Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:please_try_again
FreeNX
freenx-server-0.7.3-nxnode.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File freenx-server-0.7.3-nxnode.patch of Package FreeNX
--- ./freenx-server-0.7.3/nxnode.orig 2012-07-05 03:04:06.882344458 -0700 +++ ./freenx-server-0.7.3/nxnode 2012-07-05 05:16:48.637750589 -0700 @@ -19,6 +19,16 @@ # Read the config file . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf +#JJK: Added following 'if' stanza as a kluge since the following variables +#JJK: need to be set in cmd_node_smbmount node_umount_smb but they are +#JJK: currently set only in startsession which is called separately from +#JJK: nxserver via ssh so environment variables aren't preserved. +if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \ + `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) ]] > /dev/null 2>&1; then + COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS + COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS + SAMBA_MOUNT_SHARE_PROTOCOL="cifs" +fi # # ----------------------------------------------------------------------------- @@ -260,6 +270,8 @@ . /etc/profile [ "$ENABLE_SOURCE_BASH_PROFILE" = "1" -a -f ~/.bash_profile ] && . ~/.bash_profile + [ "$ENABLE_SOURCE_BASH_PROFILE" = "1" -a -f ~/.bash_login ] && . ~/.bash_login + [ "$ENABLE_SOURCE_BASH_PROFILE" = "1" -a -f ~/.profile ] && . ~/.profile mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/pids/apps/" @@ -620,11 +632,26 @@ touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache" + mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK: cups log file home + +#JJK: Modifications to cupsd.conf +#JJK: - Added SystemGroup line in order to add $USER to SystemGroup +#JJK: - Moved all the log files to log/<log> +#JJK: - Set AccessLog to: log/access_log (was /dev/null) +#JJK: - Added listening on $NODE_CUPSD_PORT +#JJK: Listen localhost: $NODE_CUPSD_PORT +#JJK: - Removed following line because directive is specific to Debian +#JJK: PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd +#JJK: - Access restrictions borrowed from /etc/cups/cupsd.conf +#JJK: - Default policy borrowed from /etc/cups/cupsd.conf but modified to +#JJK: allow Add, Delete, and Default printer without (password) authentication +#JJK: - Note for more detailed logging set: LogLevel debug cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf -AccessLog /dev/null -ErrorLog error_log -PageLog page_log +SystemGroup sys root $USER +AccessLog log/access_log +ErrorLog log/error_log +PageLog log/page_log LogLevel info TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool @@ -632,19 +659,61 @@ StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/ CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache +Listen localhost:$NODE_CUPSD_PORT Listen $NODE_CUPSD_SOCKET Browsing Off ServerName localhost PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd +#JJK: Restrict access to the server... <Location /> Order Deny,Allow Deny From All Allow from 127.0.0.1 </Location> +#JJK: Restrict access to the admin pages... +<Location /admin> + Encryption Required + Order allow,deny + Allow localhost +</Location> + +#JJK: Restrict access to configuration files... +<Location /admin/conf> + AuthType Basic + Require user @SYSTEM + Order allow,deny + Allow localhost +</Location> + # Allow everything for anonymous, because we are protected through UNIX socket +#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection <Policy default> + #JJK: Job-related operations must be done by the owner or an adminstrator... + <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> + + #JJK:All administration operations require an adminstrator to authenticate... + <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs> + AuthType Basic + Require user @SYSTEM + Order deny,allow + </Limit> + + #JJK: Except need to allow these for nxnode to work + <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default> + Order deny,allow + </Limit> + + # Only the owner or an administrator can cancel or authenticate a job... + <Limit Cancel-Job CUPS-Authenticate-Job> + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> + <Limit All> AuthType None Order deny,allow @@ -654,11 +723,17 @@ touch "$USER_FAKE_HOME/.nx/C-$sess_id/cups/printers.conf" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/classes.conf" - # copy mime.* files - cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" + # copy mime.* files and pstoraster.convs + cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/" # start cupsd - $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null +#JJK: Note the directive PidFile in the original cupsd.conf intended for +#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon +#JJK: form of cupsd and capture the pid directly +#JJK: $COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null + $COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null & + NODE_CUPSD_PID=$! + echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd" # setup KDE if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ] @@ -699,7 +774,16 @@ [ -e "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" ] || return cat "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" | while read mpoint do - $COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null + for i in `seq 1 15` ; do + if [ "$(mount | grep "$mpoint" | wc -l)" -ne 0 ] ; then + $COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null + [ $? -ne 0 ] && $COMMAND_SMBUMOUNT -f "$mpoint" >/dev/null 2>/dev/null + else + break + fi + sleep 0.5s + done + rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty done } @@ -1030,6 +1114,7 @@ session=$(getparam session) type=$(getparam type | sed 's/%2d/-/g') application=$(getparam application) + windows_app=$(getparam application) cache=$(getparam cache) images=$(getparam images) cookie=$(getparam cookie) @@ -1078,6 +1163,8 @@ # Rootless fix from 2x nxserver 1.5.0 realtype=$type [ "$type" = "unix-application" -o "$type" = "unix-default" ] && realtype="unix-desktop" + [ "$type" = "unix-gnome" ] && realtype="gnome" + [ "$type" = "unix-kde" ] && realtype="kde" # NX 2.1.0 file-sharing port options client=$(getparam client) @@ -1116,6 +1203,7 @@ COMMAND_SMBMOUNT=/bin/true COMMAND_SMBUMOUNT=/bin/true + smbport=139 #JJK: still may want to do printer sharing... else # smbfs smbport=139 fi @@ -1132,6 +1220,8 @@ shadowdisplay=$(getparam shadowdisplay) shadowhost=$(getparam shadowhost) + # Authentication method needed by guest mode. + login_method=$(getparam login_method) sess_id="$SERVER_NAME-$display-$uniqueid" NXSESSION_DIRECTORY="$USER_FAKE_HOME/.nx/C-$sess_id" @@ -1143,7 +1233,7 @@ export agent_password export agent_server export agent_domain - export windows_app=$application + export windows_app agent_keyboard="" [ "$ENABLE_EXTERNAL_NXDESKTOP_KEYBOARD" = "1" ] && agent_keyboard=$(echo "$keyboard" | cut -d'/' -f2) export agent_keyboard @@ -1185,6 +1275,17 @@ [ -z "$userip" ] && userip="*" fi + # We need our own external IP + proxyip="$EXTERNAL_PROXY_IP" + + if [ -z "$proxyip" -a -n "$host" ] + then + [ "$host" = "127.0.0.1" ] && host=$(hostname) + proxyip=$(ping -c1 "$host" | grep 'PING' | cut -d'(' -f2 | cut -d')' -f1) + fi + + [ -z "$proxyip" ] && proxyip="127.0.0.1" + # ok, lets make the session dir first: sess_id="$SERVER_NAME-$display-$uniqueid" @@ -1245,7 +1346,7 @@ umask 0077 cat << EOF > "$USER_FAKE_HOME/.nx/C-$sess_id/options" -${keyboard:+keyboard=$keyboard,}${kbtype:+kbtype=$kbtype,}${kbload:+kbload=$kbload,}${keymap:+keymap=$keymap,}${resize:+resize=$resize,}${CACHE}${IMAGES}${PACK}link=$link,nodelay=$nodelay,type=$realtype,cleanup=0,${ACCEPT}cookie=$proxy_cookie,id=$sess_id,samba=$samba,media=$media${sync:+,sync=$sync}${cups:+,cups=$cups}${keybd:+,keybd=$keybd}${aux:+,aux=$aux}${http:+,http=$http}${rdpcolors:+,rdpcolors=$rdpcolors}${rdpcache:+,rdpcache=$rdpcache}${fullscreen:+,fullscreen=1}${clipboard:+,clipboard=$clipboard}${menu:+,menu=$menu}:$display +nx/nx,${keyboard:+keyboard=$keyboard,}${kbtype:+kbtype=$kbtype,}${kbload:+kbload=$kbload,}${keymap:+keymap=$keymap,}${geometry:+geometry=$geometry,}${client:+client=$client,}${resize:+resize=$resize,}${CACHE}${IMAGES}${PACK}link=$link,nodelay=$nodelay,type=$realtype${clipboard:+,clipboard=$clipboard}${composite:+composite=$composite},cleanup=0,product=LFE/None/LFEN/None,shmem=1,${backingstore:+backingstore=$backingstore,}shpix=1,${ACCEPT}cookie=$proxy_cookie,id=$sess_id,samba=$samba,media=$media${sync:+,sync=$sync}${cups:+,cups=$cups}${keybd:+,keybd=$keybd}${aux:+,aux=$aux}${http:+,http=$http}${rdpcolors:+,rdpcolors=$rdpcolors}${rdpcache:+,rdpcache=$rdpcache}${fullscreen:+,fullscreen=1}${menu:+,menu=$menu}:$display EOF umask $OLD_UMASK #samba=$samba, @@ -1316,7 +1417,7 @@ NX> 705 Session display: $display NX> 703 Session type: $type NX> 701 Proxy cookie: $proxy_cookie -NX> 702 Proxy IP: $userip +NX> 702 Proxy IP: $proxyip NX> 706 Agent cookie: $cookie NX> 704 Session cache: $type NX> 707 SSL tunneling: $ssl_tunnel @@ -1373,7 +1474,8 @@ password=$(getparam password) share=$(getparam share) computername=$(getparam computername) - dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') +#JJK: dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g') + dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g') # rdir=$(getparam dir | sed 's|$(SHARES)/||g') display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') mkdir -p "$HOME/$dir" @@ -1393,6 +1495,7 @@ echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint" else $PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display & + rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty fi } @@ -1415,6 +1518,12 @@ # this will also setup the userspace cupsd export CUPS_SERVER=$(node_cupsd_get_socket) +#JJK: The following if-stanza kludge added to enable printing when smbport=cifs +#JJK: since smb printing won't work when forwarded over port 445 + if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then + let port=$port+$SMBPORT_OFFSET + fi + if [ "$type" = "smb" ] then if [ -x "$CUPS_BACKEND/nxsmb" ] @@ -1443,6 +1552,9 @@ if [ "$ENABLE_CUPS_SEAMLESS" != "1" ] then + #JJK: Export the following variables for use by nxdialog/nxprint + #JJK: Note they are also exported in nxdialog but doesn't help there + export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display) [ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return else @@ -1450,7 +1562,11 @@ MODEL="download_cached" fi - PUBLIC="-u allow:$USER" +#JJK: I like to also allow 'guest' so you can do things like print +#JJK: testpages from the CUPS web interface. Note this is required +#JJK: even for the original user to print test pages +#JJK: PUBLIC="-u allow:$USER" + PUBLIC="-u allow:$USER,guest" [ "$public" == "1" ] && PUBLIC="" if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor