nxserver-freenx/patches/nxserver-freenx-0.7.3-nxredir.patch

diff -rud -x .bzr freenx-server/nxloadconfig freenx-server.fixes/nxloadconfig
--- freenx-server/nxloadconfig	2009-11-23 10:16:13.103349734 +0100
+++ freenx-server.fixes/nxloadconfig	2009-11-23 12:54:19.852601780 +0100
@@ -112,11 +112,28 @@
 
 # Restriction directives
 
-DISPLAY_BASE=1000
+#JJK: DISPLAY_BASE=1000
+#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
+DISPLAY_BASE=2000
 SESSION_LIMIT=200
 SESSION_USER_LIMIT="" #Calculated
 DISPLAY_LIMIT=200
 
+#JJK: Added the following to allow printing when using cifs mount
+#JJK: Note the smb print port (#139) must then be tunnelled manually
+#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
+#JJK: by running on the client: 
+#JJK:   ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
+#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
+#JJK  'cifs' or in most cases 'both') then the ssh tunnel is automatically
+#JJK: set up from port <DISPLAY+3000> on the server to port 139 
+#JJK: on the remote client.
+#JJK: Note in *all* cases, the cups printer on the client is accessed from 
+#JJK: the server via the command line, using the following -h flag:
+#JJK:   -h localhost:<DISPLAY+9000> [-P <printer name>]
+#JJK: or via the CUPS web browser using:
+#JJK:   http://localhost:<DISPLAY+9000>
+SMBPORT_OFFSET=8000
 ENABLE_PERSISTENT_SESSION="all"
 DISABLE_PERSISTENT_SESSION=""
 
@@ -174,7 +191,11 @@
 ENABLE_CUPS_SEAMLESS="0"
 CUPS_SEAMLESS_DELAY="10"
 ENABLE_FOOMATIC="1"
-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile"
+
+#JJK: added the following path referenced in nxprint
+PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
 
 CUPS_BACKEND="/usr/lib/cups/backend"
 CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
@@ -194,7 +215,8 @@
 KILL_DEFAULT_X_WM="1"
 BOOTSTRAP_X_SESSION="0"
 USER_X_STARTUP_SCRIPT=.Xclients
-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
 COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom"
 if [ ! -x "$COMMAND_GDM_X_SESSION" ]
 then
@@ -213,7 +235,7 @@
 COMMAND_SSH=ssh
 COMMAND_SSH_KEYGEN=ssh-keygen
 COMMAND_CUPSD=/usr/sbin/cupsd
-COMMAND_MD5SUM="openssl md5"
+COMMAND_MD5SUM="md5sum"
 COMMAND_PERL=perl
 COMMAND_RDESKTOP="rdesktop"
 COMMAND_VNCVIEWER="vncviewer"
@@ -357,7 +379,7 @@
 [ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB
 [ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
 [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6:$APPLICATION_LIBRARY_PATH/libXext.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1"
 
 NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g')
 
diff -rud -x .bzr freenx-server/nxnode freenx-server.fixes/nxnode
--- freenx-server/nxnode	2009-11-23 10:16:13.104350274 +0100
+++ freenx-server.fixes/nxnode	2009-11-23 11:15:44.385476686 +0100
@@ -20,6 +20,20 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
 
+#JJK: Added	following 'if' stanza as a kluge since the following variables
+#JJK: need to be set in cmd_node_smbmount node_umount_smb 
+#JJK: but they are currently set only in startsession which is called 
+#JJK: separately from nxserver via ssh so environment variables 
+#JJK: aren't preserved.
+if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \
+	 ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
+	  `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
+			]] > /dev/null 2>&1; then
+	COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
+	COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
+	SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
+fi
+
 #
 # -----------------------------------------------------------------------------
 # Startup of nxnode
@@ -659,11 +673,27 @@
 	touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 	
 	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
+	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
+
+#JJK: Modifications to cupsd.conf
+#JJK:   - Added SystemGroup line in order to add $USER to SystemGroup
+#JJK:   - Moved all the log files to log/<log>
+#JJK:   - Set AccessLog to: log/access_log (was /dev/null)
+#JJK:   - Added listening on $NODE_CUPSD_PORT
+#JJK:	         Listen localhost: $NODE_CUPSD_PORT
+#JJK:   - Removed following line because directive is specific to Debian
+#JJK:       PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
+#JJK:   -  Access restrictions borrowed from /etc/cups/cupsd.conf
+#JJK:   -  Default policy borrowed from /etc/cups/cupsd.conf but modified
+#JJK:        to allow Add, Delete, and Default printer without (password)
+#JJK:        authentication
+#JJK:   - Note for more detailed logging set: LogLevel debug
 
 cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
-AccessLog /dev/null
-ErrorLog error_log
-PageLog page_log
+SystemGroup sys root $USER
+AccessLog log/access_log
+ErrorLog log/error_log
+PageLog log/page_log
 LogLevel info
 TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
 RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
@@ -671,19 +701,60 @@
 StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
 CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
 
+Listen localhost:$NODE_CUPSD_PORT
 Listen $NODE_CUPSD_SOCKET
 Browsing Off
 ServerName localhost
-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
 
+#JJK:  Restrict access to the server...
 <Location />
 Order Deny,Allow
 Deny From All
 Allow from 127.0.0.1
 </Location>
 
+#JJK: Restrict access to the admin pages...
+<Location /admin>
+  Encryption Required
+  Order allow,deny
+  Allow localhost
+</Location>
+
+#JJK: Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Basic
+  Require user @SYSTEM
+  Order allow,deny
+  Allow localhost
+</Location>
+
 # Allow everything for anonymous, because we are protected through UNIX socket
+#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
 <Policy default>
+  #JJK: Job-related operations must be done by the owner or an adminstrator...
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK:All administration operations require an adminstrator to authenticate...
+  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Basic
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK: Except need to allow these for nxnode to work
+  <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
   <Limit All>
     AuthType None
     Order deny,allow
@@ -695,9 +766,17 @@
 
 	# copy mime.* files
 	cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
+	#JJK: Also copy over pstoraster.convs
+	cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
 
 	# start cupsd
-	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+#JJK: Note the directive PidFile in the original cupsd.conf intended for 
+#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
+#JJK: form of cupsd and capture the pid directly
+#JJK:	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+	$COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
+	NODE_CUPSD_PID=$!
+	echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 
 	# setup KDE
 	if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
@@ -747,6 +826,7 @@
 			fi
 			sleep 0.5s
 		done
+		rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
 	done
 }
 
@@ -1166,6 +1246,7 @@
 
 			COMMAND_SMBMOUNT=/bin/true
 			COMMAND_SMBUMOUNT=/bin/true
+			smbport=139    #JJK: still may want to do printer sharing...
 		else # smbfs
 			smbport=139
 		fi
@@ -1436,7 +1517,8 @@
 	password=$(getparam password)
 	share=$(getparam share)
 	computername=$(getparam computername)
-	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+#JJK:	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+	dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g')
 	# rdir=$(getparam dir | sed 's|$(SHARES)/||g')
 	display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') 
 	mkdir -p "$HOME/$dir"
@@ -1456,6 +1538,7 @@
 		echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
 	else
 		$PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
+		rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
 	fi
 }
 
@@ -1478,6 +1561,12 @@
 	# this will also setup the userspace cupsd
 	export CUPS_SERVER=$(node_cupsd_get_socket)
 	
+#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
+#JJK: since smb printing won't work when forwarded over port 445
+	if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
+		let port=$port+$SMBPORT_OFFSET
+	fi
+
 	if [ "$type" = "smb" ]
 	then
 		if [ -x "$CUPS_BACKEND/nxsmb" ]
@@ -1506,6 +1595,9 @@
 
 	if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
 	then
+        #JJK: Export the following variables for use by nxdialog/nxprint
+        #JJK: Note they are also exported in nxdialog but doesn't help there
+	    export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
 		MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
 		[ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
 	else
@@ -1513,7 +1605,11 @@
 		MODEL="download_cached"
 	fi
 	
-	PUBLIC="-u allow:$USER"
+#JJK: I like to also allow 'guest' so you can do things like print
+#JJK: testpages from the CUPS web interface. Note this is required
+#JJK: even for the original user to print test pages	
+#JJK:	PUBLIC="-u allow:$USER"
+	PUBLIC="-u allow:$USER,guest"	
 	[ "$public" == "1" ] && PUBLIC=""
 
 	if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
diff -rud -x .bzr freenx-server/nxprint freenx-server.fixes/nxprint
--- freenx-server/nxprint	2009-11-23 10:16:13.102350032 +0100
+++ freenx-server.fixes/nxprint	2009-11-23 10:52:01.353353153 +0100
@@ -51,7 +51,8 @@
 	if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
 	then
 		{ 
-		cd /usr/share/ppd/
+#JJK:		cd /usr/share/ppd/
+		cd $PPD_DIR
 		awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
 			    /\*NickName:/ { b[FILENAME]=$2 } 
 			    END { 
diff -rud -x .bzr freenx-server/nxredir/Makefile freenx-server.fixes/nxredir/Makefile
--- freenx-server/nxredir/Makefile	2009-11-23 10:16:13.100350348 +0100
+++ freenx-server.fixes/nxredir/Makefile	2009-11-23 11:57:13.481350660 +0100
@@ -9,13 +9,12 @@
 	$(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc
 
 clean:
-	rm -f $(LIBNAME)
 	rm -f $(LIBNAME).$(VERSION)
 	rm -f *.o
 
 ifneq ($(NX_VERSION),)
 install: all
-	install -m755 $(LIBNAME) $(DESTDIR)/$$PATH_LIB/
+	install -m755 $(LIBNAME).$(VERSION) $(DESTDIR)/$$PATH_LIB/
 	install -m755 nxredir $(DESTDIR)/$$PATH_BIN/
 	install -m755 nxsmb $(DESTDIR)/$$CUPS_BACKEND/
 	perl -pi -e "s,PATH_LIB=.*,PATH_LIB=\"$$PATH_LIB\",g" $(DESTDIR)/$$PATH_BIN/nxredir
diff -rud -x .bzr freenx-server/nxredir/nxsmb freenx-server.fixes/nxredir/nxsmb
--- freenx-server/nxredir/nxsmb	2009-11-23 10:16:13.098350105 +0100
+++ freenx-server.fixes/nxredir/nxsmb	2009-11-23 10:52:01.354352855 +0100
@@ -18,6 +18,11 @@
 PROTOCOL=$(echo $DEVICE_URI | cut -d/ -f4)
 PRINTER=$(echo $DEVICE_URI | cut -d/ -f5)
 
+if [ "$#" -eq 0 ]
+then
+	exit 0
+fi
+
 if [ -z "$PRINTER" ] # old style setup
 then
 	echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format."
diff -rud -x .bzr freenx-server/nxserver freenx-server.fixes/nxserver
--- freenx-server/nxserver	2009-11-23 10:16:13.100350348 +0100
+++ freenx-server.fixes/nxserver	2009-11-23 10:52:01.356476314 +0100
@@ -17,6 +17,22 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --
 
+if test ! -e $NX_ETC_DIR/users.id_dsa; then
+  $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/users.id_dsa
+fi
+
+if test ! -e $NX_ETC_DIR/client.id_dsa.key -o ! -e $NX_ETC_DIR/server.id_dsa.pub.key; then
+  $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/local.id_dsa
+  mv -f $NX_ETC_DIR/local.id_dsa $NX_ETC_DIR/client.id_dsa.key
+  mv -f $NX_ETC_DIR/local.id_dsa.pub $NX_ETC_DIR/server.id_dsa.pub.key
+  chmod 0600 $NX_ETC_DIR/client.id_dsa.key $NX_ETC_DIR/server.id_dsa.pub.key
+fi
+
+if test ! -s $NX_HOME_DIR/.ssh/known_hosts -a -e /etc/ssh/ssh_host_rsa_key.pub; then
+  echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts
+  cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts 2>/dev/null
+fi
+
 # following two functions are Copyright by Klaus Knopper
 
 stringinstring(){
@@ -1466,7 +1482,7 @@
 			done
 
 			# Check if there is already an agent running on that display on that host
-			let AGENT_DISPLAY=$SESS_DISPLAY+6000
+			let AGENT_DISPLAY=$SESS_DISPLAY-$DISPLAY_BASE+6000
 			if $COMMAND_NETCAT -z "$SERVER_HOST" $AGENT_DISPLAY 2>/dev/null
 			then
 				log 2 "Warning: Stray nxagent without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY."
1	diff -rud -x .bzr freenx-server/nxloadconfig freenx-server.fixes/nxloadconfig
2	--- freenx-server/nxloadconfig 2009-11-23 10:16:13.103349734 +0100
3	+++ freenx-server.fixes/nxloadconfig 2009-11-23 12:54:19.852601780 +0100
4	@@ -112,11 +112,28 @@
5
6	# Restriction directives
7
8	-DISPLAY_BASE=1000
9	+#JJK: DISPLAY_BASE=1000
10	+#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
11	+DISPLAY_BASE=2000
12	SESSION_LIMIT=200
13	SESSION_USER_LIMIT="" #Calculated
14	DISPLAY_LIMIT=200
15
16	+#JJK: Added the following to allow printing when using cifs mount
17	+#JJK: Note the smb print port (#139) must then be tunnelled manually
18	+#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
19	+#JJK: by running on the client:
20	+#JJK: ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
21	+#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
22	+#JJK 'cifs' or in most cases 'both') then the ssh tunnel is automatically
23	+#JJK: set up from port <DISPLAY+3000> on the server to port 139
24	+#JJK: on the remote client.
25	+#JJK: Note in all cases, the cups printer on the client is accessed from
26	+#JJK: the server via the command line, using the following -h flag:
27	+#JJK: -h localhost:<DISPLAY+9000> [-P <printer name>]
28	+#JJK: or via the CUPS web browser using:
29	+#JJK: http://localhost:<DISPLAY+9000>
30	+SMBPORT_OFFSET=8000
31	ENABLE_PERSISTENT_SESSION="all"
32	DISABLE_PERSISTENT_SESSION=""
33
34	@@ -174,7 +191,11 @@
35	ENABLE_CUPS_SEAMLESS="0"
36	CUPS_SEAMLESS_DELAY="10"
37	ENABLE_FOOMATIC="1"
38	-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
39	+#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
40	+COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile"
41	+
42	+#JJK: added the following path referenced in nxprint
43	+PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
44
45	CUPS_BACKEND="/usr/lib/cups/backend"
46	CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
47	@@ -194,7 +215,8 @@
48	KILL_DEFAULT_X_WM="1"
49	BOOTSTRAP_X_SESSION="0"
50	USER_X_STARTUP_SCRIPT=.Xclients
51	-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
52	+#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
53	+DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
54	COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom"
55	if [ ! -x "$COMMAND_GDM_X_SESSION" ]
56	then
57	@@ -213,7 +235,7 @@
58	COMMAND_SSH=ssh
59	COMMAND_SSH_KEYGEN=ssh-keygen
60	COMMAND_CUPSD=/usr/sbin/cupsd
61	-COMMAND_MD5SUM="openssl md5"
62	+COMMAND_MD5SUM="md5sum"
63	COMMAND_PERL=perl
64	COMMAND_RDESKTOP="rdesktop"
65	COMMAND_VNCVIEWER="vncviewer"
66	@@ -357,7 +379,7 @@
67	[ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB
68	[ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
69	[ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
70	-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
71	+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6:$APPLICATION_LIBRARY_PATH/libXext.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1"
72
73	NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null \| egrep 'NXAGENT - Version' \| sed 's/.*Version //g')
74
75	diff -rud -x .bzr freenx-server/nxnode freenx-server.fixes/nxnode
76	--- freenx-server/nxnode 2009-11-23 10:16:13.104350274 +0100
77	+++ freenx-server.fixes/nxnode 2009-11-23 11:15:44.385476686 +0100
78	@@ -20,6 +20,20 @@
79	# Read the config file
80	. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
81
82	+#JJK: Added following 'if' stanza as a kluge since the following variables
83	+#JJK: need to be set in cmd_node_smbmount node_umount_smb
84	+#JJK: but they are currently set only in startsession which is called
85	+#JJK: separately from nxserver via ssh so environment variables
86	+#JJK: aren't preserved.
87	+if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" \|\| \
88	+ ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
89	+ `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
90	+ ]] > /dev/null 2>&1; then
91	+ COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
92	+ COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
93	+ SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
94	+fi
95	+
96	#
97	# -----------------------------------------------------------------------------
98	# Startup of nxnode
99	@@ -659,11 +673,27 @@
100	touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
101
102	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
103	+ mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
104	+
105	+#JJK: Modifications to cupsd.conf
106	+#JJK: - Added SystemGroup line in order to add $USER to SystemGroup
107	+#JJK: - Moved all the log files to log/<log>
108	+#JJK: - Set AccessLog to: log/access_log (was /dev/null)
109	+#JJK: - Added listening on $NODE_CUPSD_PORT
110	+#JJK: Listen localhost: $NODE_CUPSD_PORT
111	+#JJK: - Removed following line because directive is specific to Debian
112	+#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
113	+#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf
114	+#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified
115	+#JJK: to allow Add, Delete, and Default printer without (password)
116	+#JJK: authentication
117	+#JJK: - Note for more detailed logging set: LogLevel debug
118
119	cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
120	-AccessLog /dev/null
121	-ErrorLog error_log
122	-PageLog page_log
123	+SystemGroup sys root $USER
124	+AccessLog log/access_log
125	+ErrorLog log/error_log
126	+PageLog log/page_log
127	LogLevel info
128	TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
129	RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
130	@@ -671,19 +701,60 @@
131	StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
132	CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
133
134	+Listen localhost:$NODE_CUPSD_PORT
135	Listen $NODE_CUPSD_SOCKET
136	Browsing Off
137	ServerName localhost
138	-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
139
140	+#JJK: Restrict access to the server...
141	<Location />
142	Order Deny,Allow
143	Deny From All
144	Allow from 127.0.0.1
145	</Location>
146
147	+#JJK: Restrict access to the admin pages...
148	+<Location /admin>
149	+ Encryption Required
150	+ Order allow,deny
151	+ Allow localhost
152	+</Location>
153	+
154	+#JJK: Restrict access to configuration files...
155	+<Location /admin/conf>
156	+ AuthType Basic
157	+ Require user @SYSTEM
158	+ Order allow,deny
159	+ Allow localhost
160	+</Location>
161	+
162	# Allow everything for anonymous, because we are protected through UNIX socket
163	+#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
164	<Policy default>
165	+ #JJK: Job-related operations must be done by the owner or an adminstrator...
166	+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
167	+ Require user @OWNER @SYSTEM
168	+ Order deny,allow
169	+ </Limit>
170	+
171	+ #JJK:All administration operations require an adminstrator to authenticate...
172	+ <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
173	+ AuthType Basic
174	+ Require user @SYSTEM
175	+ Order deny,allow
176	+ </Limit>
177	+
178	+ #JJK: Except need to allow these for nxnode to work
179	+ <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
180	+ Order deny,allow
181	+ </Limit>
182	+
183	+ # Only the owner or an administrator can cancel or authenticate a job...
184	+ <Limit Cancel-Job CUPS-Authenticate-Job>
185	+ Require user @OWNER @SYSTEM
186	+ Order deny,allow
187	+ </Limit>
188	+
189	<Limit All>
190	AuthType None
191	Order deny,allow
192	@@ -695,9 +766,17 @@
193
194	# copy mime.* files
195	cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
196	+ #JJK: Also copy over pstoraster.convs
197	+ cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
198
199	# start cupsd
200	- $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
201	+#JJK: Note the directive PidFile in the original cupsd.conf intended for
202	+#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
203	+#JJK: form of cupsd and capture the pid directly
204	+#JJK: $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
205	+ $COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
206	+ NODE_CUPSD_PID=$!
207	+ echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
208
209	# setup KDE
210	if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
211	@@ -747,6 +826,7 @@
212	fi
213	sleep 0.5s
214	done
215	+ rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
216	done
217	}
218
219	@@ -1166,6 +1246,7 @@
220
221	COMMAND_SMBMOUNT=/bin/true
222	COMMAND_SMBUMOUNT=/bin/true
223	+ smbport=139 #JJK: still may want to do printer sharing...
224	else # smbfs
225	smbport=139
226	fi
227	@@ -1436,7 +1517,8 @@
228	password=$(getparam password)
229	share=$(getparam share)
230	computername=$(getparam computername)
231	- dir=$(getparam dir \| sed 's\|$(SHARES)\|MyShares\|g')
232	+#JJK: dir=$(getparam dir \| sed 's\|$(SHARES)\|MyShares\|g')
233	+ dir=$(getparam dir \| sed 's/\(%24\\|\$\)(SHARES)/MyShares/g')
234	# rdir=$(getparam dir \| sed 's\|$(SHARES)/\|\|g')
235	display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid \| awk 'BEGIN {FS="-"} {i=NF-1; print $i}')
236	mkdir -p "$HOME/$dir"
237	@@ -1456,6 +1538,7 @@
238	echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
239	else
240	$PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
241	+ rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
242	fi
243	}
244
245	@@ -1478,6 +1561,12 @@
246	# this will also setup the userspace cupsd
247	export CUPS_SERVER=$(node_cupsd_get_socket)
248
249	+#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
250	+#JJK: since smb printing won't work when forwarded over port 445
251	+ if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
252	+ let port=$port+$SMBPORT_OFFSET
253	+ fi
254	+
255	if [ "$type" = "smb" ]
256	then
257	if [ -x "$CUPS_BACKEND/nxsmb" ]
258	@@ -1506,6 +1595,9 @@
259
260	if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
261	then
262	+ #JJK: Export the following variables for use by nxdialog/nxprint
263	+ #JJK: Note they are also exported in nxdialog but doesn't help there
264	+ export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
265	MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
266	[ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
267	else
268	@@ -1513,7 +1605,11 @@
269	MODEL="download_cached"
270	fi
271
272	- PUBLIC="-u allow:$USER"
273	+#JJK: I like to also allow 'guest' so you can do things like print
274	+#JJK: testpages from the CUPS web interface. Note this is required
275	+#JJK: even for the original user to print test pages
276	+#JJK: PUBLIC="-u allow:$USER"
277	+ PUBLIC="-u allow:$USER,guest"
278	[ "$public" == "1" ] && PUBLIC=""
279
280	if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
281	diff -rud -x .bzr freenx-server/nxprint freenx-server.fixes/nxprint
282	--- freenx-server/nxprint 2009-11-23 10:16:13.102350032 +0100
283	+++ freenx-server.fixes/nxprint 2009-11-23 10:52:01.353353153 +0100
284	@@ -51,7 +51,8 @@
285	if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
286	then
287	{
288	- cd /usr/share/ppd/
289	+#JJK: cd /usr/share/ppd/
290	+ cd $PPD_DIR
291	awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
292	/\*NickName:/ { b[FILENAME]=$2 }
293	END {
294	diff -rud -x .bzr freenx-server/nxredir/Makefile freenx-server.fixes/nxredir/Makefile
295	--- freenx-server/nxredir/Makefile 2009-11-23 10:16:13.100350348 +0100
296	+++ freenx-server.fixes/nxredir/Makefile 2009-11-23 11:57:13.481350660 +0100
297	@@ -9,13 +9,12 @@
298	$(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc
299
300	clean:
301	- rm -f $(LIBNAME)
302	rm -f $(LIBNAME).$(VERSION)
303	rm -f *.o
304
305	ifneq ($(NX_VERSION),)
306	install: all
307	- install -m755 $(LIBNAME) $(DESTDIR)/$$PATH_LIB/
308	+ install -m755 $(LIBNAME).$(VERSION) $(DESTDIR)/$$PATH_LIB/
309	install -m755 nxredir $(DESTDIR)/$$PATH_BIN/
310	install -m755 nxsmb $(DESTDIR)/$$CUPS_BACKEND/
311	perl -pi -e "s,PATH_LIB=.*,PATH_LIB=\"$$PATH_LIB\",g" $(DESTDIR)/$$PATH_BIN/nxredir
312	diff -rud -x .bzr freenx-server/nxredir/nxsmb freenx-server.fixes/nxredir/nxsmb
313	--- freenx-server/nxredir/nxsmb 2009-11-23 10:16:13.098350105 +0100
314	+++ freenx-server.fixes/nxredir/nxsmb 2009-11-23 10:52:01.354352855 +0100
315	@@ -18,6 +18,11 @@
316	PROTOCOL=$(echo $DEVICE_URI \| cut -d/ -f4)
317	PRINTER=$(echo $DEVICE_URI \| cut -d/ -f5)
318
319	+if [ "$#" -eq 0 ]
320	+then
321	+ exit 0
322	+fi
323	+
324	if [ -z "$PRINTER" ] # old style setup
325	then
326	echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format."
327	diff -rud -x .bzr freenx-server/nxserver freenx-server.fixes/nxserver
328	--- freenx-server/nxserver 2009-11-23 10:16:13.100350348 +0100
329	+++ freenx-server.fixes/nxserver 2009-11-23 10:52:01.356476314 +0100
330	@@ -17,6 +17,22 @@
331	# Read the config file
332	. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --
333
334	+if test ! -e $NX_ETC_DIR/users.id_dsa; then
335	+ $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/users.id_dsa
336	+fi
337	+
338	+if test ! -e $NX_ETC_DIR/client.id_dsa.key -o ! -e $NX_ETC_DIR/server.id_dsa.pub.key; then
339	+ $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/local.id_dsa
340	+ mv -f $NX_ETC_DIR/local.id_dsa $NX_ETC_DIR/client.id_dsa.key
341	+ mv -f $NX_ETC_DIR/local.id_dsa.pub $NX_ETC_DIR/server.id_dsa.pub.key
342	+ chmod 0600 $NX_ETC_DIR/client.id_dsa.key $NX_ETC_DIR/server.id_dsa.pub.key
343	+fi
344	+
345	+if test ! -s $NX_HOME_DIR/.ssh/known_hosts -a -e /etc/ssh/ssh_host_rsa_key.pub; then
346	+ echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts
347	+ cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts 2>/dev/null
348	+fi
349	+
350	# following two functions are Copyright by Klaus Knopper
351
352	stringinstring(){
353	@@ -1466,7 +1482,7 @@
354	done
355
356	# Check if there is already an agent running on that display on that host
357	- let AGENT_DISPLAY=$SESS_DISPLAY+6000
358	+ let AGENT_DISPLAY=$SESS_DISPLAY-$DISPLAY_BASE+6000
359	if $COMMAND_NETCAT -z "$SERVER_HOST" $AGENT_DISPLAY 2>/dev/null
360	then
361	log 2 "Warning: Stray nxagent without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY."