diff -rud -x .bzr freenx-server/nxloadconfig freenx-server.fixes/nxloadconfig --- freenx-server/nxloadconfig 2009-11-23 10:16:13.103349734 +0100 +++ freenx-server.fixes/nxloadconfig 2009-11-23 12:54:19.852601780 +0100 @@ -112,11 +112,28 @@ # Restriction directives -DISPLAY_BASE=1000 +#JJK: DISPLAY_BASE=1000 +#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd +DISPLAY_BASE=2000 SESSION_LIMIT=200 SESSION_USER_LIMIT="" #Calculated DISPLAY_LIMIT=200 +#JJK: Added the following to allow printing when using cifs mount +#JJK: Note the smb print port (#139) must then be tunnelled manually +#JJK: from on the server to port 139 on the host +#JJK: by running on the client: +#JJK: ssh ... -R ::139 +#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal +#JJK 'cifs' or in most cases 'both') then the ssh tunnel is automatically +#JJK: set up from port on the server to port 139 +#JJK: on the remote client. +#JJK: Note in *all* cases, the cups printer on the client is accessed from +#JJK: the server via the command line, using the following -h flag: +#JJK: -h localhost: [-P ] +#JJK: or via the CUPS web browser using: +#JJK: http://localhost: +SMBPORT_OFFSET=8000 ENABLE_PERSISTENT_SESSION="all" DISABLE_PERSISTENT_SESSION="" @@ -174,7 +191,11 @@ ENABLE_CUPS_SEAMLESS="0" CUPS_SEAMLESS_DELAY="10" ENABLE_FOOMATIC="1" -COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile" +#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile" +COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile" + +#JJK: added the following path referenced in nxprint +PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems CUPS_BACKEND="/usr/lib/cups/backend" CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp" @@ -194,7 +215,8 @@ KILL_DEFAULT_X_WM="1" BOOTSTRAP_X_SESSION="0" USER_X_STARTUP_SCRIPT=.Xclients -DEFAULT_X_SESSION=/etc/X11/xdm/Xsession +#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession +DEFAULT_X_SESSION=/etc/X11/xinit/Xsession COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom" if [ ! -x "$COMMAND_GDM_X_SESSION" ] then @@ -213,7 +235,7 @@ COMMAND_SSH=ssh COMMAND_SSH_KEYGEN=ssh-keygen COMMAND_CUPSD=/usr/sbin/cupsd -COMMAND_MD5SUM="openssl md5" +COMMAND_MD5SUM="md5sum" COMMAND_PERL=perl COMMAND_RDESKTOP="rdesktop" COMMAND_VNCVIEWER="vncviewer" @@ -357,7 +379,7 @@ [ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB [ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB -[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2" +[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6:$APPLICATION_LIBRARY_PATH/libXext.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1" NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g') diff -rud -x .bzr freenx-server/nxnode freenx-server.fixes/nxnode --- freenx-server/nxnode 2009-11-23 10:16:13.104350274 +0100 +++ freenx-server.fixes/nxnode 2009-11-23 11:15:44.385476686 +0100 @@ -20,6 +20,20 @@ # Read the config file . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf +#JJK: Added following 'if' stanza as a kluge since the following variables +#JJK: need to be set in cmd_node_smbmount node_umount_smb +#JJK: but they are currently set only in startsession which is called +#JJK: separately from nxserver via ssh so environment variables +#JJK: aren't preserved. +if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \ + ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \ + `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \ + ]] > /dev/null 2>&1; then + COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS + COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS + SAMBA_MOUNT_SHARE_PROTOCOL="cifs" +fi + # # ----------------------------------------------------------------------------- # Startup of nxnode @@ -659,11 +673,27 @@ touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache" + mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home + +#JJK: Modifications to cupsd.conf +#JJK: - Added SystemGroup line in order to add $USER to SystemGroup +#JJK: - Moved all the log files to log/ +#JJK: - Set AccessLog to: log/access_log (was /dev/null) +#JJK: - Added listening on $NODE_CUPSD_PORT +#JJK: Listen localhost: $NODE_CUPSD_PORT +#JJK: - Removed following line because directive is specific to Debian +#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd +#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf +#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified +#JJK: to allow Add, Delete, and Default printer without (password) +#JJK: authentication +#JJK: - Note for more detailed logging set: LogLevel debug cat < $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf -AccessLog /dev/null -ErrorLog error_log -PageLog page_log +SystemGroup sys root $USER +AccessLog log/access_log +ErrorLog log/error_log +PageLog log/page_log LogLevel info TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool @@ -671,19 +701,60 @@ StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/ CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache +Listen localhost:$NODE_CUPSD_PORT Listen $NODE_CUPSD_SOCKET Browsing Off ServerName localhost -PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd +#JJK: Restrict access to the server... Order Deny,Allow Deny From All Allow from 127.0.0.1 +#JJK: Restrict access to the admin pages... + + Encryption Required + Order allow,deny + Allow localhost + + +#JJK: Restrict access to configuration files... + + AuthType Basic + Require user @SYSTEM + Order allow,deny + Allow localhost + + # Allow everything for anonymous, because we are protected through UNIX socket +#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection + #JJK: Job-related operations must be done by the owner or an adminstrator... + + Require user @OWNER @SYSTEM + Order deny,allow + + + #JJK:All administration operations require an adminstrator to authenticate... + + AuthType Basic + Require user @SYSTEM + Order deny,allow + + + #JJK: Except need to allow these for nxnode to work + + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + Require user @OWNER @SYSTEM + Order deny,allow + + AuthType None Order deny,allow @@ -695,9 +766,17 @@ # copy mime.* files cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" + #JJK: Also copy over pstoraster.convs + cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" # start cupsd - $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null /dev/null /dev/null "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" # setup KDE if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ] @@ -747,6 +826,7 @@ fi sleep 0.5s done + rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty done } @@ -1166,6 +1246,7 @@ COMMAND_SMBMOUNT=/bin/true COMMAND_SMBUMOUNT=/bin/true + smbport=139 #JJK: still may want to do printer sharing... else # smbfs smbport=139 fi @@ -1436,7 +1517,8 @@ password=$(getparam password) share=$(getparam share) computername=$(getparam computername) - dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') +#JJK: dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') + dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g') # rdir=$(getparam dir | sed 's|$(SHARES)/||g') display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') mkdir -p "$HOME/$dir" @@ -1456,6 +1538,7 @@ echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint" else $PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display & + rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty fi } @@ -1478,6 +1561,12 @@ # this will also setup the userspace cupsd export CUPS_SERVER=$(node_cupsd_get_socket) +#JJK: The following if-stanza kludge added to enable printing when smbport=cifs +#JJK: since smb printing won't work when forwarded over port 445 + if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then + let port=$port+$SMBPORT_OFFSET + fi + if [ "$type" = "smb" ] then if [ -x "$CUPS_BACKEND/nxsmb" ] @@ -1506,6 +1595,9 @@ if [ "$ENABLE_CUPS_SEAMLESS" != "1" ] then + #JJK: Export the following variables for use by nxdialog/nxprint + #JJK: Note they are also exported in nxdialog but doesn't help there + export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display) [ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return else @@ -1513,7 +1605,11 @@ MODEL="download_cached" fi - PUBLIC="-u allow:$USER" +#JJK: I like to also allow 'guest' so you can do things like print +#JJK: testpages from the CUPS web interface. Note this is required +#JJK: even for the original user to print test pages +#JJK: PUBLIC="-u allow:$USER" + PUBLIC="-u allow:$USER,guest" [ "$public" == "1" ] && PUBLIC="" if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ] diff -rud -x .bzr freenx-server/nxprint freenx-server.fixes/nxprint --- freenx-server/nxprint 2009-11-23 10:16:13.102350032 +0100 +++ freenx-server.fixes/nxprint 2009-11-23 10:52:01.353353153 +0100 @@ -51,7 +51,8 @@ if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ] then { - cd /usr/share/ppd/ +#JJK: cd /usr/share/ppd/ + cd $PPD_DIR awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 } /\*NickName:/ { b[FILENAME]=$2 } END { diff -rud -x .bzr freenx-server/nxredir/Makefile freenx-server.fixes/nxredir/Makefile --- freenx-server/nxredir/Makefile 2009-11-23 10:16:13.100350348 +0100 +++ freenx-server.fixes/nxredir/Makefile 2009-11-23 11:57:13.481350660 +0100 @@ -9,13 +9,12 @@ $(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc clean: - rm -f $(LIBNAME) rm -f $(LIBNAME).$(VERSION) rm -f *.o ifneq ($(NX_VERSION),) install: all - install -m755 $(LIBNAME) $(DESTDIR)/$$PATH_LIB/ + install -m755 $(LIBNAME).$(VERSION) $(DESTDIR)/$$PATH_LIB/ install -m755 nxredir $(DESTDIR)/$$PATH_BIN/ install -m755 nxsmb $(DESTDIR)/$$CUPS_BACKEND/ perl -pi -e "s,PATH_LIB=.*,PATH_LIB=\"$$PATH_LIB\",g" $(DESTDIR)/$$PATH_BIN/nxredir diff -rud -x .bzr freenx-server/nxredir/nxsmb freenx-server.fixes/nxredir/nxsmb --- freenx-server/nxredir/nxsmb 2009-11-23 10:16:13.098350105 +0100 +++ freenx-server.fixes/nxredir/nxsmb 2009-11-23 10:52:01.354352855 +0100 @@ -18,6 +18,11 @@ PROTOCOL=$(echo $DEVICE_URI | cut -d/ -f4) PRINTER=$(echo $DEVICE_URI | cut -d/ -f5) +if [ "$#" -eq 0 ] +then + exit 0 +fi + if [ -z "$PRINTER" ] # old style setup then echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format." diff -rud -x .bzr freenx-server/nxserver freenx-server.fixes/nxserver --- freenx-server/nxserver 2009-11-23 10:16:13.100350348 +0100 +++ freenx-server.fixes/nxserver 2009-11-23 10:52:01.356476314 +0100 @@ -17,6 +17,22 @@ # Read the config file . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) -- +if test ! -e $NX_ETC_DIR/users.id_dsa; then + $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/users.id_dsa +fi + +if test ! -e $NX_ETC_DIR/client.id_dsa.key -o ! -e $NX_ETC_DIR/server.id_dsa.pub.key; then + $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/local.id_dsa + mv -f $NX_ETC_DIR/local.id_dsa $NX_ETC_DIR/client.id_dsa.key + mv -f $NX_ETC_DIR/local.id_dsa.pub $NX_ETC_DIR/server.id_dsa.pub.key + chmod 0600 $NX_ETC_DIR/client.id_dsa.key $NX_ETC_DIR/server.id_dsa.pub.key +fi + +if test ! -s $NX_HOME_DIR/.ssh/known_hosts -a -e /etc/ssh/ssh_host_rsa_key.pub; then + echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts + cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts 2>/dev/null +fi + # following two functions are Copyright by Klaus Knopper stringinstring(){ @@ -1466,7 +1482,7 @@ done # Check if there is already an agent running on that display on that host - let AGENT_DISPLAY=$SESS_DISPLAY+6000 + let AGENT_DISPLAY=$SESS_DISPLAY-$DISPLAY_BASE+6000 if $COMMAND_NETCAT -z "$SERVER_HOST" $AGENT_DISPLAY 2>/dev/null then log 2 "Warning: Stray nxagent without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY."