nxserver-freenx/patches/nxserver-freenx-0.7.3-nxredir.patch

diff -rud -x .bzr freenx-server/nxloadconfig freenx-server.fixes/nxloadconfig
--- freenx-server/nxloadconfig	2009-11-23 10:16:13.103349734 +0100
+++ freenx-server.fixes/nxloadconfig	2009-11-23 12:54:19.852601780 +0100
@@ -112,11 +112,28 @@
 
 # Restriction directives
 
-DISPLAY_BASE=1000
+#JJK: DISPLAY_BASE=1000
+#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
+DISPLAY_BASE=2000
 SESSION_LIMIT=200
 SESSION_USER_LIMIT="" #Calculated
 DISPLAY_LIMIT=200
 
+#JJK: Added the following to allow printing when using cifs mount
+#JJK: Note the smb print port (#139) must then be tunnelled manually
+#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
+#JJK: by running on the client: 
+#JJK:   ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
+#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
+#JJK  'cifs' or in most cases 'both') then the ssh tunnel is automatically
+#JJK: set up from port <DISPLAY+3000> on the server to port 139 
+#JJK: on the remote client.
+#JJK: Note in *all* cases, the cups printer on the client is accessed from 
+#JJK: the server via the command line, using the following -h flag:
+#JJK:   -h localhost:<DISPLAY+9000> [-P <printer name>]
+#JJK: or via the CUPS web browser using:
+#JJK:   http://localhost:<DISPLAY+9000>
+SMBPORT_OFFSET=8000
 ENABLE_PERSISTENT_SESSION="all"
 DISABLE_PERSISTENT_SESSION=""
 
@@ -174,7 +191,11 @@
 ENABLE_CUPS_SEAMLESS="0"
 CUPS_SEAMLESS_DELAY="10"
 ENABLE_FOOMATIC="1"
-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile"
+
+#JJK: added the following path referenced in nxprint
+PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
 
 CUPS_BACKEND="/usr/lib/cups/backend"
 CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
@@ -194,7 +215,8 @@
 KILL_DEFAULT_X_WM="1"
 BOOTSTRAP_X_SESSION="0"
 USER_X_STARTUP_SCRIPT=.Xclients
-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
 COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom"
 if [ ! -x "$COMMAND_GDM_X_SESSION" ]
 then
@@ -213,7 +235,7 @@
 COMMAND_SSH=ssh
 COMMAND_SSH_KEYGEN=ssh-keygen
 COMMAND_CUPSD=/usr/sbin/cupsd
-COMMAND_MD5SUM="openssl md5"
+COMMAND_MD5SUM="md5sum"
 COMMAND_PERL=perl
 COMMAND_RDESKTOP="rdesktop"
 COMMAND_VNCVIEWER="vncviewer"
@@ -357,7 +379,7 @@
 [ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB
 [ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
 [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6:$APPLICATION_LIBRARY_PATH/libXext.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1"
 
 NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g')
 
diff -rud -x .bzr freenx-server/nxnode freenx-server.fixes/nxnode
--- freenx-server/nxnode	2009-11-23 10:16:13.104350274 +0100
+++ freenx-server.fixes/nxnode	2009-11-23 11:15:44.385476686 +0100
@@ -20,6 +20,20 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
 
+#JJK: Added	following 'if' stanza as a kluge since the following variables
+#JJK: need to be set in cmd_node_smbmount node_umount_smb 
+#JJK: but they are currently set only in startsession which is called 
+#JJK: separately from nxserver via ssh so environment variables 
+#JJK: aren't preserved.
+if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \
+	 ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
+	  `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
+			]] > /dev/null 2>&1; then
+	COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
+	COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
+	SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
+fi
+
 #
 # -----------------------------------------------------------------------------
 # Startup of nxnode
@@ -659,11 +673,27 @@
 	touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 	
 	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
+	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
+
+#JJK: Modifications to cupsd.conf
+#JJK:   - Added SystemGroup line in order to add $USER to SystemGroup
+#JJK:   - Moved all the log files to log/<log>
+#JJK:   - Set AccessLog to: log/access_log (was /dev/null)
+#JJK:   - Added listening on $NODE_CUPSD_PORT
+#JJK:	         Listen localhost: $NODE_CUPSD_PORT
+#JJK:   - Removed following line because directive is specific to Debian
+#JJK:       PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
+#JJK:   -  Access restrictions borrowed from /etc/cups/cupsd.conf
+#JJK:   -  Default policy borrowed from /etc/cups/cupsd.conf but modified
+#JJK:        to allow Add, Delete, and Default printer without (password)
+#JJK:        authentication
+#JJK:   - Note for more detailed logging set: LogLevel debug
 
 cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
-AccessLog /dev/null
-ErrorLog error_log
-PageLog page_log
+SystemGroup sys root $USER
+AccessLog log/access_log
+ErrorLog log/error_log
+PageLog log/page_log
 LogLevel info
 TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
 RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
@@ -671,19 +701,60 @@
 StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
 CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
 
+Listen localhost:$NODE_CUPSD_PORT
 Listen $NODE_CUPSD_SOCKET
 Browsing Off
 ServerName localhost
-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
 
+#JJK:  Restrict access to the server...
 <Location />
 Order Deny,Allow
 Deny From All
 Allow from 127.0.0.1
 </Location>
 
+#JJK: Restrict access to the admin pages...
+<Location /admin>
+  Encryption Required
+  Order allow,deny
+  Allow localhost
+</Location>
+
+#JJK: Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Basic
+  Require user @SYSTEM
+  Order allow,deny
+  Allow localhost
+</Location>
+
 # Allow everything for anonymous, because we are protected through UNIX socket
+#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
 <Policy default>
+  #JJK: Job-related operations must be done by the owner or an adminstrator...
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK:All administration operations require an adminstrator to authenticate...
+  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Basic
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK: Except need to allow these for nxnode to work
+  <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
   <Limit All>
     AuthType None
     Order deny,allow
@@ -695,9 +766,17 @@
 
 	# copy mime.* files
 	cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
+	#JJK: Also copy over pstoraster.convs
+	cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
 
 	# start cupsd
-	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+#JJK: Note the directive PidFile in the original cupsd.conf intended for 
+#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
+#JJK: form of cupsd and capture the pid directly
+#JJK:	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+	$COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
+	NODE_CUPSD_PID=$!
+	echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 
 	# setup KDE
 	if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
@@ -747,6 +826,7 @@
 			fi
 			sleep 0.5s
 		done
+		rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
 	done
 }
 
@@ -1166,6 +1246,7 @@
 
 			COMMAND_SMBMOUNT=/bin/true
 			COMMAND_SMBUMOUNT=/bin/true
+			smbport=139    #JJK: still may want to do printer sharing...
 		else # smbfs
 			smbport=139
 		fi
@@ -1436,7 +1517,8 @@
 	password=$(getparam password)
 	share=$(getparam share)
 	computername=$(getparam computername)
-	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+#JJK:	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+	dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g')
 	# rdir=$(getparam dir | sed 's|$(SHARES)/||g')
 	display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') 
 	mkdir -p "$HOME/$dir"
@@ -1456,6 +1538,7 @@
 		echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
 	else
 		$PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
+		rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
 	fi
 }
 
@@ -1478,6 +1561,12 @@
 	# this will also setup the userspace cupsd
 	export CUPS_SERVER=$(node_cupsd_get_socket)
 	
+#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
+#JJK: since smb printing won't work when forwarded over port 445
+	if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
+		let port=$port+$SMBPORT_OFFSET
+	fi
+
 	if [ "$type" = "smb" ]
 	then
 		if [ -x "$CUPS_BACKEND/nxsmb" ]
@@ -1506,6 +1595,9 @@
 
 	if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
 	then
+        #JJK: Export the following variables for use by nxdialog/nxprint
+        #JJK: Note they are also exported in nxdialog but doesn't help there
+	    export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
 		MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
 		[ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
 	else
@@ -1513,7 +1605,11 @@
 		MODEL="download_cached"
 	fi
 	
-	PUBLIC="-u allow:$USER"
+#JJK: I like to also allow 'guest' so you can do things like print
+#JJK: testpages from the CUPS web interface. Note this is required
+#JJK: even for the original user to print test pages	
+#JJK:	PUBLIC="-u allow:$USER"
+	PUBLIC="-u allow:$USER,guest"	
 	[ "$public" == "1" ] && PUBLIC=""
 
 	if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
diff -rud -x .bzr freenx-server/nxprint freenx-server.fixes/nxprint
--- freenx-server/nxprint	2009-11-23 10:16:13.102350032 +0100
+++ freenx-server.fixes/nxprint	2009-11-23 10:52:01.353353153 +0100
@@ -51,7 +51,8 @@
 	if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
 	then
 		{ 
-		cd /usr/share/ppd/
+#JJK:		cd /usr/share/ppd/
+		cd $PPD_DIR
 		awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
 			    /\*NickName:/ { b[FILENAME]=$2 } 
 			    END { 
diff -rud -x .bzr freenx-server/nxredir/Makefile freenx-server.fixes/nxredir/Makefile
--- freenx-server/nxredir/Makefile	2009-11-23 10:16:13.100350348 +0100
+++ freenx-server.fixes/nxredir/Makefile	2009-11-23 11:57:13.481350660 +0100
@@ -9,13 +9,12 @@
 	$(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc
 
 clean:
-	rm -f $(LIBNAME)
 	rm -f $(LIBNAME).$(VERSION)
 	rm -f *.o
 
 ifneq ($(NX_VERSION),)
 install: all
-	install -m755 $(LIBNAME) $(DESTDIR)/$$PATH_LIB/
+	install -m755 $(LIBNAME).$(VERSION) $(DESTDIR)/$$PATH_LIB/
 	install -m755 nxredir $(DESTDIR)/$$PATH_BIN/
 	install -m755 nxsmb $(DESTDIR)/$$CUPS_BACKEND/
 	perl -pi -e "s,PATH_LIB=.*,PATH_LIB=\"$$PATH_LIB\",g" $(DESTDIR)/$$PATH_BIN/nxredir
diff -rud -x .bzr freenx-server/nxredir/nxsmb freenx-server.fixes/nxredir/nxsmb
--- freenx-server/nxredir/nxsmb	2009-11-23 10:16:13.098350105 +0100
+++ freenx-server.fixes/nxredir/nxsmb	2009-11-23 10:52:01.354352855 +0100
@@ -18,6 +18,11 @@
 PROTOCOL=$(echo $DEVICE_URI | cut -d/ -f4)
 PRINTER=$(echo $DEVICE_URI | cut -d/ -f5)
 
+if [ "$#" -eq 0 ]
+then
+	exit 0
+fi
+
 if [ -z "$PRINTER" ] # old style setup
 then
 	echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format."
diff -rud -x .bzr freenx-server/nxserver freenx-server.fixes/nxserver
--- freenx-server/nxserver	2009-11-23 10:16:13.100350348 +0100
+++ freenx-server.fixes/nxserver	2009-11-23 10:52:01.356476314 +0100
@@ -17,6 +17,22 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --
 
+if test ! -e $NX_ETC_DIR/users.id_dsa; then
+  $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/users.id_dsa
+fi
+
+if test ! -e $NX_ETC_DIR/client.id_dsa.key -o ! -e $NX_ETC_DIR/server.id_dsa.pub.key; then
+  $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/local.id_dsa
+  mv -f $NX_ETC_DIR/local.id_dsa $NX_ETC_DIR/client.id_dsa.key
+  mv -f $NX_ETC_DIR/local.id_dsa.pub $NX_ETC_DIR/server.id_dsa.pub.key
+  chmod 0600 $NX_ETC_DIR/client.id_dsa.key $NX_ETC_DIR/server.id_dsa.pub.key
+fi
+
+if test ! -s $NX_HOME_DIR/.ssh/known_hosts -a -e /etc/ssh/ssh_host_rsa_key.pub; then
+  echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts
+  cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts 2>/dev/null
+fi
+
 # following two functions are Copyright by Klaus Knopper
 
 stringinstring(){
@@ -1466,7 +1482,7 @@
 			done
 
 			# Check if there is already an agent running on that display on that host
-			let AGENT_DISPLAY=$SESS_DISPLAY+6000
+			let AGENT_DISPLAY=$SESS_DISPLAY-$DISPLAY_BASE+6000
 			if $COMMAND_NETCAT -z "$SERVER_HOST" $AGENT_DISPLAY 2>/dev/null
 			then
 				log 2 "Warning: Stray nxagent without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY."
1	niro	1792	diff -rud -x .bzr freenx-server/nxloadconfig freenx-server.fixes/nxloadconfig
2			--- freenx-server/nxloadconfig 2009-11-23 10:16:13.103349734 +0100
3			+++ freenx-server.fixes/nxloadconfig 2009-11-23 12:54:19.852601780 +0100
4			@@ -112,11 +112,28 @@
5
6			# Restriction directives
7
8			-DISPLAY_BASE=1000
9			+#JJK: DISPLAY_BASE=1000
10			+#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
11			+DISPLAY_BASE=2000
12			SESSION_LIMIT=200
13			SESSION_USER_LIMIT="" #Calculated
14			DISPLAY_LIMIT=200
15
16			+#JJK: Added the following to allow printing when using cifs mount
17			+#JJK: Note the smb print port (#139) must then be tunnelled manually
18			+#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
19			+#JJK: by running on the client:
20			+#JJK: ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
21			+#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
22			+#JJK 'cifs' or in most cases 'both') then the ssh tunnel is automatically
23			+#JJK: set up from port <DISPLAY+3000> on the server to port 139
24			+#JJK: on the remote client.
25			+#JJK: Note in all cases, the cups printer on the client is accessed from
26			+#JJK: the server via the command line, using the following -h flag:
27			+#JJK: -h localhost:<DISPLAY+9000> [-P <printer name>]
28			+#JJK: or via the CUPS web browser using:
29			+#JJK: http://localhost:<DISPLAY+9000>
30			+SMBPORT_OFFSET=8000
31			ENABLE_PERSISTENT_SESSION="all"
32			DISABLE_PERSISTENT_SESSION=""
33
34			@@ -174,7 +191,11 @@
35			ENABLE_CUPS_SEAMLESS="0"
36			CUPS_SEAMLESS_DELAY="10"
37			ENABLE_FOOMATIC="1"
38			-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
39			+#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
40			+COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile"
41			+
42			+#JJK: added the following path referenced in nxprint
43			+PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
44
45			CUPS_BACKEND="/usr/lib/cups/backend"
46			CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
47			@@ -194,7 +215,8 @@
48			KILL_DEFAULT_X_WM="1"
49			BOOTSTRAP_X_SESSION="0"
50			USER_X_STARTUP_SCRIPT=.Xclients
51			-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
52			+#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
53			+DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
54			COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom"
55			if [ ! -x "$COMMAND_GDM_X_SESSION" ]
56			then
57			@@ -213,7 +235,7 @@
58			COMMAND_SSH=ssh
59			COMMAND_SSH_KEYGEN=ssh-keygen
60			COMMAND_CUPSD=/usr/sbin/cupsd
61			-COMMAND_MD5SUM="openssl md5"
62			+COMMAND_MD5SUM="md5sum"
63			COMMAND_PERL=perl
64			COMMAND_RDESKTOP="rdesktop"
65			COMMAND_VNCVIEWER="vncviewer"
66			@@ -357,7 +379,7 @@
67			[ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB
68			[ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
69			[ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
70			-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
71			+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6:$APPLICATION_LIBRARY_PATH/libXext.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1"
72
73			NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null \| egrep 'NXAGENT - Version' \| sed 's/.*Version //g')
74
75			diff -rud -x .bzr freenx-server/nxnode freenx-server.fixes/nxnode
76			--- freenx-server/nxnode 2009-11-23 10:16:13.104350274 +0100
77			+++ freenx-server.fixes/nxnode 2009-11-23 11:15:44.385476686 +0100
78			@@ -20,6 +20,20 @@
79			# Read the config file
80			. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
81
82			+#JJK: Added following 'if' stanza as a kluge since the following variables
83			+#JJK: need to be set in cmd_node_smbmount node_umount_smb
84			+#JJK: but they are currently set only in startsession which is called
85			+#JJK: separately from nxserver via ssh so environment variables
86			+#JJK: aren't preserved.
87			+if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" \|\| \
88			+ ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
89			+ `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
90			+ ]] > /dev/null 2>&1; then
91			+ COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
92			+ COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
93			+ SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
94			+fi
95			+
96			#
97			# -----------------------------------------------------------------------------
98			# Startup of nxnode
99			@@ -659,11 +673,27 @@
100			touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
101
102			mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
103			+ mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
104			+
105			+#JJK: Modifications to cupsd.conf
106			+#JJK: - Added SystemGroup line in order to add $USER to SystemGroup
107			+#JJK: - Moved all the log files to log/<log>
108			+#JJK: - Set AccessLog to: log/access_log (was /dev/null)
109			+#JJK: - Added listening on $NODE_CUPSD_PORT
110			+#JJK: Listen localhost: $NODE_CUPSD_PORT
111			+#JJK: - Removed following line because directive is specific to Debian
112			+#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
113			+#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf
114			+#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified
115			+#JJK: to allow Add, Delete, and Default printer without (password)
116			+#JJK: authentication
117			+#JJK: - Note for more detailed logging set: LogLevel debug
118
119			cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
120			-AccessLog /dev/null
121			-ErrorLog error_log
122			-PageLog page_log
123			+SystemGroup sys root $USER
124			+AccessLog log/access_log
125			+ErrorLog log/error_log
126			+PageLog log/page_log
127			LogLevel info
128			TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
129			RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
130			@@ -671,19 +701,60 @@
131			StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
132			CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
133
134			+Listen localhost:$NODE_CUPSD_PORT
135			Listen $NODE_CUPSD_SOCKET
136			Browsing Off
137			ServerName localhost
138			-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
139
140			+#JJK: Restrict access to the server...
141			<Location />
142			Order Deny,Allow
143			Deny From All
144			Allow from 127.0.0.1
145			</Location>
146
147			+#JJK: Restrict access to the admin pages...
148			+<Location /admin>
149			+ Encryption Required
150			+ Order allow,deny
151			+ Allow localhost
152			+</Location>
153			+
154			+#JJK: Restrict access to configuration files...
155			+<Location /admin/conf>
156			+ AuthType Basic
157			+ Require user @SYSTEM
158			+ Order allow,deny
159			+ Allow localhost
160			+</Location>
161			+
162			# Allow everything for anonymous, because we are protected through UNIX socket
163			+#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
164			<Policy default>
165			+ #JJK: Job-related operations must be done by the owner or an adminstrator...
166			+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
167			+ Require user @OWNER @SYSTEM
168			+ Order deny,allow
169			+ </Limit>
170			+
171			+ #JJK:All administration operations require an adminstrator to authenticate...
172			+ <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
173			+ AuthType Basic
174			+ Require user @SYSTEM
175			+ Order deny,allow
176			+ </Limit>
177			+
178			+ #JJK: Except need to allow these for nxnode to work
179			+ <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
180			+ Order deny,allow
181			+ </Limit>
182			+
183			+ # Only the owner or an administrator can cancel or authenticate a job...
184			+ <Limit Cancel-Job CUPS-Authenticate-Job>
185			+ Require user @OWNER @SYSTEM
186			+ Order deny,allow
187			+ </Limit>
188			+
189			<Limit All>
190			AuthType None
191			Order deny,allow
192			@@ -695,9 +766,17 @@
193
194			# copy mime.* files
195			cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
196			+ #JJK: Also copy over pstoraster.convs
197			+ cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
198
199			# start cupsd
200			- $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
201			+#JJK: Note the directive PidFile in the original cupsd.conf intended for
202			+#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
203			+#JJK: form of cupsd and capture the pid directly
204			+#JJK: $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
205			+ $COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
206			+ NODE_CUPSD_PID=$!
207			+ echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
208
209			# setup KDE
210			if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
211			@@ -747,6 +826,7 @@
212			fi
213			sleep 0.5s
214			done
215			+ rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
216			done
217			}
218
219			@@ -1166,6 +1246,7 @@
220
221			COMMAND_SMBMOUNT=/bin/true
222			COMMAND_SMBUMOUNT=/bin/true
223			+ smbport=139 #JJK: still may want to do printer sharing...
224			else # smbfs
225			smbport=139
226			fi
227			@@ -1436,7 +1517,8 @@
228			password=$(getparam password)
229			share=$(getparam share)
230			computername=$(getparam computername)
231			- dir=$(getparam dir \| sed 's\|$(SHARES)\|MyShares\|g')
232			+#JJK: dir=$(getparam dir \| sed 's\|$(SHARES)\|MyShares\|g')
233			+ dir=$(getparam dir \| sed 's/\(%24\\|\$\)(SHARES)/MyShares/g')
234			# rdir=$(getparam dir \| sed 's\|$(SHARES)/\|\|g')
235			display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid \| awk 'BEGIN {FS="-"} {i=NF-1; print $i}')
236			mkdir -p "$HOME/$dir"
237			@@ -1456,6 +1538,7 @@
238			echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
239			else
240			$PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
241			+ rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
242			fi
243			}
244
245			@@ -1478,6 +1561,12 @@
246			# this will also setup the userspace cupsd
247			export CUPS_SERVER=$(node_cupsd_get_socket)
248
249			+#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
250			+#JJK: since smb printing won't work when forwarded over port 445
251			+ if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
252			+ let port=$port+$SMBPORT_OFFSET
253			+ fi
254			+
255			if [ "$type" = "smb" ]
256			then
257			if [ -x "$CUPS_BACKEND/nxsmb" ]
258			@@ -1506,6 +1595,9 @@
259
260			if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
261			then
262			+ #JJK: Export the following variables for use by nxdialog/nxprint
263			+ #JJK: Note they are also exported in nxdialog but doesn't help there
264			+ export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
265			MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
266			[ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
267			else
268			@@ -1513,7 +1605,11 @@
269			MODEL="download_cached"
270			fi
271
272			- PUBLIC="-u allow:$USER"
273			+#JJK: I like to also allow 'guest' so you can do things like print
274			+#JJK: testpages from the CUPS web interface. Note this is required
275			+#JJK: even for the original user to print test pages
276			+#JJK: PUBLIC="-u allow:$USER"
277			+ PUBLIC="-u allow:$USER,guest"
278			[ "$public" == "1" ] && PUBLIC=""
279
280			if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
281			diff -rud -x .bzr freenx-server/nxprint freenx-server.fixes/nxprint
282			--- freenx-server/nxprint 2009-11-23 10:16:13.102350032 +0100
283			+++ freenx-server.fixes/nxprint 2009-11-23 10:52:01.353353153 +0100
284			@@ -51,7 +51,8 @@
285			if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
286			then
287			{
288			- cd /usr/share/ppd/
289			+#JJK: cd /usr/share/ppd/
290			+ cd $PPD_DIR
291			awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
292			/\*NickName:/ { b[FILENAME]=$2 }
293			END {
294			diff -rud -x .bzr freenx-server/nxredir/Makefile freenx-server.fixes/nxredir/Makefile
295			--- freenx-server/nxredir/Makefile 2009-11-23 10:16:13.100350348 +0100
296			+++ freenx-server.fixes/nxredir/Makefile 2009-11-23 11:57:13.481350660 +0100
297			@@ -9,13 +9,12 @@
298			$(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc
299
300			clean:
301			- rm -f $(LIBNAME)
302			rm -f $(LIBNAME).$(VERSION)
303			rm -f *.o
304
305			ifneq ($(NX_VERSION),)
306			install: all
307			- install -m755 $(LIBNAME) $(DESTDIR)/$$PATH_LIB/
308			+ install -m755 $(LIBNAME).$(VERSION) $(DESTDIR)/$$PATH_LIB/
309			install -m755 nxredir $(DESTDIR)/$$PATH_BIN/
310			install -m755 nxsmb $(DESTDIR)/$$CUPS_BACKEND/
311			perl -pi -e "s,PATH_LIB=.*,PATH_LIB=\"$$PATH_LIB\",g" $(DESTDIR)/$$PATH_BIN/nxredir
312			diff -rud -x .bzr freenx-server/nxredir/nxsmb freenx-server.fixes/nxredir/nxsmb
313			--- freenx-server/nxredir/nxsmb 2009-11-23 10:16:13.098350105 +0100
314			+++ freenx-server.fixes/nxredir/nxsmb 2009-11-23 10:52:01.354352855 +0100
315			@@ -18,6 +18,11 @@
316			PROTOCOL=$(echo $DEVICE_URI \| cut -d/ -f4)
317			PRINTER=$(echo $DEVICE_URI \| cut -d/ -f5)
318
319			+if [ "$#" -eq 0 ]
320			+then
321			+ exit 0
322			+fi
323			+
324			if [ -z "$PRINTER" ] # old style setup
325			then
326			echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format."
327			diff -rud -x .bzr freenx-server/nxserver freenx-server.fixes/nxserver
328			--- freenx-server/nxserver 2009-11-23 10:16:13.100350348 +0100
329			+++ freenx-server.fixes/nxserver 2009-11-23 10:52:01.356476314 +0100
330			@@ -17,6 +17,22 @@
331			# Read the config file
332			. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --
333
334			+if test ! -e $NX_ETC_DIR/users.id_dsa; then
335			+ $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/users.id_dsa
336			+fi
337			+
338			+if test ! -e $NX_ETC_DIR/client.id_dsa.key -o ! -e $NX_ETC_DIR/server.id_dsa.pub.key; then
339			+ $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/local.id_dsa
340			+ mv -f $NX_ETC_DIR/local.id_dsa $NX_ETC_DIR/client.id_dsa.key
341			+ mv -f $NX_ETC_DIR/local.id_dsa.pub $NX_ETC_DIR/server.id_dsa.pub.key
342			+ chmod 0600 $NX_ETC_DIR/client.id_dsa.key $NX_ETC_DIR/server.id_dsa.pub.key
343			+fi
344			+
345			+if test ! -s $NX_HOME_DIR/.ssh/known_hosts -a -e /etc/ssh/ssh_host_rsa_key.pub; then
346			+ echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts
347			+ cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts 2>/dev/null
348			+fi
349			+
350			# following two functions are Copyright by Klaus Knopper
351
352			stringinstring(){
353			@@ -1466,7 +1482,7 @@
354			done
355
356			# Check if there is already an agent running on that display on that host
357			- let AGENT_DISPLAY=$SESS_DISPLAY+6000
358			+ let AGENT_DISPLAY=$SESS_DISPLAY-$DISPLAY_BASE+6000
359			if $COMMAND_NETCAT -z "$SERVER_HOST" $AGENT_DISPLAY 2>/dev/null
360			then
361			log 2 "Warning: Stray nxagent without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY."