Contents of /trunk/nxserver-freenx/patches/nxserver-freenx-0.7.3-nxredir.patch
Parent Directory | Revision Log
Revision 1792 -
(show annotations)
(download)
Mon Jun 4 14:33:04 2012 UTC (12 years, 3 months ago) by niro
File size: 14696 byte(s)
Mon Jun 4 14:33:04 2012 UTC (12 years, 3 months ago) by niro
File size: 14696 byte(s)
-freenx-0.7.3 patches and files
1 | diff -rud -x .bzr freenx-server/nxloadconfig freenx-server.fixes/nxloadconfig |
2 | --- freenx-server/nxloadconfig 2009-11-23 10:16:13.103349734 +0100 |
3 | +++ freenx-server.fixes/nxloadconfig 2009-11-23 12:54:19.852601780 +0100 |
4 | @@ -112,11 +112,28 @@ |
5 | |
6 | # Restriction directives |
7 | |
8 | -DISPLAY_BASE=1000 |
9 | +#JJK: DISPLAY_BASE=1000 |
10 | +#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd |
11 | +DISPLAY_BASE=2000 |
12 | SESSION_LIMIT=200 |
13 | SESSION_USER_LIMIT="" #Calculated |
14 | DISPLAY_LIMIT=200 |
15 | |
16 | +#JJK: Added the following to allow printing when using cifs mount |
17 | +#JJK: Note the smb print port (#139) must then be tunnelled manually |
18 | +#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host |
19 | +#JJK: by running on the client: |
20 | +#JJK: ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139 |
21 | +#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal |
22 | +#JJK 'cifs' or in most cases 'both') then the ssh tunnel is automatically |
23 | +#JJK: set up from port <DISPLAY+3000> on the server to port 139 |
24 | +#JJK: on the remote client. |
25 | +#JJK: Note in *all* cases, the cups printer on the client is accessed from |
26 | +#JJK: the server via the command line, using the following -h flag: |
27 | +#JJK: -h localhost:<DISPLAY+9000> [-P <printer name>] |
28 | +#JJK: or via the CUPS web browser using: |
29 | +#JJK: http://localhost:<DISPLAY+9000> |
30 | +SMBPORT_OFFSET=8000 |
31 | ENABLE_PERSISTENT_SESSION="all" |
32 | DISABLE_PERSISTENT_SESSION="" |
33 | |
34 | @@ -174,7 +191,11 @@ |
35 | ENABLE_CUPS_SEAMLESS="0" |
36 | CUPS_SEAMLESS_DELAY="10" |
37 | ENABLE_FOOMATIC="1" |
38 | -COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile" |
39 | +#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile" |
40 | +COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile" |
41 | + |
42 | +#JJK: added the following path referenced in nxprint |
43 | +PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems |
44 | |
45 | CUPS_BACKEND="/usr/lib/cups/backend" |
46 | CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp" |
47 | @@ -194,7 +215,8 @@ |
48 | KILL_DEFAULT_X_WM="1" |
49 | BOOTSTRAP_X_SESSION="0" |
50 | USER_X_STARTUP_SCRIPT=.Xclients |
51 | -DEFAULT_X_SESSION=/etc/X11/xdm/Xsession |
52 | +#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession |
53 | +DEFAULT_X_SESSION=/etc/X11/xinit/Xsession |
54 | COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom" |
55 | if [ ! -x "$COMMAND_GDM_X_SESSION" ] |
56 | then |
57 | @@ -213,7 +235,7 @@ |
58 | COMMAND_SSH=ssh |
59 | COMMAND_SSH_KEYGEN=ssh-keygen |
60 | COMMAND_CUPSD=/usr/sbin/cupsd |
61 | -COMMAND_MD5SUM="openssl md5" |
62 | +COMMAND_MD5SUM="md5sum" |
63 | COMMAND_PERL=perl |
64 | COMMAND_RDESKTOP="rdesktop" |
65 | COMMAND_VNCVIEWER="vncviewer" |
66 | @@ -357,7 +379,7 @@ |
67 | [ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB |
68 | [ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB |
69 | [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB |
70 | -[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2" |
71 | +[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6:$APPLICATION_LIBRARY_PATH/libXext.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1" |
72 | |
73 | NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g') |
74 | |
75 | diff -rud -x .bzr freenx-server/nxnode freenx-server.fixes/nxnode |
76 | --- freenx-server/nxnode 2009-11-23 10:16:13.104350274 +0100 |
77 | +++ freenx-server.fixes/nxnode 2009-11-23 11:15:44.385476686 +0100 |
78 | @@ -20,6 +20,20 @@ |
79 | # Read the config file |
80 | . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf |
81 | |
82 | +#JJK: Added following 'if' stanza as a kluge since the following variables |
83 | +#JJK: need to be set in cmd_node_smbmount node_umount_smb |
84 | +#JJK: but they are currently set only in startsession which is called |
85 | +#JJK: separately from nxserver via ssh so environment variables |
86 | +#JJK: aren't preserved. |
87 | +if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \ |
88 | + ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \ |
89 | + `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \ |
90 | + ]] > /dev/null 2>&1; then |
91 | + COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS |
92 | + COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS |
93 | + SAMBA_MOUNT_SHARE_PROTOCOL="cifs" |
94 | +fi |
95 | + |
96 | # |
97 | # ----------------------------------------------------------------------------- |
98 | # Startup of nxnode |
99 | @@ -659,11 +673,27 @@ |
100 | touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" |
101 | |
102 | mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache" |
103 | + mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home |
104 | + |
105 | +#JJK: Modifications to cupsd.conf |
106 | +#JJK: - Added SystemGroup line in order to add $USER to SystemGroup |
107 | +#JJK: - Moved all the log files to log/<log> |
108 | +#JJK: - Set AccessLog to: log/access_log (was /dev/null) |
109 | +#JJK: - Added listening on $NODE_CUPSD_PORT |
110 | +#JJK: Listen localhost: $NODE_CUPSD_PORT |
111 | +#JJK: - Removed following line because directive is specific to Debian |
112 | +#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd |
113 | +#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf |
114 | +#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified |
115 | +#JJK: to allow Add, Delete, and Default printer without (password) |
116 | +#JJK: authentication |
117 | +#JJK: - Note for more detailed logging set: LogLevel debug |
118 | |
119 | cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf |
120 | -AccessLog /dev/null |
121 | -ErrorLog error_log |
122 | -PageLog page_log |
123 | +SystemGroup sys root $USER |
124 | +AccessLog log/access_log |
125 | +ErrorLog log/error_log |
126 | +PageLog log/page_log |
127 | LogLevel info |
128 | TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp |
129 | RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool |
130 | @@ -671,19 +701,60 @@ |
131 | StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/ |
132 | CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache |
133 | |
134 | +Listen localhost:$NODE_CUPSD_PORT |
135 | Listen $NODE_CUPSD_SOCKET |
136 | Browsing Off |
137 | ServerName localhost |
138 | -PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd |
139 | |
140 | +#JJK: Restrict access to the server... |
141 | <Location /> |
142 | Order Deny,Allow |
143 | Deny From All |
144 | Allow from 127.0.0.1 |
145 | </Location> |
146 | |
147 | +#JJK: Restrict access to the admin pages... |
148 | +<Location /admin> |
149 | + Encryption Required |
150 | + Order allow,deny |
151 | + Allow localhost |
152 | +</Location> |
153 | + |
154 | +#JJK: Restrict access to configuration files... |
155 | +<Location /admin/conf> |
156 | + AuthType Basic |
157 | + Require user @SYSTEM |
158 | + Order allow,deny |
159 | + Allow localhost |
160 | +</Location> |
161 | + |
162 | # Allow everything for anonymous, because we are protected through UNIX socket |
163 | +#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection |
164 | <Policy default> |
165 | + #JJK: Job-related operations must be done by the owner or an adminstrator... |
166 | + <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> |
167 | + Require user @OWNER @SYSTEM |
168 | + Order deny,allow |
169 | + </Limit> |
170 | + |
171 | + #JJK:All administration operations require an adminstrator to authenticate... |
172 | + <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs> |
173 | + AuthType Basic |
174 | + Require user @SYSTEM |
175 | + Order deny,allow |
176 | + </Limit> |
177 | + |
178 | + #JJK: Except need to allow these for nxnode to work |
179 | + <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default> |
180 | + Order deny,allow |
181 | + </Limit> |
182 | + |
183 | + # Only the owner or an administrator can cancel or authenticate a job... |
184 | + <Limit Cancel-Job CUPS-Authenticate-Job> |
185 | + Require user @OWNER @SYSTEM |
186 | + Order deny,allow |
187 | + </Limit> |
188 | + |
189 | <Limit All> |
190 | AuthType None |
191 | Order deny,allow |
192 | @@ -695,9 +766,17 @@ |
193 | |
194 | # copy mime.* files |
195 | cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" |
196 | + #JJK: Also copy over pstoraster.convs |
197 | + cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" |
198 | |
199 | # start cupsd |
200 | - $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null |
201 | +#JJK: Note the directive PidFile in the original cupsd.conf intended for |
202 | +#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon |
203 | +#JJK: form of cupsd and capture the pid directly |
204 | +#JJK: $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null |
205 | + $COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null & |
206 | + NODE_CUPSD_PID=$! |
207 | + echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" |
208 | |
209 | # setup KDE |
210 | if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ] |
211 | @@ -747,6 +826,7 @@ |
212 | fi |
213 | sleep 0.5s |
214 | done |
215 | + rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty |
216 | done |
217 | } |
218 | |
219 | @@ -1166,6 +1246,7 @@ |
220 | |
221 | COMMAND_SMBMOUNT=/bin/true |
222 | COMMAND_SMBUMOUNT=/bin/true |
223 | + smbport=139 #JJK: still may want to do printer sharing... |
224 | else # smbfs |
225 | smbport=139 |
226 | fi |
227 | @@ -1436,7 +1517,8 @@ |
228 | password=$(getparam password) |
229 | share=$(getparam share) |
230 | computername=$(getparam computername) |
231 | - dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') |
232 | +#JJK: dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') |
233 | + dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g') |
234 | # rdir=$(getparam dir | sed 's|$(SHARES)/||g') |
235 | display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') |
236 | mkdir -p "$HOME/$dir" |
237 | @@ -1456,6 +1538,7 @@ |
238 | echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint" |
239 | else |
240 | $PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display & |
241 | + rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty |
242 | fi |
243 | } |
244 | |
245 | @@ -1478,6 +1561,12 @@ |
246 | # this will also setup the userspace cupsd |
247 | export CUPS_SERVER=$(node_cupsd_get_socket) |
248 | |
249 | +#JJK: The following if-stanza kludge added to enable printing when smbport=cifs |
250 | +#JJK: since smb printing won't work when forwarded over port 445 |
251 | + if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then |
252 | + let port=$port+$SMBPORT_OFFSET |
253 | + fi |
254 | + |
255 | if [ "$type" = "smb" ] |
256 | then |
257 | if [ -x "$CUPS_BACKEND/nxsmb" ] |
258 | @@ -1506,6 +1595,9 @@ |
259 | |
260 | if [ "$ENABLE_CUPS_SEAMLESS" != "1" ] |
261 | then |
262 | + #JJK: Export the following variables for use by nxdialog/nxprint |
263 | + #JJK: Note they are also exported in nxdialog but doesn't help there |
264 | + export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR |
265 | MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display) |
266 | [ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return |
267 | else |
268 | @@ -1513,7 +1605,11 @@ |
269 | MODEL="download_cached" |
270 | fi |
271 | |
272 | - PUBLIC="-u allow:$USER" |
273 | +#JJK: I like to also allow 'guest' so you can do things like print |
274 | +#JJK: testpages from the CUPS web interface. Note this is required |
275 | +#JJK: even for the original user to print test pages |
276 | +#JJK: PUBLIC="-u allow:$USER" |
277 | + PUBLIC="-u allow:$USER,guest" |
278 | [ "$public" == "1" ] && PUBLIC="" |
279 | |
280 | if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ] |
281 | diff -rud -x .bzr freenx-server/nxprint freenx-server.fixes/nxprint |
282 | --- freenx-server/nxprint 2009-11-23 10:16:13.102350032 +0100 |
283 | +++ freenx-server.fixes/nxprint 2009-11-23 10:52:01.353353153 +0100 |
284 | @@ -51,7 +51,8 @@ |
285 | if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ] |
286 | then |
287 | { |
288 | - cd /usr/share/ppd/ |
289 | +#JJK: cd /usr/share/ppd/ |
290 | + cd $PPD_DIR |
291 | awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 } |
292 | /\*NickName:/ { b[FILENAME]=$2 } |
293 | END { |
294 | diff -rud -x .bzr freenx-server/nxredir/Makefile freenx-server.fixes/nxredir/Makefile |
295 | --- freenx-server/nxredir/Makefile 2009-11-23 10:16:13.100350348 +0100 |
296 | +++ freenx-server.fixes/nxredir/Makefile 2009-11-23 11:57:13.481350660 +0100 |
297 | @@ -9,13 +9,12 @@ |
298 | $(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc |
299 | |
300 | clean: |
301 | - rm -f $(LIBNAME) |
302 | rm -f $(LIBNAME).$(VERSION) |
303 | rm -f *.o |
304 | |
305 | ifneq ($(NX_VERSION),) |
306 | install: all |
307 | - install -m755 $(LIBNAME) $(DESTDIR)/$$PATH_LIB/ |
308 | + install -m755 $(LIBNAME).$(VERSION) $(DESTDIR)/$$PATH_LIB/ |
309 | install -m755 nxredir $(DESTDIR)/$$PATH_BIN/ |
310 | install -m755 nxsmb $(DESTDIR)/$$CUPS_BACKEND/ |
311 | perl -pi -e "s,PATH_LIB=.*,PATH_LIB=\"$$PATH_LIB\",g" $(DESTDIR)/$$PATH_BIN/nxredir |
312 | diff -rud -x .bzr freenx-server/nxredir/nxsmb freenx-server.fixes/nxredir/nxsmb |
313 | --- freenx-server/nxredir/nxsmb 2009-11-23 10:16:13.098350105 +0100 |
314 | +++ freenx-server.fixes/nxredir/nxsmb 2009-11-23 10:52:01.354352855 +0100 |
315 | @@ -18,6 +18,11 @@ |
316 | PROTOCOL=$(echo $DEVICE_URI | cut -d/ -f4) |
317 | PRINTER=$(echo $DEVICE_URI | cut -d/ -f5) |
318 | |
319 | +if [ "$#" -eq 0 ] |
320 | +then |
321 | + exit 0 |
322 | +fi |
323 | + |
324 | if [ -z "$PRINTER" ] # old style setup |
325 | then |
326 | echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format." |
327 | diff -rud -x .bzr freenx-server/nxserver freenx-server.fixes/nxserver |
328 | --- freenx-server/nxserver 2009-11-23 10:16:13.100350348 +0100 |
329 | +++ freenx-server.fixes/nxserver 2009-11-23 10:52:01.356476314 +0100 |
330 | @@ -17,6 +17,22 @@ |
331 | # Read the config file |
332 | . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) -- |
333 | |
334 | +if test ! -e $NX_ETC_DIR/users.id_dsa; then |
335 | + $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/users.id_dsa |
336 | +fi |
337 | + |
338 | +if test ! -e $NX_ETC_DIR/client.id_dsa.key -o ! -e $NX_ETC_DIR/server.id_dsa.pub.key; then |
339 | + $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/local.id_dsa |
340 | + mv -f $NX_ETC_DIR/local.id_dsa $NX_ETC_DIR/client.id_dsa.key |
341 | + mv -f $NX_ETC_DIR/local.id_dsa.pub $NX_ETC_DIR/server.id_dsa.pub.key |
342 | + chmod 0600 $NX_ETC_DIR/client.id_dsa.key $NX_ETC_DIR/server.id_dsa.pub.key |
343 | +fi |
344 | + |
345 | +if test ! -s $NX_HOME_DIR/.ssh/known_hosts -a -e /etc/ssh/ssh_host_rsa_key.pub; then |
346 | + echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts |
347 | + cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts 2>/dev/null |
348 | +fi |
349 | + |
350 | # following two functions are Copyright by Klaus Knopper |
351 | |
352 | stringinstring(){ |
353 | @@ -1466,7 +1482,7 @@ |
354 | done |
355 | |
356 | # Check if there is already an agent running on that display on that host |
357 | - let AGENT_DISPLAY=$SESS_DISPLAY+6000 |
358 | + let AGENT_DISPLAY=$SESS_DISPLAY-$DISPLAY_BASE+6000 |
359 | if $COMMAND_NETCAT -z "$SERVER_HOST" $AGENT_DISPLAY 2>/dev/null |
360 | then |
361 | log 2 "Warning: Stray nxagent without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY." |