[FreeNX-kNX] Cumulative patches against 0.7.1
Jeffrey J. Kosowsky
berlios at kosowsky.org
Sun Dec 30 23:10:05 UTC 2007
Here are some notes explaining how one can do simultaneous printer and
file sharing using my patch.
The way I set it up, cifs file sharing (i.e. mounting of remote client samba
shares using mount.cifs) will work by default when you have
SAMBA_MOUNT_SHARE_PROTOCOL="cifs" or "both" (unless you are on windows 9x)
If you want to do printing *instead* of file-sharing, then you should change
SAMBA_MOUNT_SHARE_PROTOCOL to "smbfs".
If you want to do both cifs file sharing and printer sharing, then all you need
to do is set up a ssh tunnel on the client with the following port-forwarding
-R <DISPLAY+SMBPORT_OFFSET>:<client name>:139
I have preset DISPLAY_BASE=2000 (to avoid Fedora port conflicts with
nasd on port 8000) and SMBPORT_OFFSET=8000. So if you have just one
nx connection, the tunnel you need to set up will be:
-R 13001:<clientname>:139
Note that in all cases you access the remote client cups printer
itself from the server using port DISPLAY+9000. In most simple cases,
this will be port 11001.
(-h localhost:11001 from the command line or http://localhost:11001 from the
CUPS web browser)
Note that my patches to nxnode.conf set up ports and permissions to
enable use of the cups web browser.
Jeffrey J. Kosowsky wrote at about 17:13:37 -0500 on Sunday, December 30, 2007:
> As noted in several of my earlier messages, for various reasons
> printer sharing and file sharing won't work properly out of the box,
> in particular on Fedora though many of the bugs are probably common to
> all distros. In addition, multimedia breaks on Fedora due to port
> conflicts with nasd. Also, even after basic bug fixes, it still is not
> possible to get file and printer sharing working simultaneously
> without applying various kluges.
>
> So, here are my cumulative patches that gets all the above to work
> nicely in Fedora and should also be of help to other distros.
>
> I have tried to document the patches with my initials (JJK) and
> comments to help explain what & why I am doing.
>
> Enjoy,
> Jeff
>
> ----------------------------------------------------------------------
>
> diff -ruw nx/nxloadconfig nx.new/nxloadconfig
> --- nx/nxloadconfig 2007-12-30 16:34:04.000000000 -0500
> +++ nx.new/nxloadconfig 2007-12-30 16:33:58.000000000 -0500
> @@ -101,11 +101,28 @@
>
> # Restriction directives
>
> -DISPLAY_BASE=1000
> +#JJK: DISPLAY_BASE=1000
> +#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
> +DISPLAY_BASE=2000
> SESSION_LIMIT=200
> SESSION_USER_LIMIT="" #Calculated
> DISPLAY_LIMIT=200
>
> +#JJK: Added the following to allow printing when using cifs mount
> +#JJK: Note the smb print port (#139) must then be tunnelled manually
> +#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
> +#JJK: by running on the client:
> +#JJK: ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
> +#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
> +#JJK 'cifs' or in most cases 'both') then the ssh tunnel is automatically
> +#JJK: set up from port <DISPLAY+3000> on the server to port 139
> +#JJK: on the remote client.
> +#JJK: Note in *all* cases, the cups printer on the client is accessed from
> +#JJK: the server via the command line, using the following -h flag:
> +#JJK: -h localhost:<DISPLAY+9000> [-P <printer name>]
> +#JJK: or via the CUPS web browser using:
> +#JJK: http://localhost:<DISPLAY+9000>
> +SMBPORT_OFFSET=8000
> ENABLE_PERSISTENT_SESSION="all"
> DISABLE_PERSISTENT_SESSION=""
>
> @@ -154,7 +171,11 @@
> ENABLE_CUPS_SEAMLESS="0"
> CUPS_SEAMLESS_DELAY="10"
> ENABLE_FOOMATIC="1"
> -COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
> +#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
> +COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile"
> +
> +#JJK: added the following path referenced in nxprint
> +PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
>
> CUPS_BACKEND="/usr/lib/cups/backend"
> CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
> @@ -171,7 +192,8 @@
> DEFAULT_X_WM=""
> KILL_DEFAULT_X_WM="1"
> USER_X_STARTUP_SCRIPT=.Xclients
> -DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
> +#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
> +DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
> COMMAND_START_KDE=startkde
> COMMAND_START_GNOME=gnome-session
> COMMAND_START_CDE=cdwm
> diff -ruw nx/nxnode nx.new/nxnode
> --- nx/nxnode 2007-12-30 16:34:04.000000000 -0500
> +++ nx.new/nxnode 2007-12-30 16:33:58.000000000 -0500
> @@ -20,6 +20,20 @@
> # Read the config file
> . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
>
> +#JJK: Added following 'if' stanza as a kluge since the following variables
> +#JJK: need to be set in cmd_node_smbmount node_umount_smb
> +#JJK: but they are currently set only in startsession which is called
> +#JJK: separately from nxserver via ssh so environment variables
> +#JJK: aren't preserved.
> +if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \
> + ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
> + `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
> + ]] > /dev/null 2>&1; then
> + COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
> + COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
> + SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
> +fi
> +
> #
> # -----------------------------------------------------------------------------
> # Startup of nxnode
> @@ -593,11 +607,27 @@
> touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
>
> mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
> + mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
> +
> +#JJK: Modifications to cupsd.conf
> +#JJK: - Added SystemGroup line in order to add $USER to SystemGroup
> +#JJK: - Moved all the log files to log/<log>
> +#JJK: - Set AccessLog to: log/access_log (was /dev/null)
> +#JJK: - Added listening on $NODE_CUPSD_PORT
> +#JJK: Listen localhost: $NODE_CUPSD_PORT
> +#JJK: - Removed following line because directive is specific to Debian
> +#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
> +#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf
> +#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified
> +#JJK: to allow Add, Delete, and Default printer without (password)
> +#JJK: authentication
> +#JJK: - Note for more detailed logging set: LogLevel debug
>
> cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
> -AccessLog /dev/null
> -ErrorLog error_log
> -PageLog page_log
> +SystemGroup sys root $USER
> +AccessLog log/access_log
> +ErrorLog log/error_log
> +PageLog log/page_log
> LogLevel info
> TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
> RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
> @@ -605,19 +635,60 @@
> StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
> CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
>
> +Listen localhost:$NODE_CUPSD_PORT
> Listen $NODE_CUPSD_SOCKET
> Browsing Off
> ServerName localhost
> -PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
>
> +#JJK: Restrict access to the server...
> <Location />
> Order Deny,Allow
> Deny From All
> Allow from 127.0.0.1
> </Location>
>
> +#JJK: Restrict access to the admin pages...
> +<Location /admin>
> + Encryption Required
> + Order allow,deny
> + Allow localhost
> +</Location>
> +
> +#JJK: Restrict access to configuration files...
> +<Location /admin/conf>
> + AuthType Basic
> + Require user @SYSTEM
> + Order allow,deny
> + Allow localhost
> +</Location>
> +
> # Allow everything for anonymous, because we are protected through UNIX socket
> +#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
> <Policy default>
> + #JJK: Job-related operations must be done by the owner or an adminstrator...
> + <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
> + Require user @OWNER @SYSTEM
> + Order deny,allow
> + </Limit>
> +
> + #JJK:All administration operations require an adminstrator to authenticate...
> + <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
> + AuthType Basic
> + Require user @SYSTEM
> + Order deny,allow
> + </Limit>
> +
> + #JJK: Except need to allow these for nxnode to work
> + <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
> + Order deny,allow
> + </Limit>
> +
> + # Only the owner or an administrator can cancel or authenticate a job...
> + <Limit Cancel-Job CUPS-Authenticate-Job>
> + Require user @OWNER @SYSTEM
> + Order deny,allow
> + </Limit>
> +
> <Limit All>
> AuthType None
> Order deny,allow
> @@ -629,9 +700,17 @@
>
> # copy mime.* files
> cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
> + #JJK: Also copy over pstoraster.convs
> + cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
>
> # start cupsd
> - $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
> +#JJK: Note the directive PidFile in the original cupsd.conf intended for
> +#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
> +#JJK: form of cupsd and capture the pid directly
> +#JJK: $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
> + $COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
> + NODE_CUPSD_PID=$!
> + echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
>
> # setup KDE
> if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
> @@ -673,6 +752,7 @@
> cat "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" | while read mpoint
> do
> $COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null
> + rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
> done
> }
>
> @@ -1084,6 +1164,7 @@
>
> COMMAND_SMBMOUNT=/bin/true
> COMMAND_SMBUMOUNT=/bin/true
> + smbport=139 #JJK: still may want to do printer sharing...
> else # smbfs
> smbport=139
> fi
> @@ -1303,7 +1384,8 @@
> password=$(getparam password)
> share=$(getparam share)
> computername=$(getparam computername)
> - dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
> +#JJK: dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
> + dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g')
> # rdir=$(getparam dir | sed 's|$(SHARES)/||g')
> display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}')
> mkdir -p "$HOME/$dir"
> @@ -1322,6 +1404,7 @@
> echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
> else
> $PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
> + rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
> fi
> }
>
> @@ -1344,6 +1427,12 @@
> # this will also setup the userspace cupsd
> export CUPS_SERVER=$(node_cupsd_get_socket)
>
> +#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
> +#JJK: since smb printing won't work when forwarded over port 445
> + if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
> + let port=$port+$SMBPORT_OFFSET
> + fi
> +
> if [ "$type" = "smb" ]
> then
> DEVICE_URI="smb://$username:$password@127.0.0.1:$port/$share"
> @@ -1357,6 +1446,9 @@
>
> if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
> then
> + #JJK: Export the following variables for use by nxdialog/nxprint
> + #JJK: Note they are also exported in nxdialog but doesn't help there
> + export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
> MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
> [ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
> else
> @@ -1364,7 +1456,11 @@
> MODEL="download_cached"
> fi
>
> - PUBLIC="-u allow:$USER"
> +#JJK: I like to also allow 'guest' so you can do things like print
> +#JJK: testpages from the CUPS web interface. Note this is required
> +#JJK: even for the original user to print test pages
> +#JJK: PUBLIC="-u allow:$USER"
> + PUBLIC="-u allow:$USER,guest"
> [ "$public" == "1" ] && PUBLIC=""
>
> if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
> diff -ruw nx/nxprint nx.new/nxprint
> --- nx/nxprint 2007-12-30 16:34:04.000000000 -0500
> +++ nx.new/nxprint 2007-12-30 16:33:58.000000000 -0500
> @@ -51,7 +51,8 @@
> if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
> then
> {
> - cd /usr/share/ppd/
> +#JJK: cd /usr/share/ppd/
> + cd $PPD_DIR
> awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
> /\*NickName:/ { b[FILENAME]=$2 }
> END {
More information about the FreeNX-kNX
mailing list