[FreeNX-kNX] Cumulative patches against 0.7.1

Jeffrey J. Kosowsky berlios at kosowsky.org
Mon Dec 31 18:46:57 UTC 2007


Here is a slightly updated patch set that fixes a couple of the
variables in nxloadconfig to work better with Fedora (and probably
also some other distros)

--------------------------------------------------------------------------

diff -ruw nx/nxloadconfig nx.new/nxloadconfig
--- nx/nxloadconfig	2007-12-31 13:08:22.000000000 -0500
+++ nx.new/nxloadconfig	2007-12-31 13:31:26.000000000 -0500
@@ -101,11 +101,28 @@
 
 # Restriction directives
 
-DISPLAY_BASE=1000
+#JJK: DISPLAY_BASE=1000
+#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
+DISPLAY_BASE=2000
 SESSION_LIMIT=200
 SESSION_USER_LIMIT="" #Calculated
 DISPLAY_LIMIT=200
 
+#JJK: Added the following to allow printing when using cifs mount
+#JJK: Note the smb print port (#139) must then be tunnelled manually
+#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
+#JJK: by running on the client: 
+#JJK:   ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
+#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
+#JJK  'cifs' or in most cases 'both') then the ssh tunnel is automatically
+#JJK: set up from port <DISPLAY+3000> on the server to port 139 
+#JJK: on the remote client.
+#JJK: Note in *all* cases, the cups printer on the client is accessed from 
+#JJK: the server via the command line, using the following -h flag:
+#JJK:   -h localhost:<DISPLAY+9000> [-P <printer name>]
+#JJK: or via the CUPS web browser using:
+#JJK:   http://localhost:<DISPLAY+9000>
+SMBPORT_OFFSET=8000
 ENABLE_PERSISTENT_SESSION="all"
 DISABLE_PERSISTENT_SESSION=""
 
@@ -154,7 +171,11 @@
 ENABLE_CUPS_SEAMLESS="0"
 CUPS_SEAMLESS_DELAY="10"
 ENABLE_FOOMATIC="1"
-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+COMMAND_FOOMATIC="foomatic-ppdfile"
+
+#JJK: added the following path referenced in nxprint
+PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
 
 CUPS_BACKEND="/usr/lib/cups/backend"
 CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
@@ -171,12 +192,14 @@
 DEFAULT_X_WM=""
 KILL_DEFAULT_X_WM="1"
 USER_X_STARTUP_SCRIPT=.Xclients
-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
 COMMAND_START_KDE=startkde
 COMMAND_START_GNOME=gnome-session
 COMMAND_START_CDE=cdwm
 COMMAND_XTERM=xterm
-COMMAND_XAUTH=/usr/X11R6/bin/xauth
+#JJK: COMMAND_XAUTH=/usr/X11R6/bin/xauth
+COMMAND_XAUTH=xauth
 COMMAND_SMBMOUNT=smbmount
 COMMAND_SMBUMOUNT=smbumount
 COMMAND_SMBMOUNT_CIFS=/sbin/mount.cifs
@@ -189,7 +212,8 @@
 COMMAND_PERL=perl
 COMMAND_RDESKTOP="rdesktop"
 COMMAND_VNCVIEWER="vncviewer"
-COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd"
+#JJK: COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd"
+COMMAND_VNCPASSWD="vncpasswd"
 COMMAND_X11VNC="x11vnc"
 
 # Misc directives
@@ -297,7 +321,8 @@
 [ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB
 [ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
 [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
+#JJK: [ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so.2:$APPLICATION_LIBRARY_PATH/libXcompext.so.2:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
 if [ -z "$ENABLE_2_0_0_BACKEND" ]
 then
 	ENABLE_2_0_0_BACKEND="1"
diff -ruw nx/nxnode nx.new/nxnode
--- nx/nxnode	2007-12-31 13:08:22.000000000 -0500
+++ nx.new/nxnode	2007-12-31 13:31:26.000000000 -0500
@@ -20,6 +20,20 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
 
+#JJK: Added	following 'if' stanza as a kluge since the following variables
+#JJK: need to be set in cmd_node_smbmount node_umount_smb 
+#JJK: but they are currently set only in startsession which is called 
+#JJK: separately from nxserver via ssh so environment variables 
+#JJK: aren't preserved.
+if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \
+	 ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
+	  `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
+			]] > /dev/null 2>&1; then
+	COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
+	COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
+	SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
+fi
+
 #
 # -----------------------------------------------------------------------------
 # Startup of nxnode
@@ -593,11 +607,27 @@
 	touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 	
 	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
+	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
+
+#JJK: Modifications to cupsd.conf
+#JJK:   - Added SystemGroup line in order to add $USER to SystemGroup
+#JJK:   - Moved all the log files to log/<log>
+#JJK:   - Set AccessLog to: log/access_log (was /dev/null)
+#JJK:   - Added listening on $NODE_CUPSD_PORT
+#JJK:	         Listen localhost: $NODE_CUPSD_PORT
+#JJK:   - Removed following line because directive is specific to Debian
+#JJK:       PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
+#JJK:   -  Access restrictions borrowed from /etc/cups/cupsd.conf
+#JJK:   -  Default policy borrowed from /etc/cups/cupsd.conf but modified
+#JJK:        to allow Add, Delete, and Default printer without (password)
+#JJK:        authentication
+#JJK:   - Note for more detailed logging set: LogLevel debug
 
 cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
-AccessLog /dev/null
-ErrorLog error_log
-PageLog page_log
+SystemGroup sys root $USER
+AccessLog log/access_log
+ErrorLog log/error_log
+PageLog log/page_log
 LogLevel info
 TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
 RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
@@ -605,19 +635,60 @@
 StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
 CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
 
+Listen localhost:$NODE_CUPSD_PORT
 Listen $NODE_CUPSD_SOCKET
 Browsing Off
 ServerName localhost
-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
 
+#JJK:  Restrict access to the server...
 <Location />
 Order Deny,Allow
 Deny From All
 Allow from 127.0.0.1
 </Location>
 
+#JJK: Restrict access to the admin pages...
+<Location /admin>
+  Encryption Required
+  Order allow,deny
+  Allow localhost
+</Location>
+
+#JJK: Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Basic
+  Require user @SYSTEM
+  Order allow,deny
+  Allow localhost
+</Location>
+
 # Allow everything for anonymous, because we are protected through UNIX socket
+#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
 <Policy default>
+  #JJK: Job-related operations must be done by the owner or an adminstrator...
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK:All administration operations require an adminstrator to authenticate...
+  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Basic
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK: Except need to allow these for nxnode to work
+  <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
   <Limit All>
     AuthType None
     Order deny,allow
@@ -629,9 +700,17 @@
 
 	# copy mime.* files
 	cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
+	#JJK: Also copy over pstoraster.convs
+	cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
 
 	# start cupsd
-	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+#JJK: Note the directive PidFile in the original cupsd.conf intended for 
+#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
+#JJK: form of cupsd and capture the pid directly
+#JJK:	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+	$COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
+	NODE_CUPSD_PID=$!
+	echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 
 	# setup KDE
 	if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
@@ -673,6 +752,7 @@
 	cat "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" | while read mpoint
 	do
 		$COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null
+		rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
 	done
 }
 
@@ -1084,6 +1164,7 @@
 
 			COMMAND_SMBMOUNT=/bin/true
 			COMMAND_SMBUMOUNT=/bin/true
+			smbport=139    #JJK: still may want to do printer sharing...
 		else # smbfs
 			smbport=139
 		fi
@@ -1303,7 +1384,8 @@
 	password=$(getparam password)
 	share=$(getparam share)
 	computername=$(getparam computername)
-	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+#JJK:	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+	dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g')
 	# rdir=$(getparam dir | sed 's|$(SHARES)/||g')
 	display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') 
 	mkdir -p "$HOME/$dir"
@@ -1322,6 +1404,7 @@
 		echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
 	else
 		$PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
+		rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
 	fi
 }
 
@@ -1344,6 +1427,12 @@
 	# this will also setup the userspace cupsd
 	export CUPS_SERVER=$(node_cupsd_get_socket)
 	
+#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
+#JJK: since smb printing won't work when forwarded over port 445
+	if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
+		let port=$port+$SMBPORT_OFFSET
+	fi
+
 	if [ "$type" = "smb" ]
 	then
 		DEVICE_URI="smb://$username:$password@127.0.0.1:$port/$share"
@@ -1357,6 +1446,9 @@
 
 	if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
 	then
+        #JJK: Export the following variables for use by nxdialog/nxprint
+        #JJK: Note they are also exported in nxdialog but doesn't help there
+	    export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
 		MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
 		[ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
 	else
@@ -1364,7 +1456,11 @@
 		MODEL="download_cached"
 	fi
 	
-	PUBLIC="-u allow:$USER"
+#JJK: I like to also allow 'guest' so you can do things like print
+#JJK: testpages from the CUPS web interface. Note this is required
+#JJK: even for the original user to print test pages	
+#JJK:	PUBLIC="-u allow:$USER"
+	PUBLIC="-u allow:$USER,guest"	
 	[ "$public" == "1" ] && PUBLIC=""
 
 	if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
diff -ruw nx/nxprint nx.new/nxprint
--- nx/nxprint	2007-12-31 13:08:22.000000000 -0500
+++ nx.new/nxprint	2007-12-31 13:31:26.000000000 -0500
@@ -51,7 +51,8 @@
 	if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
 	then
 		{ 
-		cd /usr/share/ppd/
+#JJK:		cd /usr/share/ppd/
+		cd $PPD_DIR
 		awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
 			    /\*NickName:/ { b[FILENAME]=$2 } 
 			    END { 



More information about the FreeNX-kNX mailing list