[FreeNX-kNX] nxserver creates new session every time when the username has the format <domain>+<username>

Hien The Nguy hien.the.nguy at ericsson.com
Mon Oct 18 13:28:27 UTC 2010


Hi.

I use samba + winbind to authentication against Active Directory. I set the windbind separator '+' in smb.conf so the user use this username format to login <domain>+<username>. The current code validation of the username under nxserver don't treat the '+' as character so each a user login the nxserver try to resume the session with that username but could not find the existing session and the result of that nxserver create new session. The nxserver at line 301 use egrep to find the user but the egrep require to an escape character to in order to try that charactor as a '+'.

line 307 and 394
if egrep -q "^userName=$1$" $i && egrep -q "^status=$2$" $i #&& grep -q "screeninfo=$3" $i
then
CMDLINE=$(session_get_cmdline $i)

I include this patch that I put under the nxserver as temporary fixed, I also file up bug id under berliso.de
http://developer.berlios.de/bugs/?func=detailbug&bug_id=17636&group_id=2978

I am using this version of freenx-server
Name        : freenx-server                Relocations: (not relocatable)
Version     : 0.7.3                             Vendor: Fedora Project
Release     : 18.fc12                       Build Date: Sun 14 Feb 2010 11:26:51 AM EST
Install Date: Sat 10 Apr 2010 10:22:54 AM EDT      Build Host: x86-07.phx2.fedoraproject.org
Group       : Applications/Internet         Source RPM: freenx-server-0.7.3-18.fc12.src.rpm
Size        : 346434                           License: GPLv2
Signature   : RSA/8, Sun 14 Feb 2010 06:56:02 PM EST, Key ID 9d1cc34857bbccba
Packager    : Fedora Project
URL         : http://freenx.berlios.de/
Summary     : Free Software (GPL) Implementation of the NX Server
Description :
NX is an exciting new technology for remote display. It provides near
local speed application responsiveness over high latency, low
bandwidth links. The core libraries for NX are provided by NoMachine
under the GPL. FreeNX-server is a GPL implementation of the NX Server.


--8<----------cut-here------->8------------
--- nxserver.orig 2010-02-14 11:26:50.000000000 -0500
+++ nxserver 2010-10-17 22:34:24.371612856 -0400
@@ -47,6 +47,12 @@
return 0
}

+# Convert escape character '+' in the DOMAIN+user format when using Winbind/SAMBA ADS authentication
+convertUser(){
+ USERESC=$(echo $1 | sed s at +@\\\\+@)
+ echo $USERESC
+}
+
############### PACKAGE log.bm #######################
#
# Library of log functions (outsource)
@@ -301,7 +307,13 @@
do
[ -f $i ] || break
let SESSION_COUNT=$SESSION_COUNT+1
- if egrep -q "^userName=$1$" $i && egrep -q "^status=$2$" $i #&& grep -q "screeninfo=$3" $i
+
+# ADD by lmchtng - 2010-08-31 : add escape character to the '+' when username has the form of DOMAIN+username
+ arg1="$(convertUser $1)"
+ if egrep -q "^userName=$arg1$" $i && egrep -q "^status=$2$" $i #&& grep -q "screeninfo=$3" $i
+# END ADD
+# ORIGINAL CODE
+# if egrep -q "^userName=$1$" $i && egrep -q "^status=$2$" $i #&& grep -q "screeninfo=$3" $i
then
CMDLINE=$(session_get_cmdline $i)

@@ -357,6 +369,9 @@
printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$(getparam display)" "$(getparam type)" "$(getparam sessionId)" "$optio
ns" "$depth" "$geom" "$available" "$(getparam sessionName)" >> $TMPFILE
fi
fi
+# ADD by hien.the.nguy at gmail.com - 2010-08-31
+# egrep -q "^userName=$arg1$" $i && let SESSION_COUNT_USER=$SESSION_COUNT_USER+1
+# ORIGINAL CODE
egrep -q "^userName=$1$" $i && let SESSION_COUNT_USER=$SESSION_COUNT_USER+1
done

@@ -394,7 +409,10 @@
for i in $NX_SESS_DIR/running/*
do
[ -f $i ] || break
- if egrep -q "^userName=$1$" $i
+# arg1=$(echo $1 | sed s at +@\\\\+@)
+ arg1="$(convertUser $1)"
+ if egrep -q "^userName=$arg1$" $i
+# if egrep -q "^userName=$1$" $i
then
CMDLINE=$(session_get_cmdline $i)
echo -e "$(getparam host)\t$(getparam display)\t$(getparam userName)\t$(getparam foreignAddress)\t$(getparam sessionId)"
@@ -905,7 +923,11 @@

echo_x "NX> 103 Welcome to: $SERVER_NAME user: $USER"

+# ADD by lmchtng - 2010-08-31 : add escape character to the '+' when username has the form of DOMAIN+username
+#arg1=$(echo $USER | sed s at +@\\\\+@)
+#USER="$arg1"
# Add the slave mode shutdown trap (just in case)
+
[ -n "$NXNODE_LOGIN_SLAVE" ] && trap nxnode_login_stop_slave EXIT

# remove old session infos from history
@@ -996,8 +1018,8 @@
server_nxnode_echo()
{
log 6 "server_nxnode_echo: $@"
- [ "$SERVER_CHANNEL" = "1" ] && echo "$@"
- [ "$SERVER_CHANNEL" = "2" ] && echo "$@" >&2
+ [ "$SERVER_CHANNEL" = "1" ] && /bin/echo "$@"
+ [ "$SERVER_CHANNEL" = "2" ] && /bin/echo "$@" >&2
}

server_nxnode_exit_func()

--8<----------cut-here------->8------------


Hien The Nguy
Ericsson Canada - EMC
8400 Decarie
H4P 2N2, Montreal, Canada
Office: + 1 514 345 7900 ext. 42564
ECN:  81042564
Mobile: +1 514 290 9755
Email: Hien.The.Nguy at ericsson.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20101018/21254104/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nxserver-patch-01
Type: application/octet-stream
Size: 2607 bytes
Desc: nxserver-patch-01
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20101018/21254104/attachment.obj>


More information about the FreeNX-kNX mailing list