[FreeNX-kNX] Cumulative patches against 0.7.1
Jeffrey J. Kosowsky
berlios at kosowsky.org
Mon Dec 31 18:46:57 UTC 2007
Here is a slightly updated patch set that fixes a couple of the
variables in nxloadconfig to work better with Fedora (and probably
also some other distros)
--------------------------------------------------------------------------
diff -ruw nx/nxloadconfig nx.new/nxloadconfig
--- nx/nxloadconfig 2007-12-31 13:08:22.000000000 -0500
+++ nx.new/nxloadconfig 2007-12-31 13:31:26.000000000 -0500
@@ -101,11 +101,28 @@
# Restriction directives
-DISPLAY_BASE=1000
+#JJK: DISPLAY_BASE=1000
+#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
+DISPLAY_BASE=2000
SESSION_LIMIT=200
SESSION_USER_LIMIT="" #Calculated
DISPLAY_LIMIT=200
+#JJK: Added the following to allow printing when using cifs mount
+#JJK: Note the smb print port (#139) must then be tunnelled manually
+#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
+#JJK: by running on the client:
+#JJK: ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
+#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
+#JJK 'cifs' or in most cases 'both') then the ssh tunnel is automatically
+#JJK: set up from port <DISPLAY+3000> on the server to port 139
+#JJK: on the remote client.
+#JJK: Note in *all* cases, the cups printer on the client is accessed from
+#JJK: the server via the command line, using the following -h flag:
+#JJK: -h localhost:<DISPLAY+9000> [-P <printer name>]
+#JJK: or via the CUPS web browser using:
+#JJK: http://localhost:<DISPLAY+9000>
+SMBPORT_OFFSET=8000
ENABLE_PERSISTENT_SESSION="all"
DISABLE_PERSISTENT_SESSION=""
@@ -154,7 +171,11 @@
ENABLE_CUPS_SEAMLESS="0"
CUPS_SEAMLESS_DELAY="10"
ENABLE_FOOMATIC="1"
-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+COMMAND_FOOMATIC="foomatic-ppdfile"
+
+#JJK: added the following path referenced in nxprint
+PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
CUPS_BACKEND="/usr/lib/cups/backend"
CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
@@ -171,12 +192,14 @@
DEFAULT_X_WM=""
KILL_DEFAULT_X_WM="1"
USER_X_STARTUP_SCRIPT=.Xclients
-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
COMMAND_START_KDE=startkde
COMMAND_START_GNOME=gnome-session
COMMAND_START_CDE=cdwm
COMMAND_XTERM=xterm
-COMMAND_XAUTH=/usr/X11R6/bin/xauth
+#JJK: COMMAND_XAUTH=/usr/X11R6/bin/xauth
+COMMAND_XAUTH=xauth
COMMAND_SMBMOUNT=smbmount
COMMAND_SMBUMOUNT=smbumount
COMMAND_SMBMOUNT_CIFS=/sbin/mount.cifs
@@ -189,7 +212,8 @@
COMMAND_PERL=perl
COMMAND_RDESKTOP="rdesktop"
COMMAND_VNCVIEWER="vncviewer"
-COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd"
+#JJK: COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd"
+COMMAND_VNCPASSWD="vncpasswd"
COMMAND_X11VNC="x11vnc"
# Misc directives
@@ -297,7 +321,8 @@
[ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB
[ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
[ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
+#JJK: [ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so.2:$APPLICATION_LIBRARY_PATH/libXcompext.so.2:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
if [ -z "$ENABLE_2_0_0_BACKEND" ]
then
ENABLE_2_0_0_BACKEND="1"
diff -ruw nx/nxnode nx.new/nxnode
--- nx/nxnode 2007-12-31 13:08:22.000000000 -0500
+++ nx.new/nxnode 2007-12-31 13:31:26.000000000 -0500
@@ -20,6 +20,20 @@
# Read the config file
. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
+#JJK: Added following 'if' stanza as a kluge since the following variables
+#JJK: need to be set in cmd_node_smbmount node_umount_smb
+#JJK: but they are currently set only in startsession which is called
+#JJK: separately from nxserver via ssh so environment variables
+#JJK: aren't preserved.
+if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \
+ ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
+ `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
+ ]] > /dev/null 2>&1; then
+ COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
+ COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
+ SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
+fi
+
#
# -----------------------------------------------------------------------------
# Startup of nxnode
@@ -593,11 +607,27 @@
touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
+ mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
+
+#JJK: Modifications to cupsd.conf
+#JJK: - Added SystemGroup line in order to add $USER to SystemGroup
+#JJK: - Moved all the log files to log/<log>
+#JJK: - Set AccessLog to: log/access_log (was /dev/null)
+#JJK: - Added listening on $NODE_CUPSD_PORT
+#JJK: Listen localhost: $NODE_CUPSD_PORT
+#JJK: - Removed following line because directive is specific to Debian
+#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
+#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf
+#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified
+#JJK: to allow Add, Delete, and Default printer without (password)
+#JJK: authentication
+#JJK: - Note for more detailed logging set: LogLevel debug
cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
-AccessLog /dev/null
-ErrorLog error_log
-PageLog page_log
+SystemGroup sys root $USER
+AccessLog log/access_log
+ErrorLog log/error_log
+PageLog log/page_log
LogLevel info
TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
@@ -605,19 +635,60 @@
StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
+Listen localhost:$NODE_CUPSD_PORT
Listen $NODE_CUPSD_SOCKET
Browsing Off
ServerName localhost
-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
+#JJK: Restrict access to the server...
<Location />
Order Deny,Allow
Deny From All
Allow from 127.0.0.1
</Location>
+#JJK: Restrict access to the admin pages...
+<Location /admin>
+ Encryption Required
+ Order allow,deny
+ Allow localhost
+</Location>
+
+#JJK: Restrict access to configuration files...
+<Location /admin/conf>
+ AuthType Basic
+ Require user @SYSTEM
+ Order allow,deny
+ Allow localhost
+</Location>
+
# Allow everything for anonymous, because we are protected through UNIX socket
+#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
<Policy default>
+ #JJK: Job-related operations must be done by the owner or an adminstrator...
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ #JJK:All administration operations require an adminstrator to authenticate...
+ <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
+ AuthType Basic
+ Require user @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ #JJK: Except need to allow these for nxnode to work
+ <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
+ Order deny,allow
+ </Limit>
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+ <Limit Cancel-Job CUPS-Authenticate-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
<Limit All>
AuthType None
Order deny,allow
@@ -629,9 +700,17 @@
# copy mime.* files
cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
+ #JJK: Also copy over pstoraster.convs
+ cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
# start cupsd
- $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+#JJK: Note the directive PidFile in the original cupsd.conf intended for
+#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
+#JJK: form of cupsd and capture the pid directly
+#JJK: $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+ $COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
+ NODE_CUPSD_PID=$!
+ echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
# setup KDE
if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
@@ -673,6 +752,7 @@
cat "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" | while read mpoint
do
$COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null
+ rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
done
}
@@ -1084,6 +1164,7 @@
COMMAND_SMBMOUNT=/bin/true
COMMAND_SMBUMOUNT=/bin/true
+ smbport=139 #JJK: still may want to do printer sharing...
else # smbfs
smbport=139
fi
@@ -1303,7 +1384,8 @@
password=$(getparam password)
share=$(getparam share)
computername=$(getparam computername)
- dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+#JJK: dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+ dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g')
# rdir=$(getparam dir | sed 's|$(SHARES)/||g')
display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}')
mkdir -p "$HOME/$dir"
@@ -1322,6 +1404,7 @@
echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
else
$PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
+ rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
fi
}
@@ -1344,6 +1427,12 @@
# this will also setup the userspace cupsd
export CUPS_SERVER=$(node_cupsd_get_socket)
+#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
+#JJK: since smb printing won't work when forwarded over port 445
+ if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
+ let port=$port+$SMBPORT_OFFSET
+ fi
+
if [ "$type" = "smb" ]
then
DEVICE_URI="smb://$username:$password@127.0.0.1:$port/$share"
@@ -1357,6 +1446,9 @@
if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
then
+ #JJK: Export the following variables for use by nxdialog/nxprint
+ #JJK: Note they are also exported in nxdialog but doesn't help there
+ export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
[ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
else
@@ -1364,7 +1456,11 @@
MODEL="download_cached"
fi
- PUBLIC="-u allow:$USER"
+#JJK: I like to also allow 'guest' so you can do things like print
+#JJK: testpages from the CUPS web interface. Note this is required
+#JJK: even for the original user to print test pages
+#JJK: PUBLIC="-u allow:$USER"
+ PUBLIC="-u allow:$USER,guest"
[ "$public" == "1" ] && PUBLIC=""
if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
diff -ruw nx/nxprint nx.new/nxprint
--- nx/nxprint 2007-12-31 13:08:22.000000000 -0500
+++ nx.new/nxprint 2007-12-31 13:31:26.000000000 -0500
@@ -51,7 +51,8 @@
if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
then
{
- cd /usr/share/ppd/
+#JJK: cd /usr/share/ppd/
+ cd $PPD_DIR
awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
/\*NickName:/ { b[FILENAME]=$2 }
END {
More information about the FreeNX-kNX
mailing list