev/null 2>&1 ] && \ WARNING="yes" && echo "Warning: Could not find COMMAND_RDESKTOP=$COMMAND_RDESKTOP. RDP sessions won't work." else [ ! -x "$PATH_BIN/nxdesktop" ] && \ - WARNING="yes" && echo "Warning: Could not find nxdesktop in $PATH_BIN. RDP sessions won't work." + WARNING="yes" && echo "Warning: Could not find nxdesktop in $PATH_BIN. RDP sessions won't work. Ignore if you use NX > 3.2" fi - if [ "ENABLE_EXTERNAL_NXVIEWER" = "1" ] + if [ "$ENABLE_EXTERNAL_NXVIEWER" = "1" ] then [ ! mywhich "$COMMAND_VNCVIEWER" >/dev/null 2>&1 ] && \ WARNING="yes" && echo "Warning: Could not find COMMAND_VNCVIEWER=$COMMAND_VNCVIEWER. VNC sessions won't work." @@ -374,7 +416,7 @@ WARNING="yes" && echo "Warning: Could not find COMMAND_VNCPASSWD=$COMMAND_VNCPASSWD. VNC sessions won't work." else [ ! -x "$PATH_BIN/nxviewer" ] && \ - WARNING="yes" && echo "Warning: Could not find nxviewer in $PATH_BIN. VNC sessions won't work." + WARNING="yes" && echo "Warning: Could not find nxviewer in $PATH_BIN. VNC sessions won't work. Ignore if you use NX > 3.2" fi [ ! mywhich "$COMMAND_X11VNC" >/dev/null 2>&1 ] && \ @@ -400,10 +442,12 @@ OLD_IFS=$IFS IFS=":" - for LIBRARY in $APPLICATION_LIBRARY_PRELOAD; do - [ ! -e $LIBRARY ] && \ - WARNING="yes" && echo "Warning: Invalid value \"APPLICATION_LIBRARY_PRELOAD=$APPLICATION_LIBRARY_PRELOAD\". $LIBRARY could not be found. Users will not be able to run a single application in non-rootless mode." && break ; - done + if [ "$SET_LD_LIBRARY_PATH" = "1" ]; then + for LIBRARY in $APPLICATION_LIBRARY_PRELOAD; do + [ ! -e $LIBRARY ] && \ + WARNING="yes" && echo "Warning: Invalid value \"APPLICATION_LIBRARY_PRELOAD=$APPLICATION_LIBRARY_PRELOAD\". $LIBRARY could not be found. Users will not be able to run a single application in non-rootless mode." && break ; + done + fi IFS=$OLD_IFS [ -z "$SSH_AUTHORIZED_KEYS" ] && \ @@ -579,7 +623,7 @@ && echo " Users will not be able to enable printing." [ -z "$(strings $COMMAND_CUPSD | egrep 'CUPS\/1.2')" ] && \ WARNING="yes" && echo "Warning: Invalid cupsd version of \"$COMMAND_CUPSD\". Need version 1.2." \ - && echo " Users will not be able to enable printing." + && echo " Users will not be able to enable printing. Ignore if you use cups > 1.2" ! mywhich "$COMMAND_MD5SUM" >/dev/null 2>&1 && \ ERROR="yes" && echo "Error: Invalid value \"COMMAND_MD5SUM=$COMMAND_MD5SUM\"" @@ -606,8 +650,8 @@ [ -z $(echo "$ENABLE_ROOTLESS_MODE" | egrep "^[0|1]$") ] && \ ERROR="yes" && echo "Error: Invalid value \"ENABLE_ROOTLESS_MODE=$ENABLE_ROOTLESS_MODE\"" - [ -z "$(strings $PATH_BIN/nxagent | egrep 'NXAGENT - Version 1.5.0|NXAGENT - Version 2.[01].0|NXAGENT - Version 3.[012].0')" ] && \ - WARNING="yes" && echo "Error: Could not find 1.5.0 or 2.[01].0 or 3.[01].0 version string in nxagent. NX 1.5.0 or 2.[01].0 or 3.[012].0 backend is needed for this version of FreeNX." + [ -z "$(strings $COMMAND_NXAGENT | egrep 'NXAGENT - Version 1.5.0|NXAGENT - Version 2.[01].0|NXAGENT - Version 3.[0123].0')" ] && \ + WARNING="yes" && echo "Error: Could not find 1.5.0 or 2.[01].0 or 3.[0123].0 version string in nxagent. NX 1.5.0 or 2.[01].0 or 3.[0123].0 backend is needed for this version of FreeNX." [ -z $(echo "$ENABLE_USESSION" | egrep "^[0|1]$") ] && \ ERROR="yes" && echo "Error: Invalid value \"ENABLE_USESSION=$ENABLE_USESSION\"" diff -rud -x .bzr freenx-server-0.7.3/nxnode freenx-server.fixes/nxnode --- freenx-server-0.7.3/nxnode 2008-08-22 02:44:43.000000000 +0200 +++ freenx-server.fixes/nxnode 2009-11-23 10:16:13.104350274 +0100 @@ -13,7 +13,7 @@ # # License: GNU GPL, version 2 # -# SVN: $Id: nxnode 580 2008-08-22 00:44:43Z fabianx $ +# SVN: $Id: nxnode 613 2008-09-01 20:42:31Z fabianx $ # # 21.06.2004: - Full reconnection support @@ -217,7 +217,11 @@ unix-cde) NODE_STARTX=$COMMAND_START_CDE ;; - unix-application|windows-helper|vnc-helper) + windows-helper) + application="$PATH_BIN/nxdesktop_helper" + NODE_STARTX=$application + ;; + unix-application|vnc-helper) [ "$application" = "xterm" ] && application=$COMMAND_XTERM NODE_STARTX=$application ;; @@ -303,6 +307,7 @@ fi [ "$cups" = "1" -a "$ENABLE_CUPS_SERVER_EXPORT" = "1" ] && export CUPS_SERVER="$USER_FAKE_HOME/.nx/C-$sess_id/cups/cups.sock" + [ "$samba" = "1" -a "$ENABLE_CUPS_SERVER_EXPORT" = "1" ] && [ -d "$USER_FAKE_HOME/.nx/C-$sess_id/cups" ] && export CUPS_SERVER="$USER_FAKE_HOME/.nx/C-$sess_id/cups/cups.sock" if [ "$ENABLE_SAMBA_PRELOAD" = "1" -a -x "$PATH_BIN/nxredir" ] then @@ -332,6 +337,33 @@ [ -d /etc/X11/Xresources ] && xrdb -display :$display -merge /etc/X11/Xresources/* >>"$USER_FAKE_HOME/.nx/C-$sess_id/session" 2>&1 # + # Use Xsession to execute the Desktop session + # + + case $type in + unix-gnome) + export STARTUP="$NODE_APPLICATION" + if [ "$login_method" = "GUEST" ] + then + NODE_APPLICATION=$COMMAND_GUEST_X_SESSION + elif [ "$BOOTSTRAP_X_SESSION" = "1" ] + then + NODE_APPLICATION=$COMMAND_GDM_X_SESSION + fi + ;; + unix-kde|unix-cde) + export STARTUP="$NODE_APPLICATION" + if [ "$login_method" = "GUEST" ] + then + NODE_APPLICATION=$COMMAND_GUEST_X_SESSION + elif [ "$BOOTSTRAP_X_SESSION" = "1" ] + then + NODE_APPLICATION=$DEFAULT_X_SESSION + fi + ;; + esac + + # # Startup the application # @@ -370,6 +402,12 @@ node_agent_persistent_session() { P="-nopersistent" + # Guest sessions are always nonpersistent + if [ "$login_method" = "GUEST" ] + then + echo "$P" + return + fi OLD_IFS=$IFS IFS="," [ "$ENABLE_PERSISTENT_SESSION" = "all" ] && P="-persistent" @@ -540,7 +578,8 @@ # Start the agent - PATH="$PATH_BIN:$PATH" $PATH_BIN/nxagent $P $R -name "NX - $user@$SERVER_NAME:$display - $session (GPL Edition)" -option "$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP $AGENT_EXTRA_OPTIONS_X :$display 2>&3 & + #PATH="$PATH_BIN:$PATH" $COMMAND_NXAGENT $P $R -name "NX - $user@$SERVER_NAME:$display - $session (GPL Edition)" -option "$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP $AGENT_EXTRA_OPTIONS_X :$display 2>&3 & + PATH="$PATH_BIN:$PATH" $COMMAND_NXAGENT $P $R -name "NX - $user@$SERVER_NAME:$display - $session (GPL Edition)" -option "$USER_FAKE_HOME/.nx/C-$sess_id/options" $B $FP $AGENT_EXTRA_OPTIONS_X :$display 2>&3 & fi # @@ -699,7 +738,15 @@ [ -e "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" ] || return cat "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" | while read mpoint do - $COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null + for i in `seq 1 15` ; do + if [ "$(mount | grep "$mpoint" | wc -l)" -ne 0 ] ; then + $COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null + [ $? -ne 0 ] && $COMMAND_SMBUMOUNT -f "$mpoint" >/dev/null 2>/dev/null + else + break + fi + sleep 0.5s + done done } @@ -842,9 +889,9 @@ if stringinstring "Session: Display failure detected at" "$line" then - echo "NX> 596 Error: Session $1 failed. Reason was: $line" if [ "$1" = "restore" ] then + echo "NX> 596 Error: Session $1 failed. Reason was: $line" kill $NODE_TAIL_PID break fi @@ -1030,6 +1077,7 @@ session=$(getparam session) type=$(getparam type | sed 's/%2d/-/g') application=$(getparam application) + windows_app=$(getparam application) cache=$(getparam cache) images=$(getparam images) cookie=$(getparam cookie) @@ -1078,6 +1126,8 @@ # Rootless fix from 2x nxserver 1.5.0 realtype=$type [ "$type" = "unix-application" -o "$type" = "unix-default" ] && realtype="unix-desktop" + [ "$type" = "unix-gnome" ] && realtype="gnome" + [ "$type" = "unix-kde" ] && realtype="kde" # NX 2.1.0 file-sharing port options client=$(getparam client) @@ -1132,6 +1182,8 @@ shadowdisplay=$(getparam shadowdisplay) shadowhost=$(getparam shadowhost) + # Authentication method needed by guest mode. + login_method=$(getparam login_method) sess_id="$SERVER_NAME-$display-$uniqueid" NXSESSION_DIRECTORY="$USER_FAKE_HOME/.nx/C-$sess_id" @@ -1143,7 +1195,7 @@ export agent_password export agent_server export agent_domain - export windows_app=$application + export windows_app agent_keyboard="" [ "$ENABLE_EXTERNAL_NXDESKTOP_KEYBOARD" = "1" ] && agent_keyboard=$(echo "$keyboard" | cut -d'/' -f2) export agent_keyboard @@ -1184,6 +1236,17 @@ [ -z "$userip" -a "$host" = "127.0.0.1" ] && userip="127.0.0.1" [ -z "$userip" ] && userip="*" fi + + # We need our own external IP + proxyip="$EXTERNAL_PROXY_IP" + + if [ -z "$proxyip" -a -n "$host" ] + then + [ "$host" = "127.0.0.1" ] && host=$(hostname) + proxyip=$(ping -c1 "$host" | grep 'PING' | cut -d'(' -f2 | cut -d')' -f1) + fi + + [ -z "$proxyip" ] && proxyip="127.0.0.1" # ok, lets make the session dir first: @@ -1245,7 +1308,7 @@ umask 0077 cat << EOF > "$USER_FAKE_HOME/.nx/C-$sess_id/options" -${keyboard:+keyboard=$keyboard,}${kbtype:+kbtype=$kbtype,}${kbload:+kbload=$kbload,}${keymap:+keymap=$keymap,}${resize:+resize=$resize,}${CACHE}${IMAGES}${PACK}link=$link,nodelay=$nodelay,type=$realtype,cleanup=0,${ACCEPT}cookie=$proxy_cookie,id=$sess_id,samba=$samba,media=$media${sync:+,sync=$sync}${cups:+,cups=$cups}${keybd:+,keybd=$keybd}${aux:+,aux=$aux}${http:+,http=$http}${rdpcolors:+,rdpcolors=$rdpcolors}${rdpcache:+,rdpcache=$rdpcache}${fullscreen:+,fullscreen=1}${clipboard:+,clipboard=$clipboard}${menu:+,menu=$menu}:$display +nx/nx,${keyboard:+keyboard=$keyboard,}${kbtype:+kbtype=$kbtype,}${kbload:+kbload=$kbload,}${keymap:+keymap=$keymap,}${geometry:+geometry=$geometry,}${client:+client=$client,}${resize:+resize=$resize,}${CACHE}${IMAGES}${PACK}link=$link,nodelay=$nodelay,type=$realtype${clipboard:+,clipboard=$clipboard}${composite:+composite=$composite},cleanup=0,product=LFE/None/LFEN/None,shmem=1,${backingstore:+backingstore=$backingstore,}shpix=1,${ACCEPT}cookie=$proxy_cookie,id=$sess_id,samba=$samba,media=$media${sync:+,sync=$sync}${cups:+,cups=$cups}${keybd:+,keybd=$keybd}${aux:+,aux=$aux}${http:+,http=$http}${rdpcolors:+,rdpcolors=$rdpcolors}${rdpcache:+,rdpcache=$rdpcache}${fullscreen:+,fullscreen=1}${menu:+,menu=$menu}:$display EOF umask $OLD_UMASK #samba=$samba, @@ -1316,7 +1379,7 @@ NX> 705 Session display: $display NX> 703 Session type: $type NX> 701 Proxy cookie: $proxy_cookie -NX> 702 Proxy IP: $userip +NX> 702 Proxy IP: $proxyip NX> 706 Agent cookie: $cookie NX> 704 Session cache: $type NX> 707 SSL tunneling: $ssl_tunnel @@ -1509,7 +1572,7 @@ echo "NX> 716 Starting NX Agent ..." shift [ "$SET_LD_LIBRARY_PATH" = "1" ] && export LD_LIBRARY_PATH="$AGENT_LIBRARY_PATH:$LD_LIBRARY_PATH" - PATH="$PATH:$PATH_BIN" $PATH_BIN/nxagent -name "NX Agent Test - Args: $@" $@ + PATH="$PATH:$PATH_BIN" $COMMAND_NXAGENT -name "NX Agent Test - Args: $@" $@ echo "NX> 716 NX Agent exited with status: $?" ;; --setkey) diff -rud -x .bzr freenx-server-0.7.3/nxnode-login freenx-server.fixes/nxnode-login --- freenx-server-0.7.3/nxnode-login 2008-03-11 00:01:03.000000000 +0100 +++ freenx-server.fixes/nxnode-login 2009-11-23 10:16:13.105349977 +0100 @@ -61,7 +61,10 @@ if { "$auth_method"=="ssh" } { set pid [spawn -noecho $command_ssh -2 -x -l "$user" "$host" -o "NumberOfPasswordPrompts 1" -p "$port" "$executable $command" ] } elseif { "$auth_method"=="su" } { + set env(LANG) "C" set pid [spawn -noecho su - "$user" -c "$executable $command" ] +} elseif { "$auth_method"=="guest" } { + set pid [spawn -noecho $executable $command ] } else { exit 1 } diff -rud -x .bzr freenx-server-0.7.3/nxredir/Makefile freenx-server.fixes/nxredir/Makefile --- freenx-server-0.7.3/nxredir/Makefile 2008-07-31 20:12:33.000000000 +0200 +++ freenx-server.fixes/nxredir/Makefile 2009-11-23 10:16:13.100350348 +0100 @@ -1,14 +1,16 @@ -all: libnxredir.so.0 +all: libnxredir.so CC=gcc CFLAGS=-g -O2 -Wall -fPIC -LIBNAME=libnxredir.so.0 +LIBNAME=libnxredir.so +VERSION=0 -libnxredir.so.0: nxredir.o - $(CC) -fPIC $(CFLAGS) -nostdlib -shared -o $(LIBNAME) nxredir.o -ldl -lc +libnxredir.so: nxredir.o + $(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc clean: rm -f $(LIBNAME) + rm -f $(LIBNAME).$(VERSION) rm -f *.o ifneq ($(NX_VERSION),) @@ -21,7 +23,7 @@ perl -pi -e "s,CUPS_BACKEND=.*,CUPS_BACKEND=\"$$CUPS_BACKEND\",g" $(DESTDIR)/$$CUPS_BACKEND/nxsmb else install: all - install -m755 libnxredir.so.0 $(DESTDIR)/usr/lib + install -m755 libnxredir.so $(DESTDIR)/usr/lib install -m755 nxredir $(DESTDIR)/usr/bin install -m755 nxsmb $(DESTDIR)/usr/lib/cups/backend/ endif diff -rud -x .bzr freenx-server-0.7.3/nxserver freenx-server.fixes/nxserver --- freenx-server-0.7.3/nxserver 2008-08-22 02:44:43.000000000 +0200 +++ freenx-server.fixes/nxserver 2009-11-23 10:16:13.100350348 +0100 @@ -11,7 +11,7 @@ # # License: GNU GPL, version 2 # -# SVN: $Id: nxserver 580 2008-08-22 00:44:43Z fabianx $ +# SVN: $Id: nxserver 612 2008-08-25 03:28:15Z fabianx $ # # Read the config file @@ -295,9 +295,9 @@ then [ -z "$(getparam shadowcookie)" ] && continue - if [ -x "$PATH_BIN/nxshadowacl" ] + if [ -x "$COMMAND_NXSHADOWACL" ] then - $PATH_BIN/nxshadowacl "$(getparam userName)" "$USER" || continue + $COMMAND_NXSHADOWACL "$(getparam userName)" "$USER" || continue fi fi fi @@ -334,7 +334,7 @@ elif [ "$4" = "shadow" ] then available=$(getparam status) - printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$(getparam display)" "$(getparam type)" "$(getparam sessionId)" "$options" "$depth" "$geom" "$available" "$(getparam sessionName) (Shadowed)" >> $TMPFILE + printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$(getparam display)" "$(getparam type)" "$(getparam sessionId)" "$options" "$depth" "$geom" "$available" "$(getparam sessionName) ($(getparam userName)) (Shadowed)" >> $TMPFILE else # only unix-* sessions can be resumed, but other session types can still be terminated stringinstring "unix-" "$4" || available="N/A" @@ -344,14 +344,14 @@ egrep -q "^userName=$1$" $i && let SESSION_COUNT_USER=$SESSION_COUNT_USER+1 done - if [ "$4" = "vnc" -a "$ENABLE_DESKTOP_SHARING" = "1" ] + if [ "$4" = "vnc" -o "$4" = "shadow" -a "$ENABLE_DESKTOP_SHARING" = "1" ] then export DESKTOP_SHARING_IDS="" for i in $(LC_ALL=C netstat -ln --protocol=unix | egrep 'X11-unix/X[0-9]$' | sed 's/.*X\(.*\)/\1/g') do uniqueid=$(echo $[$RANDOM*$RANDOM] | $COMMAND_MD5SUM | cut -d" " -f1 | tr "[a-z]" "[A-Z]") DESKTOP_SHARING_IDS="$DESKTOP_SHARING_IDS $uniqueid=$i" - printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$i" "vnc-local" "$uniqueid" "--------" "$udepth" "$(echo $3 | cut -d'x' -f1,2)" "Running" "X$i (Local)" >> $TMPFILE + printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$i" "Local" "$uniqueid" "--------" "$udepth" "$(echo $3 | cut -d'x' -f1,2)" "Running" "X$i (Local)" >> $TMPFILE done fi @@ -796,6 +796,33 @@ USER=$USER2 + # Guest authentication + if [ "$USER" = "NX guest user" ] + then + if [ "$ENABLE_GUEST_LOGIN" != "1" -o ! -x "$COMMAND_GUEST_LOGIN" ] + then + if [ "$ENABLE_GUEST_LOGIN" != "1" ] + then + echo_x "NX> 404 ERROR: guest authentication not enabled" + else + echo_x "NX> 404 ERROR: $COMMAND_GUEST_LOGIN not correct" + fi + echo_x "NX> 999 Bye" + if [ "$ENABLE_LOG_FAILED_LOGINS" = "1" ] + then + logger -t nxserver -i -p auth.info "($(whoami)) Failed login for user=$USER from IP=$(echo $SSH_CLIENT | awk '{print $1}')" + fi + exit 1 + fi + log 6 -n "guest " + nxnode_login "" -- guest "" "" "$COMMAND_GUEST_LOGIN" --check 2>&1 >/dev/null + if [ $? -eq 0 ] + then + LOGIN_SUCCESS="1" + LOGIN_METHOD="GUEST" + fi + fi + # PASSDB based auth if [ "$ENABLE_PASSDB_AUTHENTICATION" = "1" -a "$LOGIN_SUCCESS" = "0" ] then @@ -916,7 +943,10 @@ export NODE_HOSTNAME # Use nxnode-login? - if [ "$LOGIN_METHOD" = "SSH" ] + if [ "$LOGIN_METHOD" = "GUEST" ] + then + NXNODE_TOSEND="$@" nxnode_login "" -- guest "" "" "$COMMAND_GUEST_LOGIN" "$CMD" 2>&1 | log_tee + elif [ "$LOGIN_METHOD" = "SSH" ] then export COMMAND_SSH NXNODE_TOSEND="$@" nxnode_login "$PASS" -- ssh "$USER" "$SSHD_PORT" "$PATH_BIN/nxnode" "$CMD" 2>&1 | log_tee @@ -987,10 +1017,10 @@ do case "$CMD" in "NX> 706"*) - if [ -x "$PATH_BIN/nxshadowacl" ] + if [ -x "$COMMAND_NXSHADOWACL" ] then # check if we should save the cookie - $PATH_BIN/nxshadowacl "$USER" + $COMMAND_NXSHADOWACL "$USER" if [ $? -eq 0 ] then @@ -1074,10 +1104,10 @@ do case "$CMD" in "NX> 706"*) - if [ -x "$PATH_BIN/nxshadowacl" ] + if [ -x "$COMMAND_NXSHADOWACL" ] then # check if we should save the cookie - $PATH_BIN/nxshadowacl "$USER" + $COMMAND_NXSHADOWACL "$USER" if [ $? -eq 0 ] then @@ -1192,7 +1222,7 @@ # Lock held SERVER_LB_NR=$(cat $NX_SESS_DIR/round-robin 2>/dev/null) - let SERVER_LB_NR=(SERVER_LB_NR+1) % SERVER_LB_NR_OF_HOSTS + let SERVER_LB_NR=(SERVER_LB_NR+1)%SERVER_LB_NR_OF_HOSTS echo $SERVER_LB_NR >$NX_SESS_DIR/round-robin # Exit critical section @@ -1211,7 +1241,7 @@ for i in $LOAD_BALANCE_SERVERS do - SERVER_LB_LOAD=$($NX_DIR/bin/nxcheckload $i) + SERVER_LB_LOAD=$($COMMAND_NXCHECKLOAD $i) [ -z "$SERVER_LB_LOAD" ] && continue if [ $SERVER_LB_LOAD -gt $SERVER_LB_MAX ] @@ -1263,6 +1293,7 @@ server_get_params $CMD PARAMS=$SERVER_PARAMS PARAMS="$PARAMS&clientproto=$PROTO" + PARAMS="$PARAMS&login_method=$LOGIN_METHOD" CMDLINE=$PARAMS echo_x @@ -1344,8 +1375,7 @@ if [ "$ENABLE_EXTERNAL_NXDESKTOP" = "1" -a "$(getparam type)" = "windows" ] then type="windows-helper" - application="$PATH_BIN/nxdesktop_helper" - PARAMS="$PARAMS&type=$type&application=$application&freenx_export_agents=1" + PARAMS="$PARAMS&type=$type&freenx_export_agents=1" CMDLINE=$PARAMS fi @@ -1381,10 +1411,10 @@ return 1 fi - if [ -x "$PATH_BIN/nxacl" ] + if [ -x "$COMMAND_NXACL" ] then - log 3 "Info: Using $PATH_BIN/nxacl to change session parameters or deny session." - NEW_PARAMS=$($PATH_BIN/nxacl "$CMDLINE") + log 3 "Info: Using $COMMAND_NXACL to change session parameters or deny session." + NEW_PARAMS=$($COMMAND_NXACL "$CMDLINE") if [ $? -ne 0 ] then echo_x "NX> 596 The session failed due to a nxacl policy setting: $NEW_PARAMS" @@ -1444,6 +1474,14 @@ continue fi + let PROXY_DISPLAY=$SESS_DISPLAY+4000 + if $COMMAND_NETCAT -z "$SERVER_HOST" $PROXY_DISPLAY + then + log 2 "Warning: nxagent proxy without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY." + let SESS_DISPLAY=$SESS_DISPLAY+1 + continue + fi + # Now check for the other enabled services let SAMBA_DISPLAY=$SESS_DISPLAY+3000 @@ -1961,71 +1999,71 @@ session_history "$user" "$sessid" } -cmd_terminate() +cmd_execute() { - CMD_PARAMS=$(cmd_parse_3_params "$2") - [ -z "$CMD_PARAMS" ] && exit 1 - for i in $CMD_PARAMS; + cmd_host="$1" + cmd_user="$2" + cmd_cmd="$3" + + if [ "$ENABLE_USERMODE_AUTHENTICATION" = "1" ] + then + sh -c "$cmd_cmd" + elif [ "$cmd_host" = "127.0.0.1" -o "$cmd_host" = "localhost" ] + then + su - "$cmd_user" -c "$cmd_cmd" + else + ssh "$cmd_host" su - "$cmd_user" -c "'$cmd_cmd'" + fi +} + +cmd_terminate_or_send() +{ + CMD="$1" + + if [ "$CMD" = "--broadcast" ] + then + CMD_PARAMS=$(session_find_all) + [ -z "$CMD_PARAMS" ] && cmd_abort "Error: No running session could be found." + else + CMD_PARAMS=$(cmd_parse_3_params "$2") + [ -z "$CMD_PARAMS" ] && exit 1 + shift + fi + shift + + for i in $CMD_PARAMS do CMDLINE=$(session_get_cmdline $i) cmd_sessionid=$(getparam sessionId) + cmd_display=$(getparam display) cmd_user=$(getparam userName) cmd_type=$(getparam type) cmd_status=$(getparam status) + cmd_host=$(getparam host) # is it a "good" session? - case "$1" in + case "$CMD" in --suspend) if [ "$cmd_status" = "Running" ] && stringinstring "unix-" "$cmd_type" then - echo "sessionid=$cmd_sessionid" | su - "$cmd_user" -c "$PATH_BIN/nxnode --suspend" + echo "sessionid=$cmd_sessionid" | cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --suspend" fi ;; --terminate) - echo "sessionid=$cmd_sessionid" | su - "$cmd_user" -c "$PATH_BIN/nxnode --terminate" + echo "sessionid=$cmd_sessionid" | cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --terminate" ;; --force-terminate) - echo "sessionid=$cmd_sessionid" | su - "$cmd_user" -c "$PATH_BIN/nxnode --terminate" + echo "sessionid=$cmd_sessionid" | cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --terminate" session_close $cmd_sessionid ;; - esac - done - -} - -cmd_send() -{ - if [ "$1" = "--broadcast" ] - then - CMD_PARAMS=$(session_find_all) - [ -z "$CMD_PARAMS" ] && cmd_abort "Error: No running session could be found." - else - CMD_PARAMS=$(cmd_parse_3_params "$2") - [ -z "$CMD_PARAMS" ] && exit 1 - shift - fi - shift - for i in $CMD_PARAMS; - do - CMDLINE=$(session_get_cmdline $i) - cmd_display=$(getparam display) - cmd_user=$(getparam userName) - cmd_type=$(getparam type) - cmd_status=$(getparam status) - cmd_host=$(getparam host) - - # is it a "good" session? - if [ "$cmd_status" = "Running" ] && stringinstring "unix-" "$cmd_type" - then - if [ "$cmd_host" = "127.0.0.1" -o "$cmd_host" = "localhost" ] + --send|--broadcast) + # is it a "good" session? + if [ "$cmd_status" = "Running" ] && stringinstring "unix-" "$cmd_type" then - su - "$cmd_user" -c "$PATH_BIN/nxdialog --dialog ok --caption \"NX Administrator Message\" --message \"$@\" -display \":$cmd_display\" &" - else - ssh $cmd_host su - "$cmd_user" -c "'$PATH_BIN/nxdialog --dialog ok --caption \"NX Administrator Message\" --message \"$@\" -display \":$cmd_display\" &'" + cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxdialog --dialog ok --caption \"NX Administrator Message\" --message \"$@\" -display \":$cmd_display\" &" fi - fi + esac done - #nxnode_start --send "$CMD_PARAMS" } # @@ -2099,13 +2137,13 @@ cmd_history "$@" ;; --terminate|--suspend|--force-terminate) - cmd_terminate "$@" + cmd_terminate_or_send "$@" ;; --cleanup) - cmd_terminate "--force-terminate" "*" + cmd_terminate_or_send "--force-terminate" "*" ;; --send|--broadcast) - cmd_send "$@" + cmd_terminate_or_send "$@" ;; *) cmd_abort "Error: Function $CMD not implemented yet." Only in freenx-server.fixes/nx-session-launcher: freenx.session.policy diff -rud -x .bzr freenx-server-0.7.3/nx-session-launcher/nx-session-launcher freenx-server.fixes/nx-session-launcher/nx-session-launcher --- freenx-server-0.7.3/nx-session-launcher/nx-session-launcher 2008-08-05 19:54:32.000000000 +0200 +++ freenx-server.fixes/nx-session-launcher/nx-session-launcher 2009-11-23 10:16:13.105349977 +0100 @@ -1,31 +1,170 @@ #!/usr/bin/env python +import xml.parsers.expat as expat import os import gobject import dbus import sys +import logging + +logging.basicConfig (level=logging.ERROR, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', stream=sys.stderr) +log = logging.getLogger ("nx-session-launcher") +log.debug ("Starting nx-session-launcher") +# Getting the system dbus bus = dbus.SystemBus () -manager_obj = bus.get_object ('org.freedesktop.ConsoleKit', '/org/freedesktop/ConsoleKit/Manager') -manager = dbus.Interface (manager_obj, 'org.freedesktop.ConsoleKit.Manager') +USE_PK_CREDENTIALS = False -params = dbus.Array ([], signature = "(sv)") -params.append (("unix-user", dbus.Int32 (os.getuid(), variant_level=1))) -params.append (("session-type", dbus.String ("nx", variant_level=1))) -params.append (("x11-display", dbus.String (os.environ['DISPLAY'], variant_level=1))) -params.append (("is-local", dbus.Boolean (True, variant_level=1))) +# ------------------- ConsoleKit integration ------------------------ -cookie = manager.OpenSessionWithParameters (params) -os.environ['XDG_SESSION_COOKIE'] = cookie +# Getting the ConsoleKit object +ck_manager_obj = bus.get_object ('org.freedesktop.ConsoleKit', '/org/freedesktop/ConsoleKit/Manager') +ck_manager = dbus.Interface (ck_manager_obj, 'org.freedesktop.ConsoleKit.Manager') +objs = ck_manager.GetSeats () -current_session = manager.GetSessionForCookie (cookie) -session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session) -session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session') +nx_create_session = os.getenv('NX_CREATE_CK_SESSION') +create_session = True +if nx_create_session == "false": + create_session = False -properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties') -properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1)) +nx_session_type = os.getenv('NX_SESSION_TYPE') +if nx_session_type == None: + nx_session_type = "nx" +display = os.getenv('DISPLAY') -os.setreuid(os.getuid(), os.getuid()) -os.spawnvp(os.P_WAIT, sys.argv[1], []) +# Get the current session +current_cookie = os.getenv('XDG_SESSION_COOKIE') +current_session = None +if current_cookie != None: + current_session = ck_manager.GetSessionForCookie (current_cookie) + +def takeOwnership(): + log.debug ("NX_CREATE_CK_SESSION = " + current_cookie) + log.debug ("Not creating a CK session") + + session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session) + session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session') + + properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties') + try: + properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1)) + properties.Set ("org.freedesktop.DBus.Properties", "is-local", dbus.Boolean (True, variant_level=1)) + properties.Set ("org.freedesktop.DBus.Properties", "session-type", dbus.String (nx_session_type, variant_level=1)) + if display != None: + properties.Set ("org.freedesktop.DBus.Properties", "x11-display", dbus.String (display, variant_level=1)) + log.debug ("Ownership taken") + return True + except expat.ExpatError, e: + error_string = str(e) + log.error ("Error: " + error_string) + log.error ("Falling back to create a new session") + return False + except dbus.DBusException, e: + error_string = str(e) + log.error ("Error: " + error_string) + log.error ("Falling back to create a new session") + return False + except Exception, e: + error_string = str(e) + log.error ("Error: " + error_string) + log.error ("Falling back to create a new session") + return False + +def createSession(): + try: + # Defining the session attributes + params = dbus.Array ([], signature = "(sv)") + params.append (("unix-user", dbus.Int32 (os.getuid(), variant_level=1))) + params.append (("session-type", dbus.String (nx_session_type, variant_level=1))) + if display != None: + params.append (("x11-display", dbus.String (display, variant_level=1))) + params.append (("is-local", dbus.Boolean (True, variant_level=1))) + + # Create the ConsoleKit session + cookie = ck_manager.OpenSessionWithParameters (params) + log.debug ("Session " + cookie + " created") + + # Exporting the XDG_SESSION_COOKIE variable + os.environ['XDG_SESSION_COOKIE'] = cookie + + # Getting the ConsoleKit session + current_session = ck_manager.GetSessionForCookie (cookie) + session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session) + session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session') + + # Setting the session as active + properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties') + properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1)) + + except dbus.DBusException, e: + # Dbus error problably you don't have the dbus rule installed or your launcher is not suid nx + # Open session without the parameters + log.error ("Failed to create a CK session using parameters") + + error_string = str(e) + log.error ("Error: " + error_string) + + # Create the ConsoleKit session + cookie = ck_manager.OpenSession () + log.debug ("Session " + cookie + " created") + + # Exporting the XDG_SESSION_COOKIE variable + os.environ['XDG_SESSION_COOKIE'] = cookie + +def checkPermission (): + if USE_PK_CREDENTIALS == False: + return True + + policykit = bus.get_object ('org.freedesktop.PolicyKit', '/', "org/freedesktop/PolicyKit") + + if(policykit == None): + log.error ("Error: Could not get PolicyKit D-Bus Interface\n") + else: + polkit_interface = dbus.Interface (policykit, 'org.freedesktop.PolicyKit') + + try: + granted = polkit_interface.IsProcessAuthorized ("freenx.session.create", os.getpid(), "false") + + if granted == "yes": + return True + else: + return False + + except dbus.DBusException, e : + # Dbus error problably you don't have the PolicyKit rule installed + error_string = str(e) + log.error ("Error: " + error_string) + + +if create_session and ( current_session == None or not takeOwnership () ): + log.debug("Creating a new session") + createSession () + pid = os.fork () + if pid == -1: + log.rrror ("error forking child") + elif pid == 0: + log.debug ("Forked") + else: + # Parent + status = os.waitpid (pid, 0) + os._exit (0) + +if os.geteuid () != os.getuid (): + # Drop setuid privilege + os.setreuid(os.getuid(), os.getuid()) + + os.environ ['NX_CREATE_CK_SESSION'] = "false" + + # Reexecute this script to really drop euid privilege +# os.spawnvp (os.P_WAIT, sys.argv[0], sys.argv) +# sys.exit() + +args = sys.argv +args.pop(0) +log.info ("Launching the program\n") +if checkPermission (): + os.execvp(args[0], args) +else: + log.error ("You don't have permission to execute the action\n") diff -rud -x .bzr freenx-server-0.7.3/nx-session-launcher/nx-session-launcher-suid.c freenx-server.fixes/nx-session-launcher/nx-session-launcher-suid.c --- freenx-server-0.7.3/nx-session-launcher/nx-session-launcher-suid.c 2008-08-05 19:54:32.000000000 +0200 +++ freenx-server.fixes/nx-session-launcher/nx-session-launcher-suid.c 2009-11-23 10:16:13.098350105 +0100 @@ -23,8 +23,8 @@ #include #include -#ifndef NXSERVER_COMMAND -#define NXSERVER_COMMAND "/usr/bin/nx-session-launcher" +#ifndef SESSION_LAUNCHER_COMMAND +#define SESSION_LAUNCHER_COMMAND "/usr/bin/nx-session-launcher" #endif #define CK_LAUNCH_SESSION_COMMAND "/usr/bin/ck-launch-session" @@ -47,7 +47,7 @@ new_argv[0] = CK_LAUNCH_SESSION_COMMAND; }else{ - new_argv[0] = NXSERVER_COMMAND; + new_argv[0] = SESSION_LAUNCHER_COMMAND; } return execv(new_argv[0], new_argv); diff -rud -x .bzr freenx-server-0.7.3/nx-session-launcher/README freenx-server.fixes/nx-session-launcher/README --- freenx-server-0.7.3/nx-session-launcher/README 2008-08-05 23:30:58.000000000 +0200 +++ freenx-server.fixes/nx-session-launcher/README 2009-11-23 10:16:13.098350105 +0100 @@ -1,6 +1,8 @@ -The unlock buttons on Users and Groups or Network are greyed out and un-accessible. Tried running from a term 'sudo users-admin' with the same results. +The unlock buttons on Users and Groups or Network are greyed out and un-accessible. +Running from a term 'sudo users-admin' should work the same way. (Not in Ubuntu due +to bug https://bugs.edge.launchpad.net/ubuntu/+source/policykit/+bug/210897) -To correct the problem follow this steps: +If you are not using a packed version, correct the problem by following this steps: - Copy nx-session-launcher and nx-session-launcher-suid to /usr/bin - Execute $ chown nx /usr/bin/nx-session-launcher-suid - Execute $ chmod 4755 /usr/bin/nx-session-launcher-suid