rpms/freenx-server/F-12 freenx-server-0.7.3-lp-fixes.patch, NONE, 1.1 freenx-server-r104-fixes.patch, NONE, 1.1 freenx-server-0.7.3-fixes.patch, 1.2, NONE

athimm athimm at fedoraproject.org
Mon Nov 23 11:13:02 UTC 2009 

Author: athimm

Update of /cvs/extras/rpms/freenx-server/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10469/F-12

Added Files:
	freenx-server-0.7.3-lp-fixes.patch 
	freenx-server-r104-fixes.patch 
Removed Files:
	freenx-server-0.7.3-fixes.patch 
Log Message:
Rebase to launchbpad codebase, also fix #540189, #539308, #523660, #515554

freenx-server-0.7.3-lp-fixes.patch:
 ChangeLog                                      |   17 ++
 Makefile                                       |   23 ++-
 data                                           |only
 init.d/freenx-server                           |   43 ++++--
 node.conf.sample                               |   12 +
 nx-session-launcher/README                     |    6 
 nx-session-launcher/freenx.session.policy      |only
 nx-session-launcher/nx-session-launcher        |  171 ++++++++++++++++++++++---
 nx-session-launcher/nx-session-launcher-suid.c |    6 
 nxdesktop_helper                               |    5 
 nxdialog                                       |    5 
 nxkeygen                                       |    7 -
 nxloadconfig                                   |   76 ++++++++---
 nxnode                                         |   81 ++++++++++-
 nxnode-login                                   |    3 
 nxredir/Makefile                               |   12 +
 nxserver                                       |  166 ++++++++++++++----------
 17 files changed, 496 insertions(+), 137 deletions(-)

--- NEW FILE freenx-server-0.7.3-lp-fixes.patch ---
diff -rud -x .bzr freenx-server-0.7.3/ChangeLog freenx-server.fixes/ChangeLog
--- freenx-server-0.7.3/ChangeLog	2008-08-22 02:44:43.000000000 +0200
+++ freenx-server.fixes/ChangeLog	2009-11-23 10:16:13.106350517 +0100
@@ -1,3 +1,20 @@
+xx.11.2008 FreeNX 0.7.4
+	* Opened the 0.7.4 development.
+	* Fixed missing export of NX_ETC_DIR in Makefile,
+	  so node.conf.sample is installed correctly.
+	  (fabianx at bat.berlios.de)
+	* Fixed broken round-robin load balance algorithm.
+	  (fabianx at bat.berlios.de)
+	* Fixed --terminate|--suspend|--force-terminate for
+	  load balancing case.
+	  (fabianx at bat.berlios.de)
+	* Fixed --terminate|--suspend|--force-terminate for
+	  usermode case.
+	  (fabianx at bat.berlios.de)
+	* Fixed non-encrypted session mode. You might need to
+	  set EXTERNAL_PROXY_IP in node.conf.
+	  (fabianx at bat.berlios.de)
+
 18.08.2008 FreeNX 0.7.3 "Priscilla One Year Edition"
 	* Opened the 0.7.3 development.
 	* Added logging of failed authentication attempts
Only in freenx-server.fixes: data
diff -rud -x .bzr freenx-server-0.7.3/init.d/freenx-server freenx-server.fixes/init.d/freenx-server
--- freenx-server-0.7.3/init.d/freenx-server	2008-03-02 11:29:52.000000000 +0100
+++ freenx-server.fixes/init.d/freenx-server	2009-11-23 10:16:13.100350348 +0100
@@ -1,28 +1,43 @@
 #!/bin/bash
-#
-# Sample startup script for FreeNX server
-#
-# Coypright (c) 2007 by Fabian Franz <freenx at fabian-franz.de>.
-#
-# License: GNU GPL, version 2
-#
-# SVN: $Id: freenx-server 485 2008-03-02 10:29:52Z fabianx $
-#
 
-# Read the config file
-. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --
+### BEGIN INIT INFO
+# Provides:          freenx_server
+# Required-Start:    sshd
+# Required-Stop:     sshd
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: FreeNX Server
+# Description:       Cleanup FreeNX Server session database at boot time
+### END INIT INFO
+
+PATH_BIN=/usr/lib/nx
 
 case "$1" in
 	start)
-		[ ! -d "/tmp/.X11-unix" ] && mkdir -m1755 /tmp/.X11-unix/
+		if [ ! -e "/var/run/freenx-server" ]; then
+			[ ! -d "/tmp/.X11-unix" ] && mkdir -m1755 /tmp/.X11-unix/
+			$PATH_BIN/nxserver --cleanup
+			$PATH_BIN/nxserver --start
+			touch "/var/run/freenx-server";
+		else
+			echo "Not starting freenx-server, it's already started."
+		fi
+	;;
+	restart|force-reload)
 		$PATH_BIN/nxserver --cleanup
 		$PATH_BIN/nxserver --start
+		touch "/var/run/freenx-server";
 	;;
 	stop)
 		$PATH_BIN/nxserver --stop
 		$PATH_BIN/nxserver --cleanup
-	;;	
+		rm -f /var/run/freenx-server
+	;;
+	status)
+		[ ! -e "/var/run/freenx-server" ] || exit 3
+		exit 0;
+	;;
 	*)
-		echo "Usage: $0 <start|stop>"
+		echo "Usage: $0 <start|restart|stop|force-reload|status>"
 	;;
 esac
diff -rud -x .bzr freenx-server-0.7.3/Makefile freenx-server.fixes/Makefile
--- freenx-server-0.7.3/Makefile	2008-08-18 04:16:25.000000000 +0200
+++ freenx-server.fixes/Makefile	2009-11-23 10:16:13.102350032 +0100
@@ -8,7 +8,7 @@
 all:
 	cd nxviewer-passwd && xmkmf && make Makefiles && make depend
 	source nxloadconfig &&\
-	export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION &&\
+	export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION NX_ETC_DIR &&\
 	for i in $(SUBDIRS) ; \
 	do\
 		echo "making" all "in $$i..."; \
@@ -35,14 +35,29 @@
 	#$(MAKE) suid_install
 
 clean:
-	make -C nxviewer-passwd clean
 	for i in $(SUBDIRS) ; \
 	do\
 		echo "making" clean "in $$i..."; \
-	        $(MAKE) -C $$i clean || exit 1;\
+		if test -e "$$i/Makefile"; \
+		then $(MAKE) -C $$i clean || exit 1;\
+		else echo ignoring $$i;\
+		fi;\
 	done
+	rm -f nxviewer-passwd/Makefile.back
+	rm -f nxviewer-passwd/Makefile
+	rm -f nxviewer-passwd/nxpasswd/Makefile
+	rm -f nxviewer-passwd/libvncauth/Makefile
 
 install:
 	source nxloadconfig &&\
-	export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION &&\
+	export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION NX_ETC_DIR &&\
 	$(MAKE) nxenv_install
+
+debian-tarball:
+	mkdir freenx-server
+	cp -r * freenx-server || echo 0
+	sed "s/NX_VERSION=3.2.0-74-SVN/NX_VERSION=3.2.0-74-TEAMBZR`bzr revno`/" nxloadconfig > freenx-server/nxloadconfig
+	rm -rf freenx-server/.bzr*
+	rm -rf freenx-server/freenx-server
+	[ -d ".bzr" ] && tar -czf ../freenx-server_0.7.3+teambzr`bzr revno`.orig.tar.gz freenx-server
+	rm -rf freenx-server
diff -rud -x .bzr freenx-server-0.7.3/node.conf.sample freenx-server.fixes/node.conf.sample
--- freenx-server-0.7.3/node.conf.sample	2008-08-22 02:44:43.000000000 +0200
+++ freenx-server.fixes/node.conf.sample	2009-11-23 10:16:13.102350032 +0100
@@ -37,7 +37,7 @@
 #
 #           https://mail.kde.org/mailman/listinfo/freenx-knx
 #
-# SVN: $Id: node.conf.sample 580 2008-08-22 00:44:43Z fabianx $
+# SVN: $Id: node.conf.sample 613 2008-09-01 20:42:31Z fabianx $
 
 #########################################################################
 # General FreeNX directives
@@ -47,6 +47,11 @@
 # different than the default hostname (as returned by `hostname`)
 #SERVER_NAME="$(hostname)"
 
+# The node ip which is used by NX Node in unecnrypted session mode.
+# Set it if you want to use a specific external ip or the autodetection
+# is not working.
+#EXTERNAL_PROXY_IP=""
+
 # The port number where local 'sshd' is listening.
 #SSHD_PORT=22
 
@@ -501,6 +506,11 @@
 #USER_X_STARTUP_SCRIPT=.Xclients
 #DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
 
+# When the session is started some distros execute some scripts to get the
+# environment ready. Set 1 if you want DEFAULT_X_SESSION to be called before
+# executing the session.
+#BOOTSTRAP_X_SESSION="0"
+
 # The key that contains the name of the script that starts a KDE session.
 # It's run when a 'unix-kde' session is requested by the client.
 #COMMAND_START_KDE=startkde
diff -rud -x .bzr freenx-server-0.7.3/nxdesktop_helper freenx-server.fixes/nxdesktop_helper
--- freenx-server-0.7.3/nxdesktop_helper	2008-08-06 00:52:30.000000000 +0200
+++ freenx-server.fixes/nxdesktop_helper	2009-11-23 10:16:13.099350087 +0100
@@ -37,8 +37,11 @@
 agent_password=$(url_decode "$agent_password")
 agent_password=$(url_decode "$agent_password")
 
+[ "$agent_domain" = "" ] || DOMAIN="-d $agent_domain"
+[ "$windows_app" = "$0" ] || [ "$windows_app" = "" ] || APPLICATION="-s \"$windows_app\""
+
 # setup commandline
-set -- -u "$agent_user" -k "$agent_keyboard" -d "$agent_domain" -f -s "$windows_app" $AGENT_EXTRA_OPTIONS_RDP "$agent_server"
+set -- -u "$agent_user" -k "$agent_keyboard" $APPLICATION $DOMAIN -f $AGENT_EXTRA_OPTIONS_RDP "$agent_server"
 
 if [ -n "$agent_password" ]
 then
diff -rud -x .bzr freenx-server-0.7.3/nxdialog freenx-server.fixes/nxdialog
--- freenx-server-0.7.3/nxdialog	2008-03-11 00:01:03.000000000 +0100
+++ freenx-server.fixes/nxdialog	2009-11-23 10:16:13.102350032 +0100
@@ -76,7 +76,10 @@
 # This is now fixed in NXClient 3.0.0, but still people sometimes use
 # older clients.
 
-NXCLIENT="/usr/NX/bin/nxclient"
+[ -x "/usr/bin/nxclient" ] && NXCLIENT="/usr/bin/nxclient"
+[ -x "/usr/NX/bin/nxclient" ] && NXCLIENT="/usr/NX/bin/nxclient"
+[ -z "$NXCLIENT" ] && NXCLIENT="/usr/NX/bin/nxclient"
+
 [ -x "$NXCLIENT" -a "$DIALOG_TYPE" != "printer" -a "$(file -bi $NXCLIENT)" != 'application/x-shellscript' ] \
 	&& exec ${NXCLIENT} "${PARAMS[@]}"
 
diff -rud -x .bzr freenx-server-0.7.3/nxkeygen freenx-server.fixes/nxkeygen
--- freenx-server-0.7.3/nxkeygen	2008-03-11 00:01:03.000000000 +0100
+++ freenx-server.fixes/nxkeygen	2009-11-23 10:16:13.099350087 +0100
@@ -18,7 +18,7 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --
 
-NX_KEY_DIR="$NX_HOME_DIR/.ssh"
+[ -z "$NX_KEY_DIR" ] && NX_KEY_DIR="$NX_HOME_DIR/.ssh"
 DATE="`date '+%Y%m%d-%H%M%S'`"
 NX_CLIENT_KEY="${NX_KEY_DIR}/client.id_dsa.key"
 NX_SERVER_KEY="${NX_KEY_DIR}/server.id_dsa.pub.key"
@@ -69,5 +69,10 @@
 	echo "on their computers."
 }
 
+if [ -f "${NX_SERVER_KEY}" -a -f "${NX_CLIENT_KEY}" -a ! -z "$NX_DONT_OVERRIDE" ]; then
+	echo "Not overriding the existing key"
+	exit
+fi
+
 main "$@"
 
diff -rud -x .bzr freenx-server-0.7.3/nxloadconfig freenx-server.fixes/nxloadconfig
--- freenx-server-0.7.3/nxloadconfig	2008-08-22 02:44:43.000000000 +0200
+++ freenx-server.fixes/nxloadconfig	2009-11-23 10:16:13.103349734 +0100
@@ -5,7 +5,7 @@
 #
 # License: GPL, version 2
 #
-# SVN: $Id: nxloadconfig 580 2008-08-22 00:44:43Z fabianx $
+# SVN: $Id: nxloadconfig 613 2008-09-01 20:42:31Z fabianx $
 #
 # ========================================================================
 
@@ -52,7 +52,7 @@
 # DO NOT TOUCH unless you REALLY know what you are doing
 #########################################################################
 
-NX_VERSION=3.2.0-73
+NX_VERSION=3.2.0-74-SVN
 NX_LICENSE="OS (GPL, using backend: %BACKEND%)"
 
 # Where can different nx components be found
@@ -85,7 +85,15 @@
 # General FreeNX directives
 
 SERVER_NAME="$(hostname)"
-SSHD_PORT=22
+EXTERNAL_PROXY_IP=""
+if [ -r "/etc/ssh/sshd_config" ]
+then
+	SSHD_PORT=$(grep "^ *Port " -m 1 /etc/ssh/sshd_config | awk '{ print $2 ;}')
+	[ -z $(echo "$SSHD_PORT" | egrep "^[1-9][0-9]{0,4}$") ] && SSHD_PORT=22
+else
+	SSHD_PORT=22
+fi
+
 
 # Authentication / Security directives
 
@@ -184,8 +192,14 @@
 
 DEFAULT_X_WM=""
 KILL_DEFAULT_X_WM="1"
+BOOTSTRAP_X_SESSION="0"
 USER_X_STARTUP_SCRIPT=.Xclients
 DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom"
+if [ ! -x "$COMMAND_GDM_X_SESSION" ]
+then
+	COMMAND_GDM_X_SESSION="/etc/X11/Xsession"
+fi
 COMMAND_START_KDE=startkde
 COMMAND_START_GNOME=gnome-session
 COMMAND_START_CDE=cdwm
@@ -207,6 +221,21 @@
 COMMAND_X11VNC="x11vnc"
 COMMAND_TASKSET="taskset"
 
+COMMAND_NXSHADOWACL="$PATH_BIN/nxshadowacl"
+COMMAND_NXACL="$PATH_BIN/nxacl"
+COMMAND_NXCHECKLOAD="$PATH_BIN/nxcheckload"
+COMMAND_NXAGENT="$PATH_BIN/nxagent"
+
+# Guest directives
+ENABLE_GUEST_LOGIN="0"
+COMMAND_GUEST_LOGIN="/usr/lib/nx/guest/nxnode"
+# Try to use protected enviroment for guest sessions
+COMMAND_GUEST_X_SESSION="/usr/share/gdm/guest-session/Xsession custom"
+if [ ! -x "/usr/share/gdm/guest-session/Xsession" ]
+then
+	COMMAND_GUEST_X_SESSION=$COMMAND_GDM_X_SESSION
+fi
+
 # Misc directives
 
 ENABLE_1_5_0_BACKEND=""
@@ -287,12 +316,25 @@
 	{ ! mywhich "$PATH_BIN/nxdesktop"; } >/dev/null 2>&1 && ENABLE_EXTERNAL_NXDESKTOP="1"
 	{ ! mywhich "$PATH_BIN/nxviewer"; } >/dev/null 2>&1 && ENABLE_EXTERNAL_NXVIEWER="1"
 	{ ! mywhich "$COMMAND_VNCPASSWD" && which vncpasswd; } >/dev/null 2>&1 && COMMAND_VNCPASSWD=$(which vncpasswd)
+	{ ! mywhich "$COMMAND_NXSHADOWACL" && test -f /etc/nxserver/nxshadowacl; } >/dev/null 2>&1 && COMMAND_NXSHADOWACL=/etc/nxserver/nxshadowacl
+	{ ! mywhich "$COMMAND_NXACL" && test -f /etc/nxserver/nxacl; } >/dev/null 2>&1 && COMMAND_NXACL=/etc/nxserver/nxacl
+	{ ! mywhich "$COMMAND_NXCHECKLOAD" && test -f /etc/nxserver/nxcheckload; } >/dev/null 2>&1 && COMMAND_NXCHECKLOAD=/etc/nxserver/nxcheckload
+	{ ! mywhich "$COMMAND_NXAGENT" && which nxagent; } >/dev/null 2>&1 && COMMAND_NXAGENT=$(which nxagent)
 fi
 
 #########################################################################
 # node.conf file evaluation
 #########################################################################
 
+SHARED_CONFS="/usr/share/freenx-server"
+if [ -d $SHARED_CONFS/node.conf.d ]
+then
+	for i in $SHARED_CONFS/node.conf.d/*
+	do
+		[ -e $i ] && . $i
+	done
+fi
+
 if [ -d $NX_ETC_DIR/node.conf.d ]
 then
 	for i in $NX_ETC_DIR/node.conf.d/*
@@ -317,7 +359,7 @@
 [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
 [ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
 
-NX_BACKEND_VERSION=$(strings $PATH_BIN/nxagent 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g')
+NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g')
 
 [ "$ENABLE_1_5_0_BACKEND" = "1" ] && NX_BACKEND_VERSION="1.5.0" # forced the backend
 
@@ -354,19 +396,19 @@
 		ERROR="yes" && echo "Error: Invalid value \"PATH_BIN=$PATH_BIN\""
 	# Check for NX agents ...
 	
-	[ ! -x "$PATH_BIN/nxagent" ] && \
+	[ ! -x "$COMMAND_NXAGENT" ] && \
 		ERROR="yes" && echo "Error: Could not find nxagent in $PATH_BIN. Please install some OSS components."
 	
-	if [ "ENABLE_EXTERNAL_NXDESKTOP" = "1" ]
+	if [ "$ENABLE_EXTERNAL_NXDESKTOP" = "1" ]
 	then
 		[ ! mywhich "$COMMAND_RDESKTOP" >/dev/null 2>&1 ] && \
 			WARNING="yes" && echo "Warning: Could not find COMMAND_RDESKTOP=$COMMAND_RDESKTOP. RDP sessions won't work."
 	else
 		[ ! -x "$PATH_BIN/nxdesktop" ] && \
-			WARNING="yes" && echo "Warning: Could not find nxdesktop in $PATH_BIN. RDP sessions won't work."
+			WARNING="yes" && echo "Warning: Could not find nxdesktop in $PATH_BIN. RDP sessions won't work. Ignore if you use NX > 3.2"
 	fi
 		
-	if [ "ENABLE_EXTERNAL_NXVIEWER" = "1" ]
+	if [ "$ENABLE_EXTERNAL_NXVIEWER" = "1" ]
 	then
 		[ ! mywhich "$COMMAND_VNCVIEWER" >/dev/null 2>&1 ] && \
 			WARNING="yes" && echo "Warning: Could not find COMMAND_VNCVIEWER=$COMMAND_VNCVIEWER. VNC sessions won't work."
@@ -374,7 +416,7 @@
 			WARNING="yes" && echo "Warning: Could not find COMMAND_VNCPASSWD=$COMMAND_VNCPASSWD. VNC sessions won't work."
 	else
 		[ ! -x "$PATH_BIN/nxviewer" ] && \
-			WARNING="yes" && echo "Warning: Could not find nxviewer in $PATH_BIN. VNC sessions won't work."
+			WARNING="yes" && echo "Warning: Could not find nxviewer in $PATH_BIN. VNC sessions won't work. Ignore if you use NX > 3.2"
 	fi
 	
 	[ ! mywhich "$COMMAND_X11VNC" >/dev/null 2>&1 ] && \
@@ -400,10 +442,12 @@
 	
 	OLD_IFS=$IFS
 	IFS=":"
-	for LIBRARY in $APPLICATION_LIBRARY_PRELOAD; do
-		[ ! -e $LIBRARY ] && \
-			WARNING="yes" && echo "Warning: Invalid value \"APPLICATION_LIBRARY_PRELOAD=$APPLICATION_LIBRARY_PRELOAD\". $LIBRARY could not be found. Users will not be able to run a single application in non-rootless mode." && break ;
-	done
+	if [ "$SET_LD_LIBRARY_PATH" = "1" ]; then
+		for LIBRARY in $APPLICATION_LIBRARY_PRELOAD; do
+			[ ! -e $LIBRARY ] && \
+				WARNING="yes" && echo "Warning: Invalid value \"APPLICATION_LIBRARY_PRELOAD=$APPLICATION_LIBRARY_PRELOAD\". $LIBRARY could not be found. Users will not be able to run a single application in non-rootless mode." && break ;
+		done
+	fi
 	IFS=$OLD_IFS
 	
 	[ -z "$SSH_AUTHORIZED_KEYS" ] && \
@@ -579,7 +623,7 @@
 					  && echo "         Users will not be able to enable printing."
 	[ -z "$(strings $COMMAND_CUPSD | egrep 'CUPS\/1.2')" ] && \
 		WARNING="yes" && echo "Warning: Invalid cupsd version of \"$COMMAND_CUPSD\". Need version 1.2." \
-					  && echo "         Users will not be able to enable printing."
+					  && echo "         Users will not be able to enable printing. Ignore if you use cups > 1.2"
 	! mywhich "$COMMAND_MD5SUM" >/dev/null 2>&1 && \
 		ERROR="yes" && echo "Error: Invalid value \"COMMAND_MD5SUM=$COMMAND_MD5SUM\""
 
@@ -606,8 +650,8 @@
 	[ -z $(echo "$ENABLE_ROOTLESS_MODE" | egrep "^[0|1]$") ] && \
 		ERROR="yes" && echo "Error: Invalid value \"ENABLE_ROOTLESS_MODE=$ENABLE_ROOTLESS_MODE\""
 
-	[ -z "$(strings $PATH_BIN/nxagent | egrep 'NXAGENT - Version 1.5.0|NXAGENT - Version 2.[01].0|NXAGENT - Version 3.[012].0')" ] && \
-		WARNING="yes" && echo "Error: Could not find 1.5.0 or 2.[01].0 or 3.[01].0 version string in nxagent. NX 1.5.0 or 2.[01].0 or 3.[012].0 backend is needed for this version of FreeNX."
+	[ -z "$(strings $COMMAND_NXAGENT | egrep 'NXAGENT - Version 1.5.0|NXAGENT - Version 2.[01].0|NXAGENT - Version 3.[0123].0')" ] && \
+		WARNING="yes" && echo "Error: Could not find 1.5.0 or 2.[01].0 or 3.[0123].0 version string in nxagent. NX 1.5.0 or 2.[01].0 or 3.[0123].0 backend is needed for this version of FreeNX."
 		
 	[ -z $(echo "$ENABLE_USESSION" | egrep "^[0|1]$") ] && \
 		ERROR="yes" && echo "Error: Invalid value \"ENABLE_USESSION=$ENABLE_USESSION\""
diff -rud -x .bzr freenx-server-0.7.3/nxnode freenx-server.fixes/nxnode
--- freenx-server-0.7.3/nxnode	2008-08-22 02:44:43.000000000 +0200
+++ freenx-server.fixes/nxnode	2009-11-23 10:16:13.104350274 +0100
@@ -13,7 +13,7 @@
 #
 # License: GNU GPL, version 2
 #
-# SVN: $Id: nxnode 580 2008-08-22 00:44:43Z fabianx $
+# SVN: $Id: nxnode 613 2008-09-01 20:42:31Z fabianx $
 #
 # 21.06.2004: - Full reconnection support
 
@@ -217,7 +217,11 @@
 		unix-cde)
 			NODE_STARTX=$COMMAND_START_CDE
 		;;
-		unix-application|windows-helper|vnc-helper)
+		windows-helper)
+			application="$PATH_BIN/nxdesktop_helper"
+			NODE_STARTX=$application
+		;;
+		unix-application|vnc-helper)
 			[ "$application" = "xterm" ] && application=$COMMAND_XTERM
 			NODE_STARTX=$application
 		;;
@@ -303,6 +307,7 @@
 	fi
 
 	[ "$cups" = "1" -a "$ENABLE_CUPS_SERVER_EXPORT" = "1" ] && export CUPS_SERVER="$USER_FAKE_HOME/.nx/C-$sess_id/cups/cups.sock"
+	[ "$samba" = "1" -a "$ENABLE_CUPS_SERVER_EXPORT" = "1" ] && [ -d "$USER_FAKE_HOME/.nx/C-$sess_id/cups" ] && export CUPS_SERVER="$USER_FAKE_HOME/.nx/C-$sess_id/cups/cups.sock"
 	
 	if [ "$ENABLE_SAMBA_PRELOAD" = "1" -a -x "$PATH_BIN/nxredir" ]
 	then
@@ -332,6 +337,33 @@
 	[ -d /etc/X11/Xresources ] && xrdb -display :$display -merge /etc/X11/Xresources/* >>"$USER_FAKE_HOME/.nx/C-$sess_id/session" 2>&1
 
 	#
+	# Use Xsession to execute the Desktop session
+	#
+
+	case $type in
+		unix-gnome)
+			export STARTUP="$NODE_APPLICATION"
+			if [ "$login_method" = "GUEST" ]
+			then
+				NODE_APPLICATION=$COMMAND_GUEST_X_SESSION
+			elif [ "$BOOTSTRAP_X_SESSION" = "1" ]
+			then
+				NODE_APPLICATION=$COMMAND_GDM_X_SESSION
+			fi
+		;;
+		unix-kde|unix-cde)
+			export STARTUP="$NODE_APPLICATION"
+			if [ "$login_method" = "GUEST" ]
+			then
+				NODE_APPLICATION=$COMMAND_GUEST_X_SESSION
+			elif [ "$BOOTSTRAP_X_SESSION" = "1" ]
+			then
+				NODE_APPLICATION=$DEFAULT_X_SESSION
+			fi
+		;;
+	esac
+
+	#
 	# Startup the application
 	#
 	
@@ -370,6 +402,12 @@
 node_agent_persistent_session()
 {
 	P="-nopersistent"
+	# Guest sessions are always nonpersistent
+	if [ "$login_method" = "GUEST" ]
+	then
+		echo "$P"
+		return
+	fi
 	OLD_IFS=$IFS
 	IFS=","
 	[ "$ENABLE_PERSISTENT_SESSION" = "all" ] && P="-persistent"
@@ -540,7 +578,8 @@
 		
 		# Start the agent
 		
-		PATH="$PATH_BIN:$PATH" $PATH_BIN/nxagent $P $R -name "NX - $user@$SERVER_NAME:$display - $session (GPL Edition)" -option "$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP $AGENT_EXTRA_OPTIONS_X :$display 2>&3 &
+		#PATH="$PATH_BIN:$PATH" $COMMAND_NXAGENT $P $R -name "NX - $user@$SERVER_NAME:$display - $session (GPL Edition)" -option "$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP $AGENT_EXTRA_OPTIONS_X :$display 2>&3 &
+		PATH="$PATH_BIN:$PATH" $COMMAND_NXAGENT $P $R -name "NX - $user@$SERVER_NAME:$display - $session (GPL Edition)" -option "$USER_FAKE_HOME/.nx/C-$sess_id/options" $B $FP $AGENT_EXTRA_OPTIONS_X :$display 2>&3 &
 	fi
 	
 	#
@@ -699,7 +738,15 @@
 	[ -e "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" ] || return
 	cat "$USER_FAKE_HOME/.nx/C-$sess_id/scripts/mpoint" | while read mpoint
 	do
-		$COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null
+		for i in `seq 1 15` ; do
+			if [ "$(mount | grep "$mpoint" | wc -l)" -ne 0 ] ; then
+				$COMMAND_SMBUMOUNT "$mpoint" >/dev/null 2>/dev/null
+				[ $? -ne 0 ] && $COMMAND_SMBUMOUNT -f "$mpoint" >/dev/null 2>/dev/null
+			else
+				break
+			fi
+			sleep 0.5s
+		done
 	done
 }
 
@@ -842,9 +889,9 @@
 		
 		if stringinstring "Session: Display failure detected at" "$line"
 		then
-			echo "NX> 596 Error: Session $1 failed. Reason was: $line"
 			if [ "$1" = "restore" ]
 			then
+				echo "NX> 596 Error: Session $1 failed. Reason was: $line"
 				kill $NODE_TAIL_PID
 				break
 			fi
@@ -1030,6 +1077,7 @@
 	session=$(getparam session)
 	type=$(getparam type | sed 's/%2d/-/g')
 	application=$(getparam application)
+	windows_app=$(getparam application)
 	cache=$(getparam cache)
 	images=$(getparam images)
 	cookie=$(getparam cookie)
@@ -1078,6 +1126,8 @@
 	# Rootless fix from 2x nxserver 1.5.0
 	realtype=$type
 	[ "$type" = "unix-application" -o "$type" = "unix-default" ] && realtype="unix-desktop"
+	[ "$type" = "unix-gnome" ] && realtype="gnome"
+	[ "$type" = "unix-kde" ] && realtype="kde"
 
 	# NX 2.1.0 file-sharing port options
 	client=$(getparam client)
@@ -1132,6 +1182,8 @@
 	shadowdisplay=$(getparam shadowdisplay)
 	shadowhost=$(getparam shadowhost)
 
+	# Authentication method needed by guest mode.
+	login_method=$(getparam login_method)
 	
 	sess_id="$SERVER_NAME-$display-$uniqueid"
 	NXSESSION_DIRECTORY="$USER_FAKE_HOME/.nx/C-$sess_id"
@@ -1143,7 +1195,7 @@
 		export agent_password
 		export agent_server
 		export agent_domain
-		export windows_app=$application
+		export windows_app
 		agent_keyboard=""
 		[ "$ENABLE_EXTERNAL_NXDESKTOP_KEYBOARD" = "1" ] && agent_keyboard=$(echo "$keyboard" | cut -d'/' -f2)
 		export agent_keyboard
@@ -1184,6 +1236,17 @@
 		[ -z "$userip" -a "$host" = "127.0.0.1" ] && userip="127.0.0.1"
 		[ -z "$userip" ] && userip="*"
 	fi
+
+	# We need our own external IP
+	proxyip="$EXTERNAL_PROXY_IP"
+
+	if [ -z "$proxyip" -a -n "$host" ]
+	then
+		[ "$host" = "127.0.0.1" ] && host=$(hostname)
+		proxyip=$(ping -c1 "$host" | grep 'PING' | cut -d'(' -f2 | cut -d')' -f1)
+	fi
+	
+	[ -z "$proxyip" ] && proxyip="127.0.0.1"
 	
 	# ok, lets make the session dir first:
 	
@@ -1245,7 +1308,7 @@
 	umask 0077
 
 cat << EOF > "$USER_FAKE_HOME/.nx/C-$sess_id/options"
-${keyboard:+keyboard=$keyboard,}${kbtype:+kbtype=$kbtype,}${kbload:+kbload=$kbload,}${keymap:+keymap=$keymap,}${resize:+resize=$resize,}${CACHE}${IMAGES}${PACK}link=$link,nodelay=$nodelay,type=$realtype,cleanup=0,${ACCEPT}cookie=$proxy_cookie,id=$sess_id,samba=$samba,media=$media${sync:+,sync=$sync}${cups:+,cups=$cups}${keybd:+,keybd=$keybd}${aux:+,aux=$aux}${http:+,http=$http}${rdpcolors:+,rdpcolors=$rdpcolors}${rdpcache:+,rdpcache=$rdpcache}${fullscreen:+,fullscreen=1}${clipboard:+,clipboard=$clipboard}${menu:+,menu=$menu}:$display
+nx/nx,${keyboard:+keyboard=$keyboard,}${kbtype:+kbtype=$kbtype,}${kbload:+kbload=$kbload,}${keymap:+keymap=$keymap,}${geometry:+geometry=$geometry,}${client:+client=$client,}${resize:+resize=$resize,}${CACHE}${IMAGES}${PACK}link=$link,nodelay=$nodelay,type=$realtype${clipboard:+,clipboard=$clipboard}${composite:+composite=$composite},cleanup=0,product=LFE/None/LFEN/None,shmem=1,${backingstore:+backingstore=$backingstore,}shpix=1,${ACCEPT}cookie=$proxy_cookie,id=$sess_id,samba=$samba,media=$media${sync:+,sync=$sync}${cups:+,cups=$cups}${keybd:+,keybd=$keybd}${aux:+,aux=$aux}${http:+,http=$http}${rdpcolors:+,rdpcolors=$rdpcolors}${rdpcache:+,rdpcache=$rdpcache}${fullscreen:+,fullscreen=1}${menu:+,menu=$menu}:$display
 EOF
 	umask $OLD_UMASK
 #samba=$samba,
@@ -1316,7 +1379,7 @@
 NX> 705 Session display: $display
 NX> 703 Session type: $type
 NX> 701 Proxy cookie: $proxy_cookie
-NX> 702 Proxy IP: $userip
+NX> 702 Proxy IP: $proxyip
 NX> 706 Agent cookie: $cookie
 NX> 704 Session cache: $type
 NX> 707 SSL tunneling: $ssl_tunnel
@@ -1509,7 +1572,7 @@
 		echo "NX> 716 Starting NX Agent ..."
 		shift
 		[ "$SET_LD_LIBRARY_PATH" = "1" ] && export LD_LIBRARY_PATH="$AGENT_LIBRARY_PATH:$LD_LIBRARY_PATH"
-		PATH="$PATH:$PATH_BIN" $PATH_BIN/nxagent -name "NX Agent Test - Args: $@" $@
+		PATH="$PATH:$PATH_BIN" $COMMAND_NXAGENT -name "NX Agent Test - Args: $@" $@
 		echo "NX> 716 NX Agent exited with status: $?"
 	;;
 	--setkey)
diff -rud -x .bzr freenx-server-0.7.3/nxnode-login freenx-server.fixes/nxnode-login
--- freenx-server-0.7.3/nxnode-login	2008-03-11 00:01:03.000000000 +0100
+++ freenx-server.fixes/nxnode-login	2009-11-23 10:16:13.105349977 +0100
@@ -61,7 +61,10 @@
 if { "$auth_method"=="ssh" } { 
 	set pid [spawn -noecho $command_ssh -2 -x -l "$user" "$host" -o "NumberOfPasswordPrompts 1" -p "$port" "$executable $command" ]
 } elseif { "$auth_method"=="su" } {
+        set env(LANG) "C"
 	set pid [spawn -noecho su - "$user" -c "$executable $command" ]
+} elseif { "$auth_method"=="guest" } {
+	set pid [spawn -noecho $executable $command ]
 } else {
 	exit 1
 }
diff -rud -x .bzr freenx-server-0.7.3/nxredir/Makefile freenx-server.fixes/nxredir/Makefile
--- freenx-server-0.7.3/nxredir/Makefile	2008-07-31 20:12:33.000000000 +0200
+++ freenx-server.fixes/nxredir/Makefile	2009-11-23 10:16:13.100350348 +0100
@@ -1,14 +1,16 @@
-all: libnxredir.so.0
+all: libnxredir.so
 
 CC=gcc
 CFLAGS=-g -O2 -Wall -fPIC
-LIBNAME=libnxredir.so.0
+LIBNAME=libnxredir.so
+VERSION=0
 
-libnxredir.so.0: nxredir.o
-	$(CC) -fPIC $(CFLAGS) -nostdlib -shared -o $(LIBNAME) nxredir.o -ldl -lc
+libnxredir.so: nxredir.o
+	$(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc
 
 clean:
 	rm -f $(LIBNAME)
+	rm -f $(LIBNAME).$(VERSION)
 	rm -f *.o
 
 ifneq ($(NX_VERSION),)
@@ -21,7 +23,7 @@
 	perl -pi -e "s,CUPS_BACKEND=.*,CUPS_BACKEND=\"$$CUPS_BACKEND\",g" $(DESTDIR)/$$CUPS_BACKEND/nxsmb
 else
 install: all
-	install -m755 libnxredir.so.0 $(DESTDIR)/usr/lib
+	install -m755 libnxredir.so $(DESTDIR)/usr/lib
 	install -m755 nxredir $(DESTDIR)/usr/bin
 	install -m755 nxsmb $(DESTDIR)/usr/lib/cups/backend/
 endif
diff -rud -x .bzr freenx-server-0.7.3/nxserver freenx-server.fixes/nxserver
--- freenx-server-0.7.3/nxserver	2008-08-22 02:44:43.000000000 +0200
+++ freenx-server.fixes/nxserver	2009-11-23 10:16:13.100350348 +0100
@@ -11,7 +11,7 @@
 #
 # License: GNU GPL, version 2
 #
-# SVN: $Id: nxserver 580 2008-08-22 00:44:43Z fabianx $
+# SVN: $Id: nxserver 612 2008-08-25 03:28:15Z fabianx $
 #
 
 # Read the config file
@@ -295,9 +295,9 @@
 				then 
 					[ -z "$(getparam shadowcookie)" ] && continue
 					
-					if [ -x "$PATH_BIN/nxshadowacl" ]
+					if [ -x "$COMMAND_NXSHADOWACL" ]
 					then
-						$PATH_BIN/nxshadowacl "$(getparam userName)" "$USER" || continue
+						$COMMAND_NXSHADOWACL "$(getparam userName)" "$USER" || continue
 					fi
 				fi
 			fi
@@ -334,7 +334,7 @@
 			elif [ "$4" = "shadow" ]
 			then
 				available=$(getparam status)
-				printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$(getparam display)" "$(getparam type)" "$(getparam sessionId)" "$options" "$depth" "$geom" "$available" "$(getparam sessionName) (Shadowed)" >> $TMPFILE
+				printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$(getparam display)" "$(getparam type)" "$(getparam sessionId)" "$options" "$depth" "$geom" "$available" "$(getparam sessionName) ($(getparam userName)) (Shadowed)" >> $TMPFILE
 			else
 				# only unix-* sessions can be resumed, but other session types can still be terminated
 				stringinstring "unix-" "$4" || available="N/A"
@@ -344,14 +344,14 @@
 		egrep -q "^userName=$1$" $i && let SESSION_COUNT_USER=$SESSION_COUNT_USER+1
 	done
 	
-	if [ "$4" = "vnc" -a "$ENABLE_DESKTOP_SHARING" = "1" ]
+	if [ "$4" = "vnc" -o "$4" = "shadow" -a "$ENABLE_DESKTOP_SHARING" = "1" ]
 	then
 		export DESKTOP_SHARING_IDS=""
 		for i in $(LC_ALL=C netstat -ln --protocol=unix | egrep 'X11-unix/X[0-9]$' | sed 's/.*X\(.*\)/\1/g')
 		do
 			uniqueid=$(echo $[$RANDOM*$RANDOM] | $COMMAND_MD5SUM | cut -d" " -f1 | tr "[a-z]" "[A-Z]")
 			DESKTOP_SHARING_IDS="$DESKTOP_SHARING_IDS $uniqueid=$i"
-			printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$i" "vnc-local" "$uniqueid" "--------" "$udepth" "$(echo $3 | cut -d'x' -f1,2)" "Running" "X$i (Local)" >> $TMPFILE
+			printf "%-7s %-16s %32s %8s %5s %-14s %-11s %s\n" "$i" "Local" "$uniqueid" "--------" "$udepth" "$(echo $3 | cut -d'x' -f1,2)" "Running" "X$i (Local)" >> $TMPFILE
 		done
 	fi
 	
@@ -796,6 +796,33 @@
 
 			USER=$USER2
 
+			# Guest authentication
+			if [ "$USER" = "NX guest user" ]
+			then
+				if [ "$ENABLE_GUEST_LOGIN" != "1" -o ! -x "$COMMAND_GUEST_LOGIN" ]
+				then
+					if [ "$ENABLE_GUEST_LOGIN" != "1" ]
+					then
+						echo_x "NX> 404 ERROR: guest authentication not enabled"
+					else
+						echo_x "NX> 404 ERROR: $COMMAND_GUEST_LOGIN not correct"
+					fi
+					echo_x "NX> 999 Bye"
+					if [ "$ENABLE_LOG_FAILED_LOGINS" = "1" ]
+					then
+						logger -t nxserver -i -p auth.info "($(whoami)) Failed login for user=$USER from IP=$(echo $SSH_CLIENT | awk '{print $1}')"
+					fi
+					exit 1
+				fi
+				log 6 -n "guest "
+				nxnode_login "" -- guest "" "" "$COMMAND_GUEST_LOGIN" --check 2>&1 >/dev/null
+                                if [ $? -eq 0 ]
+                                then
+                                        LOGIN_SUCCESS="1"
+                                        LOGIN_METHOD="GUEST"
+                                fi
+			fi
+
 			# PASSDB based auth
 			if [ "$ENABLE_PASSDB_AUTHENTICATION" = "1" -a "$LOGIN_SUCCESS" = "0" ]
 			then
@@ -916,7 +943,10 @@
 	export NODE_HOSTNAME
 	
 	# Use nxnode-login?
-	if [ "$LOGIN_METHOD" = "SSH" ]
+	if [ "$LOGIN_METHOD" = "GUEST" ]
+        then
+            NXNODE_TOSEND="$@" nxnode_login "" -- guest "" "" "$COMMAND_GUEST_LOGIN" "$CMD" 2>&1 | log_tee
+        elif [ "$LOGIN_METHOD" = "SSH" ]
 	then
 	    export COMMAND_SSH
 	    NXNODE_TOSEND="$@" nxnode_login "$PASS" -- ssh "$USER" "$SSHD_PORT" "$PATH_BIN/nxnode" "$CMD" 2>&1 | log_tee
@@ -987,10 +1017,10 @@
 	do
 		case "$CMD" in 
 			"NX> 706"*)
-				if [ -x "$PATH_BIN/nxshadowacl" ]
+				if [ -x "$COMMAND_NXSHADOWACL" ]
 				then
 					# check if we should save the cookie
-					$PATH_BIN/nxshadowacl "$USER"
+					$COMMAND_NXSHADOWACL "$USER"
 					
 					if [ $? -eq 0 ]
 					then
@@ -1074,10 +1104,10 @@
 	do
 		case "$CMD" in 
 			"NX> 706"*)
-				if [ -x "$PATH_BIN/nxshadowacl" ]
+				if [ -x "$COMMAND_NXSHADOWACL" ]
 				then
 					# check if we should save the cookie
-					$PATH_BIN/nxshadowacl "$USER"
+					$COMMAND_NXSHADOWACL "$USER"
 					
 					if [ $? -eq 0 ]
 					then
@@ -1192,7 +1222,7 @@
 	# Lock held
 
 	SERVER_LB_NR=$(cat $NX_SESS_DIR/round-robin 2>/dev/null)
-	let SERVER_LB_NR=(SERVER_LB_NR+1) % SERVER_LB_NR_OF_HOSTS
+	let SERVER_LB_NR=(SERVER_LB_NR+1)%SERVER_LB_NR_OF_HOSTS
 	echo $SERVER_LB_NR >$NX_SESS_DIR/round-robin
 
 	# Exit critical section
@@ -1211,7 +1241,7 @@
 	
 	for i in $LOAD_BALANCE_SERVERS
 	do
-		SERVER_LB_LOAD=$($NX_DIR/bin/nxcheckload $i)
+		SERVER_LB_LOAD=$($COMMAND_NXCHECKLOAD $i)
 		[ -z "$SERVER_LB_LOAD" ] && continue
 		
 		if [ $SERVER_LB_LOAD -gt $SERVER_LB_MAX ]
@@ -1263,6 +1293,7 @@
 	server_get_params $CMD
 	PARAMS=$SERVER_PARAMS
 	PARAMS="$PARAMS&clientproto=$PROTO"
+	PARAMS="$PARAMS&login_method=$LOGIN_METHOD"
 	CMDLINE=$PARAMS
 	echo_x
 
@@ -1344,8 +1375,7 @@
 		if [ "$ENABLE_EXTERNAL_NXDESKTOP" = "1" -a "$(getparam type)" = "windows" ]
 		then
 			type="windows-helper"
-			application="$PATH_BIN/nxdesktop_helper"
-			PARAMS="$PARAMS&type=$type&application=$application&freenx_export_agents=1"
+			PARAMS="$PARAMS&type=$type&freenx_export_agents=1"
 			CMDLINE=$PARAMS
 		fi
 		 
@@ -1381,10 +1411,10 @@
 			return 1
 	fi
 
-	if [ -x "$PATH_BIN/nxacl" ]
+	if [ -x "$COMMAND_NXACL" ]
 	then
-			log 3 "Info: Using $PATH_BIN/nxacl to change session parameters or deny session."
-			NEW_PARAMS=$($PATH_BIN/nxacl "$CMDLINE")
+			log 3 "Info: Using $COMMAND_NXACL to change session parameters or deny session."
+			NEW_PARAMS=$($COMMAND_NXACL "$CMDLINE")
 			if [ $? -ne 0 ]
 			then
 				echo_x "NX> 596 The session failed due to a nxacl policy setting: $NEW_PARAMS"
@@ -1444,6 +1474,14 @@
 				continue
 			fi
 
+                        let PROXY_DISPLAY=$SESS_DISPLAY+4000
+                        if $COMMAND_NETCAT -z "$SERVER_HOST" $PROXY_DISPLAY
+                        then
+                                log 2 "Warning: nxagent proxy without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY."
+                                let SESS_DISPLAY=$SESS_DISPLAY+1
+                                continue
+                        fi
+
 			# Now check for the other enabled services
 			
 			let SAMBA_DISPLAY=$SESS_DISPLAY+3000
@@ -1961,71 +1999,71 @@
 	session_history "$user" "$sessid"
 }
 
-cmd_terminate()
+cmd_execute()
 {
-	CMD_PARAMS=$(cmd_parse_3_params "$2")
-	[ -z "$CMD_PARAMS" ] && exit 1
-	for i in $CMD_PARAMS;
+	cmd_host="$1"
+	cmd_user="$2"
+	cmd_cmd="$3"
+
+	if [ "$ENABLE_USERMODE_AUTHENTICATION" = "1" ]
+	then
+		sh -c "$cmd_cmd"
+	elif [ "$cmd_host" = "127.0.0.1" -o "$cmd_host" = "localhost" ]
+	then
+		su - "$cmd_user" -c "$cmd_cmd"
+	else
+		ssh "$cmd_host" su - "$cmd_user" -c "'$cmd_cmd'"
+	fi
+}
+
+cmd_terminate_or_send()
+{
+	CMD="$1"
+
+	if [ "$CMD" = "--broadcast" ]
+	then
+		CMD_PARAMS=$(session_find_all)
+		[ -z "$CMD_PARAMS" ] && cmd_abort "Error: No running session could be found."
+	else
+		CMD_PARAMS=$(cmd_parse_3_params "$2")
+		[ -z "$CMD_PARAMS" ] && exit 1
+		shift
+	fi
+	shift
+
+	for i in $CMD_PARAMS
 	do
 			CMDLINE=$(session_get_cmdline $i)
 			cmd_sessionid=$(getparam sessionId)
+			cmd_display=$(getparam display)
 			cmd_user=$(getparam userName)
 			cmd_type=$(getparam type)
 			cmd_status=$(getparam status)
+			cmd_host=$(getparam host)
 
 			# is it a "good" session?
-			case "$1" in 
+			case "$CMD" in 
 			--suspend)
 				if [ "$cmd_status" = "Running" ] && stringinstring "unix-" "$cmd_type"
 				then
-					echo "sessionid=$cmd_sessionid" | su - "$cmd_user" -c "$PATH_BIN/nxnode --suspend"
+					echo "sessionid=$cmd_sessionid" | cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --suspend"
 				fi
 			;;
 			--terminate)
-				echo "sessionid=$cmd_sessionid" | su - "$cmd_user" -c "$PATH_BIN/nxnode --terminate"
+				echo "sessionid=$cmd_sessionid" | cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --terminate"
 			;;
 			--force-terminate)
-				echo "sessionid=$cmd_sessionid" | su - "$cmd_user" -c "$PATH_BIN/nxnode --terminate"
+				echo "sessionid=$cmd_sessionid" | cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxnode --terminate"
 				session_close $cmd_sessionid
 			;;
-			esac
-	done
-
-}
-
-cmd_send()
-{
-	if [ "$1" = "--broadcast" ]
-	then
-	  CMD_PARAMS=$(session_find_all)
-	  [ -z "$CMD_PARAMS" ] && cmd_abort "Error: No running session could be found."
-	else
-	  CMD_PARAMS=$(cmd_parse_3_params "$2")
-	  [ -z "$CMD_PARAMS" ] && exit 1
-	  shift
-	fi
-	shift
-	for i in $CMD_PARAMS;
-	do
-			CMDLINE=$(session_get_cmdline $i)
-			cmd_display=$(getparam display)
-			cmd_user=$(getparam userName)
-			cmd_type=$(getparam type)
-			cmd_status=$(getparam status)
-			cmd_host=$(getparam host)
-
-			# is it a "good" session?
-			if [ "$cmd_status" = "Running" ] && stringinstring "unix-" "$cmd_type"
-			then
-				if [ "$cmd_host" = "127.0.0.1" -o "$cmd_host" = "localhost" ]
+			--send|--broadcast)
+				# is it a "good" session?
+				if [ "$cmd_status" = "Running" ] && stringinstring "unix-" "$cmd_type"
 				then
-					su - "$cmd_user" -c "$PATH_BIN/nxdialog --dialog ok --caption \"NX Administrator Message\" --message \"$@\" -display \":$cmd_display\" &"
-				else
-					ssh $cmd_host su - "$cmd_user" -c "'$PATH_BIN/nxdialog --dialog ok --caption \"NX Administrator Message\" --message \"$@\" -display \":$cmd_display\" &'"
+					cmd_execute "$cmd_host" "$cmd_user" "$PATH_BIN/nxdialog --dialog ok --caption \"NX Administrator Message\" --message \"$@\" -display \":$cmd_display\" &"
 				fi
-			fi
+			esac
 	done
-	#nxnode_start --send "$CMD_PARAMS"
 }
 
 #
@@ -2099,13 +2137,13 @@
 		cmd_history "$@"
 	;;
 	--terminate|--suspend|--force-terminate)
-		cmd_terminate "$@"
+		cmd_terminate_or_send "$@"
 	;;
 	--cleanup)
-		cmd_terminate "--force-terminate" "*"
+		cmd_terminate_or_send "--force-terminate" "*"
 	;;
 	--send|--broadcast)
-		cmd_send "$@"
+		cmd_terminate_or_send "$@"
 	;;
 	*)
 		cmd_abort "Error: Function $CMD not implemented yet."
Only in freenx-server.fixes/nx-session-launcher: freenx.session.policy
diff -rud -x .bzr freenx-server-0.7.3/nx-session-launcher/nx-session-launcher freenx-server.fixes/nx-session-launcher/nx-session-launcher
--- freenx-server-0.7.3/nx-session-launcher/nx-session-launcher	2008-08-05 19:54:32.000000000 +0200
+++ freenx-server.fixes/nx-session-launcher/nx-session-launcher	2009-11-23 10:16:13.105349977 +0100
@@ -1,31 +1,170 @@
 #!/usr/bin/env python
 
+import xml.parsers.expat as expat
 import os
 import gobject
 import dbus
 import sys
+import logging
+
+logging.basicConfig (level=logging.ERROR, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', stream=sys.stderr)
+log = logging.getLogger ("nx-session-launcher")
+log.debug ("Starting nx-session-launcher")
 
+# Getting the system dbus
 bus = dbus.SystemBus ()
 
-manager_obj = bus.get_object ('org.freedesktop.ConsoleKit', '/org/freedesktop/ConsoleKit/Manager')
-manager = dbus.Interface (manager_obj, 'org.freedesktop.ConsoleKit.Manager')
+USE_PK_CREDENTIALS = False
 
-params = dbus.Array ([], signature = "(sv)")
-params.append (("unix-user", dbus.Int32 (os.getuid(), variant_level=1)))
-params.append (("session-type", dbus.String ("nx", variant_level=1)))
-params.append (("x11-display", dbus.String (os.environ['DISPLAY'], variant_level=1)))
-params.append (("is-local", dbus.Boolean (True, variant_level=1)))
+# ------------------- ConsoleKit integration ------------------------
 
-cookie = manager.OpenSessionWithParameters (params)
-os.environ['XDG_SESSION_COOKIE'] = cookie
+# Getting the ConsoleKit object
+ck_manager_obj = bus.get_object ('org.freedesktop.ConsoleKit', '/org/freedesktop/ConsoleKit/Manager')
+ck_manager = dbus.Interface (ck_manager_obj, 'org.freedesktop.ConsoleKit.Manager')
+objs = ck_manager.GetSeats ()
 
-current_session = manager.GetSessionForCookie (cookie)
-session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session)
-session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session')
+nx_create_session = os.getenv('NX_CREATE_CK_SESSION')
+create_session = True
+if nx_create_session == "false":
+    create_session = False
 
-properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties')
-properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1))
+nx_session_type = os.getenv('NX_SESSION_TYPE')
+if nx_session_type == None:
+    nx_session_type = "nx"
+display = os.getenv('DISPLAY')
 
-os.setreuid(os.getuid(), os.getuid())
-os.spawnvp(os.P_WAIT, sys.argv[1], [])
+# Get the current session
+current_cookie = os.getenv('XDG_SESSION_COOKIE')
+current_session = None
+if current_cookie != None:
+    current_session = ck_manager.GetSessionForCookie (current_cookie)
+
+def takeOwnership():
+    log.debug ("NX_CREATE_CK_SESSION = " + current_cookie)
+    log.debug ("Not creating a CK session")
+    
+    session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session)
+    session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session')
+    
+    properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties')
+    try:
+        properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1))
+        properties.Set ("org.freedesktop.DBus.Properties", "is-local", dbus.Boolean (True, variant_level=1))
+        properties.Set ("org.freedesktop.DBus.Properties", "session-type", dbus.String (nx_session_type, variant_level=1))
+        if display != None:
+            properties.Set ("org.freedesktop.DBus.Properties", "x11-display", dbus.String (display, variant_level=1))
+        log.debug ("Ownership taken")
+        return True
+    except expat.ExpatError, e:
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        log.error ("Falling back to create a new session")
+        return False
+    except dbus.DBusException, e:
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        log.error ("Falling back to create a new session")
+        return False
+    except Exception, e:
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        log.error ("Falling back to create a new session")
+        return False
+
+def createSession():
+    try:
+        # Defining the session attributes
+        params = dbus.Array ([], signature = "(sv)")
+        params.append (("unix-user", dbus.Int32 (os.getuid(), variant_level=1)))
+        params.append (("session-type", dbus.String (nx_session_type, variant_level=1)))
+        if display != None:
+            params.append (("x11-display", dbus.String (display, variant_level=1)))
+        params.append (("is-local", dbus.Boolean (True, variant_level=1)))
+        
+        # Create the ConsoleKit session
+        cookie = ck_manager.OpenSessionWithParameters (params)
+        log.debug ("Session " + cookie + " created")
+        
+        # Exporting the XDG_SESSION_COOKIE variable
+        os.environ['XDG_SESSION_COOKIE'] = cookie
+        
+        # Getting the ConsoleKit session
+        current_session = ck_manager.GetSessionForCookie (cookie)
+        session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session)
+        session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session')
+        
+        # Setting the session as active
+        properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties')
+        properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1))
+         
+    except dbus.DBusException, e:
+        # Dbus error problably you don't have the dbus rule installed or your launcher is not suid nx
+        # Open session without the parameters
+        log.error ("Failed to create a CK session using parameters")
+        
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        
+        # Create the ConsoleKit session
+        cookie = ck_manager.OpenSession ()
+        log.debug ("Session " + cookie + " created")
+        
+        # Exporting the XDG_SESSION_COOKIE variable
+        os.environ['XDG_SESSION_COOKIE'] = cookie
+
+def checkPermission ():
+    if USE_PK_CREDENTIALS == False:
+        return True
+    
+    policykit = bus.get_object ('org.freedesktop.PolicyKit', '/', "org/freedesktop/PolicyKit")
+    
+    if(policykit == None):
+        log.error ("Error: Could not get PolicyKit D-Bus Interface\n")
+    else:
+        polkit_interface = dbus.Interface (policykit, 'org.freedesktop.PolicyKit')
+        
+        try:
+            granted = polkit_interface.IsProcessAuthorized ("freenx.session.create", os.getpid(), "false")
+            
+            if granted == "yes":
+                return True
+            else:
+                return False
+            
+        except dbus.DBusException, e :
+            # Dbus error problably you don't have the PolicyKit rule installed
+            error_string = str(e)
+            log.error ("Error: " + error_string)
+
+
+if create_session and ( current_session == None or not takeOwnership () ):
+     log.debug("Creating a new session")
+     createSession ()
+     pid = os.fork ()
+     if pid == -1:
+         log.rrror ("error forking child")
+     elif pid == 0:
+         log.debug ("Forked")
+     else:
+         # Parent
+         status = os.waitpid (pid, 0)
+         os._exit (0)
+
+if os.geteuid () != os.getuid ():
+    # Drop setuid privilege
+    os.setreuid(os.getuid(), os.getuid())
+    
+    os.environ ['NX_CREATE_CK_SESSION'] = "false"
+    
+    # Reexecute this script to really drop euid privilege
+#    os.spawnvp (os.P_WAIT, sys.argv[0], sys.argv)
+#    sys.exit()
+
+args = sys.argv
+args.pop(0)
+log.info ("Launching the program\n")
+if checkPermission ():
+    os.execvp(args[0], args)
+else:
+    log.error ("You don't have permission to execute the action\n")
 
diff -rud -x .bzr freenx-server-0.7.3/nx-session-launcher/nx-session-launcher-suid.c freenx-server.fixes/nx-session-launcher/nx-session-launcher-suid.c
--- freenx-server-0.7.3/nx-session-launcher/nx-session-launcher-suid.c	2008-08-05 19:54:32.000000000 +0200
+++ freenx-server.fixes/nx-session-launcher/nx-session-launcher-suid.c	2009-11-23 10:16:13.098350105 +0100
@@ -23,8 +23,8 @@
 #include <stdlib.h>
 #include <stdio.h>
 
-#ifndef NXSERVER_COMMAND
-#define NXSERVER_COMMAND "/usr/bin/nx-session-launcher"
+#ifndef SESSION_LAUNCHER_COMMAND
+#define SESSION_LAUNCHER_COMMAND "/usr/bin/nx-session-launcher"
 #endif
 
 #define CK_LAUNCH_SESSION_COMMAND "/usr/bin/ck-launch-session"
@@ -47,7 +47,7 @@
         new_argv[0] = CK_LAUNCH_SESSION_COMMAND;
 
     }else{
-        new_argv[0] = NXSERVER_COMMAND;
+        new_argv[0] = SESSION_LAUNCHER_COMMAND;
     }
 
     return execv(new_argv[0], new_argv);
diff -rud -x .bzr freenx-server-0.7.3/nx-session-launcher/README freenx-server.fixes/nx-session-launcher/README
--- freenx-server-0.7.3/nx-session-launcher/README	2008-08-05 23:30:58.000000000 +0200
+++ freenx-server.fixes/nx-session-launcher/README	2009-11-23 10:16:13.098350105 +0100
@@ -1,6 +1,8 @@
-The unlock buttons on Users and Groups or Network are greyed out and un-accessible. Tried running from a term 'sudo users-admin' with the same results.
+The unlock buttons on Users and Groups or Network are greyed out and un-accessible.
+Running from a term 'sudo users-admin' should work the same way. (Not in Ubuntu due
+to bug https://bugs.edge.launchpad.net/ubuntu/+source/policykit/+bug/210897)
 
-To correct the problem follow this steps:
+If you are not using a packed version, correct the problem by following this steps:
  - Copy nx-session-launcher and nx-session-launcher-suid to /usr/bin
  - Execute $ chown nx /usr/bin/nx-session-launcher-suid
  - Execute $ chmod 4755 /usr/bin/nx-session-launcher-suid

freenx-server-r104-fixes.patch:
 init.d/freenx-server |  123 +++++++++++++++++++++++++++++++++++----------------
 nxloadconfig         |   30 ++++++++++--
 nxnode               |  110 ++++++++++++++++++++++++++++++++++++++++++---
 nxprint              |    3 -
 nxredir/nxsmb        |    5 ++
 nxserver             |   18 +++++++
 6 files changed, 239 insertions(+), 50 deletions(-)

--- NEW FILE freenx-server-r104-fixes.patch ---
diff -rud -x .bzr freenx-server/init.d/freenx-server freenx-server.fixes/init.d/freenx-server
--- freenx-server/init.d/freenx-server	2009-11-23 10:16:13.100350348 +0100
+++ freenx-server.fixes/init.d/freenx-server	2009-11-23 11:18:49.590351559 +0100
@@ -1,43 +1,92 @@
 #!/bin/bash
+#
+# Sample startup script for FreeNX server
+#
+# Coypright (c) 2007 by Fabian Franz <freenx at fabian-franz.de>.
+#
+# License: GNU GPL, version 2
+#
+# SVN: $Id: freenx-server 485 2008-03-02 10:29:52Z fabianx $
+#
+# Modified to be chkconfig compatible by Johnny Hughes <johnny at centos.org>
+#
+# chkconfig: 2345 91 35
+# description: Creates /tmp/.X11-unix/ if required and cleans up dead \
+#              NX sessions.
 
-### BEGIN INIT INFO
-# Provides:          freenx_server
-# Required-Start:    sshd
-# Required-Stop:     sshd
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: FreeNX Server
-# Description:       Cleanup FreeNX Server session database at boot time
-### END INIT INFO
 
-PATH_BIN=/usr/lib/nx
+# Read the config file
+. /usr/libexec/nx/nxloadconfig --
+
+# Source function library.
+. /etc/init.d/functions
+prog="freenx-server"
+
+start() {
+	runuser -s /bin/bash - nx -c "$PATH_BIN/nxserver --cleanup" > /dev/null 2>&1 < /dev/null
+	if [ ! -d "/tmp/.X11-unix" ]; then
+	  mkdir -m1777 /tmp/.X11-unix/
+	  ret=$?
+	else
+	  X11_owner=`/bin/ls -ald /tmp/.X11-unix | /bin/gawk {'print $3'}`
+          if [ "$X11_owner" != "root" ]; then
+	    /bin/chown root /tmp/.X11-unix
+          fi
+	  ret=0
+	fi
+	if [ $ret -eq 0 ]; then
+	  touch /var/lock/subsys/freenx-server
+	  action $"Starting $prog: " /bin/true
+	else
+	  action $"Starting $prog: " /bin/false
+	fi
+	echo
+	return $ret
+}
+
+stop() {
+	runuser -s /bin/bash - nx -c "$PATH_BIN/nxserver --cleanup" > /dev/null 2>&1 < /dev/null
+	if [ -e "/var/lock/subsys/freenx-server" ]; then
+	  rm -f /var/lock/subsys/freenx-server
+	  ret=$?
+	else
+	  ret=0
+	fi
+	if [ $ret -eq 0 ]; then
+	  action $"Stopping $prog: " /bin/true
+	else
+	  action $"Stopping $prog: " /bin/false
+	fi
+	echo
+	return $ret
+}
+
+restart() {
+	echo $"Restarting $prog:"
+	stop
+	start
+}
 
 case "$1" in
-	start)
-		if [ ! -e "/var/run/freenx-server" ]; then
-			[ ! -d "/tmp/.X11-unix" ] && mkdir -m1755 /tmp/.X11-unix/
-			$PATH_BIN/nxserver --cleanup
-			$PATH_BIN/nxserver --start
-			touch "/var/run/freenx-server";
-		else
-			echo "Not starting freenx-server, it's already started."
-		fi
-	;;
-	restart|force-reload)
-		$PATH_BIN/nxserver --cleanup
-		$PATH_BIN/nxserver --start
-		touch "/var/run/freenx-server";
-	;;
-	stop)
-		$PATH_BIN/nxserver --stop
-		$PATH_BIN/nxserver --cleanup
-		rm -f /var/run/freenx-server
-	;;
-	status)
-		[ ! -e "/var/run/freenx-server" ] || exit 3
-		exit 0;
-	;;
-	*)
-		echo "Usage: $0 <start|restart|stop|force-reload|status>"
-	;;
+  start)
+        start
+        ;;
+  stop)
+        stop
+        ;;
+  restart)
+        restart
+        ;;
+  status)
+        if [ -e "/var/lock/subsys/freenx-server" ]; then
+          echo $"$prog is running"
+        else
+          echo $"$prog is stopped"
+        fi
+        ;;
+  *)
+        echo $"Usage: $prog {start|stop|restart|status}"
+        exit 1
 esac
+
+exit $?
diff -rud -x .bzr freenx-server/nxloadconfig freenx-server.fixes/nxloadconfig
--- freenx-server/nxloadconfig	2009-11-23 10:16:13.103349734 +0100
+++ freenx-server.fixes/nxloadconfig	2009-11-23 11:02:34.097352098 +0100
@@ -112,11 +112,28 @@
 
 # Restriction directives
 
-DISPLAY_BASE=1000
+#JJK: DISPLAY_BASE=1000
+#JJK: Change DISPLAY_BASE to 2000 to avoid conflict of DISPLAY_BASE+7000 with nasd
+DISPLAY_BASE=2000
 SESSION_LIMIT=200
 SESSION_USER_LIMIT="" #Calculated
 DISPLAY_LIMIT=200
 
+#JJK: Added the following to allow printing when using cifs mount
+#JJK: Note the smb print port (#139) must then be tunnelled manually
+#JJK: from <DISPLAY+3000+SMBPORT_OFFSET> on the server to port 139 on the host
+#JJK: by running on the client: 
+#JJK:   ssh ... -R <DISPLAY+3000+SMBPORT_OFFSET>:<client name>:139
+#JJK: If SAMBA_MOUNT_SHARE_PROTOCOL="smbfs" (technically, if it doesn't equal
+#JJK  'cifs' or in most cases 'both') then the ssh tunnel is automatically
+#JJK: set up from port <DISPLAY+3000> on the server to port 139 
+#JJK: on the remote client.
+#JJK: Note in *all* cases, the cups printer on the client is accessed from 
+#JJK: the server via the command line, using the following -h flag:
+#JJK:   -h localhost:<DISPLAY+9000> [-P <printer name>]
+#JJK: or via the CUPS web browser using:
+#JJK:   http://localhost:<DISPLAY+9000>
+SMBPORT_OFFSET=8000
 ENABLE_PERSISTENT_SESSION="all"
 DISABLE_PERSISTENT_SESSION=""
 
@@ -174,7 +191,11 @@
 ENABLE_CUPS_SEAMLESS="0"
 CUPS_SEAMLESS_DELAY="10"
 ENABLE_FOOMATIC="1"
-COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+#JJK: COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile"
+COMMAND_FOOMATIC="/usr/bin/foomatic-ppdfile"
+
+#JJK: added the following path referenced in nxprint
+PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
 
 CUPS_BACKEND="/usr/lib/cups/backend"
 CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp"
@@ -194,7 +215,8 @@
 KILL_DEFAULT_X_WM="1"
 BOOTSTRAP_X_SESSION="0"
 USER_X_STARTUP_SCRIPT=.Xclients
-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+#JJK: DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+DEFAULT_X_SESSION=/etc/X11/xinit/Xsession
 COMMAND_GDM_X_SESSION="/etc/gdm/Xsession custom"
 if [ ! -x "$COMMAND_GDM_X_SESSION" ]
 then
@@ -357,7 +379,7 @@
 [ -z "$AGENT_LIBRARY_PATH" ] && AGENT_LIBRARY_PATH=$PATH_LIB
 [ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
 [ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6.2:$APPLICATION_LIBRARY_PATH/libXext.so.6.4:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so.1.2"
+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so.6:$APPLICATION_LIBRARY_PATH/libXext.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1"
 
 NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g')
 
diff -rud -x .bzr freenx-server/nxnode freenx-server.fixes/nxnode
--- freenx-server/nxnode	2009-11-23 10:16:13.104350274 +0100
+++ freenx-server.fixes/nxnode	2009-11-23 11:15:44.385476686 +0100
@@ -20,6 +20,20 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --userconf
 
+#JJK: Added	following 'if' stanza as a kluge since the following variables
+#JJK: need to be set in cmd_node_smbmount node_umount_smb 
+#JJK: but they are currently set only in startsession which is called 
+#JJK: separately from nxserver via ssh so environment variables 
+#JJK: aren't preserved.
+if [[ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" || \
+	 ( "$SAMBA_MOUNT_SHARE_PROTOCOL" = "both" && \
+	  `which "$COMMAND_SMBMOUNT_CIFS"` && `which "$COMMAND_SMBUMOUNT_CIFS"` ) \
+			]] > /dev/null 2>&1; then
+	COMMAND_SMBMOUNT=$COMMAND_SMBMOUNT_CIFS
+	COMMAND_SMBUMOUNT=$COMMAND_SMBUMOUNT_CIFS
+	SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
+fi
+
 #
 # -----------------------------------------------------------------------------
 # Startup of nxnode
@@ -659,11 +673,27 @@
 	touch "$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 	
 	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/certs" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/ppd" "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cache"
+	mkdir -p "$USER_FAKE_HOME/.nx/C-$sess_id/cups/log" #JJK cups log file home
+
+#JJK: Modifications to cupsd.conf
+#JJK:   - Added SystemGroup line in order to add $USER to SystemGroup
+#JJK:   - Moved all the log files to log/<log>
+#JJK:   - Set AccessLog to: log/access_log (was /dev/null)
+#JJK:   - Added listening on $NODE_CUPSD_PORT
+#JJK:	         Listen localhost: $NODE_CUPSD_PORT
+#JJK:   - Removed following line because directive is specific to Debian
+#JJK:       PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
+#JJK:   -  Access restrictions borrowed from /etc/cups/cupsd.conf
+#JJK:   -  Default policy borrowed from /etc/cups/cupsd.conf but modified
+#JJK:        to allow Add, Delete, and Default printer without (password)
+#JJK:        authentication
+#JJK:   - Note for more detailed logging set: LogLevel debug
 
 cat <<EOF > $USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf
-AccessLog /dev/null
-ErrorLog error_log
-PageLog page_log
+SystemGroup sys root $USER
+AccessLog log/access_log
+ErrorLog log/error_log
+PageLog log/page_log
 LogLevel info
 TempDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool/tmp
 RequestRoot $USER_FAKE_HOME/.nx/C-$sess_id/cups/spool
@@ -671,19 +701,60 @@
 StateDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/
 CacheDir $USER_FAKE_HOME/.nx/C-$sess_id/cups/cache
 
+Listen localhost:$NODE_CUPSD_PORT
 Listen $NODE_CUPSD_SOCKET
 Browsing Off
 ServerName localhost
-PidFile $USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd
 
+#JJK:  Restrict access to the server...
 <Location />
 Order Deny,Allow
 Deny From All
 Allow from 127.0.0.1
 </Location>
 
+#JJK: Restrict access to the admin pages...
+<Location /admin>
+  Encryption Required
+  Order allow,deny
+  Allow localhost
+</Location>
+
+#JJK: Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Basic
+  Require user @SYSTEM
+  Order allow,deny
+  Allow localhost
+</Location>
+
 # Allow everything for anonymous, because we are protected through UNIX socket
+#JJK: Since allowing access via $NODE_CUPSD_PORT, need to add protection
 <Policy default>
+  #JJK: Job-related operations must be done by the owner or an adminstrator...
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK:All administration operations require an adminstrator to authenticate...
+  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Basic
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  #JJK: Except need to allow these for nxnode to work
+  <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Set-Default>
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
   <Limit All>
     AuthType None
     Order deny,allow
@@ -695,9 +766,17 @@
 
 	# copy mime.* files
 	cp -af "$CUPS_ETC"/mime.* "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
+	#JJK: Also copy over pstoraster.convs
+	cp -af "$CUPS_ETC"/mime.* "$CUPS_ETC"/pstoraster.convs "$USER_FAKE_HOME/.nx/C-$sess_id/cups/"
 
 	# start cupsd
-	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+#JJK: Note the directive PidFile in the original cupsd.conf intended for 
+#JJK: recording the pid is a Debianism. Instead, we will use the non-daemon
+#JJK: form of cupsd and capture the pid directly
+#JJK:	$COMMAND_CUPSD -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null
+	$COMMAND_CUPSD -F -c "$USER_FAKE_HOME/.nx/C-$sess_id/cups/cupsd.conf" &>/dev/null </dev/null &
+	NODE_CUPSD_PID=$!
+	echo $NODE_CUPSD_PID >"$USER_FAKE_HOME/.nx/C-$sess_id/pids/cupsd"
 
 	# setup KDE
 	if [ "$ENABLE_KDE_CUPS" = "1" -a -e "$KDE_PRINTRC" ]
@@ -747,6 +826,7 @@
 			fi
 			sleep 0.5s
 		done
+		rmdir "$mpoint" >/dev/null 2>/dev/null #JJK:Remove mount point if empty
 	done
 }
 
@@ -1166,6 +1246,7 @@
 
 			COMMAND_SMBMOUNT=/bin/true
 			COMMAND_SMBUMOUNT=/bin/true
+			smbport=139    #JJK: still may want to do printer sharing...
 		else # smbfs
 			smbport=139
 		fi
@@ -1436,7 +1517,8 @@
 	password=$(getparam password)
 	share=$(getparam share)
 	computername=$(getparam computername)
-	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+#JJK:	dir=$(getparam dir | sed 's|$(SHARES)|MyShares|g')
+	dir=$(getparam dir | sed 's/\(%24\|\$\)(SHARES)/MyShares/g')
 	# rdir=$(getparam dir | sed 's|$(SHARES)/||g')
 	display=$(cd $USER_FAKE_HOME/.nx/; echo C-$SERVER_NAME-*-$sessionid | awk 'BEGIN {FS="-"} {i=NF-1; print $i}') 
 	mkdir -p "$HOME/$dir"
@@ -1456,6 +1538,7 @@
 		echo "$HOME/$dir" >> "$USER_FAKE_HOME/.nx/C-$SERVER_NAME-$display-$sessionid/scripts/mpoint"
 	else
 		$PATH_BIN/nxdialog -dialog ok -caption "NXServer Message" -message "Info: Share: '//$computername/$share' failed to mount: $error" -display :$display &
+		rmdir "$HOME/$dir" >/dev/null 2>/dev/null #JJK: Remove mount point if empty
 	fi
 }
 
@@ -1478,6 +1561,12 @@
 	# this will also setup the userspace cupsd
 	export CUPS_SERVER=$(node_cupsd_get_socket)
 	
+#JJK: The following if-stanza kludge added to enable printing when smbport=cifs
+#JJK: since smb printing won't work when forwarded over port 445
+	if [ "$SAMBA_MOUNT_SHARE_PROTOCOL" = "cifs" ] ; then
+		let port=$port+$SMBPORT_OFFSET
+	fi
+
 	if [ "$type" = "smb" ]
 	then
 		if [ -x "$CUPS_BACKEND/nxsmb" ]
@@ -1506,6 +1595,9 @@
 
 	if [ "$ENABLE_CUPS_SEAMLESS" != "1" ]
 	then
+        #JJK: Export the following variables for use by nxdialog/nxprint
+        #JJK: Note they are also exported in nxdialog but doesn't help there
+	    export ENABLE_FOOMATIC COMMAND_FOOMATIC PPD_DIR
 		MODEL=$($PATH_BIN/nxdialog -printer "$NAME" -display :$display)
 		[ -z "$MODEL" -o "$MODEL" = "cancel: aborted" ] && return
 	else
@@ -1513,7 +1605,11 @@
 		MODEL="download_cached"
 	fi
 	
-	PUBLIC="-u allow:$USER"
+#JJK: I like to also allow 'guest' so you can do things like print
+#JJK: testpages from the CUPS web interface. Note this is required
+#JJK: even for the original user to print test pages	
+#JJK:	PUBLIC="-u allow:$USER"
+	PUBLIC="-u allow:$USER,guest"	
 	[ "$public" == "1" ] && PUBLIC=""
 
 	if [ "$MODEL" = "download_new" -o "$MODEL" = "download_cached" ]
diff -rud -x .bzr freenx-server/nxprint freenx-server.fixes/nxprint
--- freenx-server/nxprint	2009-11-23 10:16:13.102350032 +0100
+++ freenx-server.fixes/nxprint	2009-11-23 10:52:01.353353153 +0100
@@ -51,7 +51,8 @@
 	if [ -z "$(find $UTILITY_DRIVERS_CACHE.all -mmin -60 2> /dev/null)" ]
 	then
 		{ 
-		cd /usr/share/ppd/
+#JJK:		cd /usr/share/ppd/
+		cd $PPD_DIR
 		awk -F '"' '/\*Manufacturer:/ { a[FILENAME]=$2 }
 			    /\*NickName:/ { b[FILENAME]=$2 } 
 			    END { 
diff -rud -x .bzr freenx-server/nxredir/nxsmb freenx-server.fixes/nxredir/nxsmb
--- freenx-server/nxredir/nxsmb	2009-11-23 10:16:13.098350105 +0100
+++ freenx-server.fixes/nxredir/nxsmb	2009-11-23 10:52:01.354352855 +0100
@@ -18,6 +18,11 @@
 PROTOCOL=$(echo $DEVICE_URI | cut -d/ -f4)
 PRINTER=$(echo $DEVICE_URI | cut -d/ -f5)
 
+if [ "$#" -eq 0 ]
+then
+	exit 0
+fi
+
 if [ -z "$PRINTER" ] # old style setup
 then
 	echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format."
diff -rud -x .bzr freenx-server/nxserver freenx-server.fixes/nxserver
--- freenx-server/nxserver	2009-11-23 10:16:13.100350348 +0100
+++ freenx-server.fixes/nxserver	2009-11-23 10:52:01.356476314 +0100
@@ -17,6 +17,22 @@
 # Read the config file
 . $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --
 
+if test ! -e $NX_ETC_DIR/users.id_dsa; then
+  $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/users.id_dsa
+fi
+
+if test ! -e $NX_ETC_DIR/client.id_dsa.key -o ! -e $NX_ETC_DIR/server.id_dsa.pub.key; then
+  $COMMAND_SSH_KEYGEN -q -t dsa -N "" -f $NX_ETC_DIR/local.id_dsa
+  mv -f $NX_ETC_DIR/local.id_dsa $NX_ETC_DIR/client.id_dsa.key
+  mv -f $NX_ETC_DIR/local.id_dsa.pub $NX_ETC_DIR/server.id_dsa.pub.key
+  chmod 0600 $NX_ETC_DIR/client.id_dsa.key $NX_ETC_DIR/server.id_dsa.pub.key
+fi
+
+if test ! -s $NX_HOME_DIR/.ssh/known_hosts -a -e /etc/ssh/ssh_host_rsa_key.pub; then
+  echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts
+  cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts 2>/dev/null
+fi
+
 # following two functions are Copyright by Klaus Knopper
 
 stringinstring(){
@@ -1466,7 +1482,7 @@
 			done
 
 			# Check if there is already an agent running on that display on that host
-			let AGENT_DISPLAY=$SESS_DISPLAY+6000
+			let AGENT_DISPLAY=$SESS_DISPLAY-$DISPLAY_BASE+6000
 			if $COMMAND_NETCAT -z "$SERVER_HOST" $AGENT_DISPLAY 2>/dev/null
 			then
 				log 2 "Warning: Stray nxagent without .nX$SESS_DISPLAY-lock found on host:port $SERVER_HOST:$AGENT_DISPLAY."


--- freenx-server-0.7.3-fixes.patch DELETED ---

More information about the fedora-extras-commits mailing list