NX/freenx-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New upstream version 2.1.3

Browse Source
This commit is contained in:
geos_one
2025-08-08 20:28:57 +02:00
commit 140969fdb8
101 changed files with 13044 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.gitignore vendored Normal file
View File

@@ -0,0 +1,20 @@
nx-session-launcher/nx-session-launcher-suid
nxredir/libnxredir.so.0
nxredir/nxredir.o
nxviewer-passwd/Makefile
nxviewer-passwd/Makefile.bak
nxviewer-passwd/libvncauth/Makefile
nxviewer-passwd/libvncauth/Makefile.bak
nxviewer-passwd/libvncauth/d3des.o
nxviewer-passwd/libvncauth/libvncauth.a
nxviewer-passwd/libvncauth/vncauth.o
nxviewer-passwd/nxpasswd/Makefile
nxviewer-passwd/nxpasswd/Makefile.bak
nxviewer-passwd/nxpasswd/nxpasswd
nxviewer-passwd/nxpasswd/vncpasswd.o
debian/.debhelper/
debian/files
debian/freenx-server.debhelper.log
debian/freenx-server.substvars
debian/freenx-server/

6
AUTHORS Normal file
View File

@@ -0,0 +1,6 @@
Fabian Franz <freenx@fabian-franz.de>
Rick Stout <zipsonic@gmail.com>
Thorsten Sandfuchs <fux@users.berlios.de>
Kurt Pfeifle <pfeifle@kde.org>
Jon Severinsson <jonno@users.berlios.de>
Dmitry Borisov <i@dimbor.ru>

81
CONTRIB Normal file
View File

@@ -0,0 +1,81 @@
III. How you can help
=====================
1. Documentation
----------------
Documentation and experience reports are most important of course. So if you have something send it to us ;-). (FreeNX-kNX@kde.org)
2. Code and Patches
-------------------
While FreeNX is a volounteer project, it of course depends on the work of 7 years kindly donated by NoMachine to the Free Software Community:
The NX open source libraries
While they are mature and very good working, they need work in some very important fields. Most "difficulties" were provided by Gian Fillipo Pinzari main developer of NoMachine NX and CEO of NoMachine.
2.1 Rootless nxagent
This is the most needed feature at the moment. It will allow using single applications instead of a full featured desktop. Most code needed for that is already in the nxagent source tree; its just still a bit buggy and needs some "love".
Difficulty: Medium
2.2 Pseudo Color / True Color support
This is the second most important feature needed. With the addition of Pseudo Color / True Color, it it possible to reconnect also on different depths (which is not possible at the moment). This will also make nxagent independent of the used Visuals (as far as I've understand it).
Last but not least, will this allow me to use Xvfb to keep a session running, while no display is attached to it.
Difficulty: Medium
2.3 XRandr support
XRandr support is available since version XFree86 4.3 and also most applications already support it. XRandr support would also enable one to reconnect at different geometry sizes and you could in an ideal case also just resize the window and it would work.
At reconnection stage this is really important for the fullscreen mode.
Difficulty: Easy
2.4 XDamage support
nxagent should be also able to profit from the new XDamage extension, to allow making NX sessions again even faster.
Difficulty: Easy
2.5 "Lazy image encoding"
Currently images are sent at once and just limited by having a small control channel open to allow fast user interaction. It would be much better if the images would be "streamed" in a way.
Quoting GFP:
"> What about doing this asynchronously? Not necessarily doing it immediately,
> but analyzing (in parallel, the data is still sent with normal compression
> regardless) what is seen and then biasing the type of compression over
> time based on the "popularity" of given image characteristics for a
> specific application or window class.
This is more or less what we want to do as part of the "lazy"
image encoding functionality that is going to be implemented.
The main goal of the "lazy" encoding is to decouple the image
handling from other protocol requests. The effect we want to
achieve is similar to loading a web page, where the browser
renders the images progressively, as they are downloaded from
the network. Once you have images sent asynchrounously, you
have opened the way to any form of post-processing."
[TODO: This part is not yet explained enough ]
2.6 Drag and Drop with automatic file transfer
The idea is:
Grab the X Drag And Drop requests in nxagent and advise the nxproxy on the other side to stream you the file with the filename, which you have got. The file should then be saved to a temporary location and the event given to the real application. While the file is transferred nxagent should display some kind of status bar.
Difficulty: ~ Medium - Difficult
2.7 Add the GLX extension
Add the glx extension to nxagent and also try to remove roundtrips in GLX.
Difficulty: Easy - Medium

340
COPYING Normal file
View File

@@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

690
ChangeLog Normal file
View File

@@ -0,0 +1,690 @@
xx.11.2008 FreeNX 0.7.4
* Opened the 0.7.4 development.
* Fixed missing export of NX_ETC_DIR in Makefile,
so node.conf.sample is installed correctly.
(fabianx@bat.berlios.de)
* Fixed broken round-robin load balance algorithm.
(fabianx@bat.berlios.de)
* Fixed --terminate|--suspend|--force-terminate for
load balancing case.
(fabianx@bat.berlios.de)
* Fixed --terminate|--suspend|--force-terminate for
usermode case.
(fabianx@bat.berlios.de)
* Fixed non-encrypted session mode. You might need to
set EXTERNAL_PROXY_IP in node.conf.
(fabianx@bat.berlios.de)
18.08.2008 FreeNX 0.7.3 "Priscilla One Year Edition"
* Opened the 0.7.3 development.
* Added logging of failed authentication attempts
to auth.log via syslog (3). This can be disabled by
setting ENABLE_LOG_FAILED_LOGINS="0".
(fabianx@bat.berlios.de)
* Added -nolisten tcp to nxagent invocation.
(fabianx@bat.berlios.de, idea by pappy- (Gentoo))
* Used bash for all tasks as 'sh' might be not what we want
on standard ubuntu.
(fabianx@bat.berlios.de, thx to tan (IRC))
* Finally fixed mv not working for failed or terminated
sessions.
(fabianx@bat.berlios.de, Terje Andersen <terander@guard.zapto.org>)
* Added patch from 2005 to enable reconnect to 24-bit display via
32-bit or vice versa. Oops :)
(Sunil <funtoos at yahoo.com> )
* Added 3.2.0 as a backend version for nxloadconfig.
(fabianx@bat.berlios.de)
* Added configuration key ENABLE_SOURCE_BASH_PROFILE for toggling of
sourcing ~/.bash_profile.
(fabianx@bat.berlios.de)
* Added /usr/bin/xauth as default key and used /usr/X11R6/bin/xauth as
fallback.
(fabianx@bat.berlios.de)
* Fixed Makefile to stop on all errors.
(Idea by Hai Zaar <haizaar@gmail.com>, fabianx@bat.berlios.de)
* Changed the default for ENABLE_PASSDB_AUTHENTICATION. If you had
added a user with different password via --adduser consider
re-activating this option in node.conf.
(fabianx@bat.berlios.de)
* Added constraints for passdb based commands. They are only available
when ENABLE_PASSDB_AUTHENTICATION="1" else a friendly error message
is shown. This should help with users using old tutorials.
(fabianx@bat.berlios.de)
* Added unix-console patch. Added default handler as unix-default with
a fallback to xterm,
(Idea by Jens Hatlak <jh@junetz.de>, fabianx@bat.berlios.de)
* Fixed external rdesktop keyboards: A "$" was missing.
(Bug by Phil Stricker <stril@gmx.de>, fabianx@bat.berlios.de)
* Added workaround for "ch" keyboard layout to nxdesktop_helper,
which NXClient 3.2.0 means as de-ch.
(Bug by Phil Stricker <stril@gmx.de>, fabianx@bat.berlios.de)
* Added clean target to Makefile.
(Based on patch by Ubuntu FreeNX-Team, fabianx@bat.berlios.de)
* Use :0.0 if mirrorhost is 127.0.0.1 and add -localhost for
enhanced security. Also increase sleep timeout for slow machines.
(Based on Patch by Jeremy Wilkins <wjeremy@shaw.ca>, fabianx@bat.berlios.de)
* Allow RDP "Run application" sessions to work correctly.
(David Corral < davefury@gmail.com > & the Silice Telecom staff,
fabianx@bat.berlios.de)
* Merge Xresources on startup of session.
(Jeremy Wilkins <wjeremy@shaw.ca>)
* Added nx-session-launcher from Ubuntu FreeNX-Team to use FreeNX with
ConsoleKit.
(marceloshima@gmail.com, fabianx@bat.berlios.de)
* Moved logging functions to a more appropriate place.
(fabianx@bat.berlios.de)
* Finally fixed the bug when NX Client was stopped on "Negotiating
link parameters" and failed session after first session suspend.
(fabianx@bat.berlios.de)
* Fixed missing "fi" statement. In fact it was a missing ";;".
(fabianx@bat.berlios.de)
* Used source instead of "." for Makefile. (Closes: #13954)
(fabianx@bat.berlios.de)
* Allow passwords with '\' by changing read -s to read -r -s.
(Closes: #10699)
(Patch by rpfuller@bat.berlios.de, fabianx@bat.berlios.de)
* Allow passwords with special chars by using new url_decode on
agent_password. (Closes: #10248)
(fabianx@bat.berlios.de)
* Fixed start/stop exit codes.
(Patch by Gentoo Portage, fabianx@bat.berlios.de)
* Finally checked for all service ports. (cups, media, samba)
and also checked it on the host where the load balancing actually
leads to.
(fabianx@bat.berlios.de)
* Fixed broken fallback logic if SSH_CLIENT variables cannot be read
correctly.
(fabianx@bat.berlios.de)
* Overhauled the usermode:
* There are now two modes of operation.
- One statically setting the
ENABLE_USERMODE_AUTHENTICATION key
in node.conf. (old behavior)
- Or using nxserver-usermode as startup
binary, which directly goes into the 103 stage.
* Fixed using commandline parameters like --cleanup
for static usermode.
* Enabled the root commandline parameters in usermode.
* Fixed usage of "nx" user as normal user in usermode.
* Disabled slave mode and load balancing for usermode.
* Fixed creation of the logfile directory.
* Fixed nxnode usage of SSH_CLIENT using fallback mechanism.
(Patch by nbartos@bat.berlios.de, fabianx@bat.berlios.de)
* Added disabled nxserver-suid wrapper with help from Google. To
enable it uncomment the suid_install target in Makefile.
( Alistair Riddoch <alriddoch@google.com>, fabianx@bat.berlios.de)
* Automatically disabled slave mode, when load balancing is activated.
(fabianx@bat.berlios.de)
* Made ENABLE_SLAVE_MODE="1" the new default as its faster
and more reliable. If you encounter any problems with it,
disable it in node.conf.
(fabianx@bat.berlios.de)
* Changed type for external agents to windows-helper or vnc-helper
so that those sessions can be mirrored / shadowed as well.
(fabianx@bat.berlios.de)
* Added nxshadowacl.sample component to be able to shadow
foreign sessions.
(fabianx@bat.berlios.de)
* Prepared shadowing foreign users for VNC-shadowing.
(fabianx@bat.berlios.de)
* Added shadow support to --listsession command.
(fabianx@bat.berlios.de)
* Added shadow mode as nxagent target.
(fabianx@bat.berlios.de)
* Fixed shadow mode and made it usable.
(Patch by Amin Shehata <amino7 at yahoo dot com>, fabianx@bat.berlios.de)
14.03.2008 FreeNX 0.7.2 "Priscilla Edition"
* Opened the 0.7.2 development.
* Fixed the display of local sessions to display only
when session type is VNC.
(fabianx@bat.berlios.de)
* Fixed the issue that commercial NXClient was called with 0 parameters
and such the "Connection Wizard" came up.
(fabianx@bat.berlios.de)
* Added freenx-server startup script. You can make a symlink to
/etc/init.d/ to have it start automatically.
(fabianx@bat.berlios.de)
* Added catching of exception after failed nscd command.
(fabianx@bat.berlios.de)
* Invoke curl with --proxy "" for automatic download of ppd files.
(Wolfgang Schweer <schweer@cityweb.de>)
* Reorganized nxsetup to have a function for parsing command line
options.
(fabianx@bat.berlios.de)
* Added nxsetup --test to test the configuration and connection to
localhost nxserver.
(fabianx@bat.berlios.de)
* Added -o ConnectTimeout 3 to nxnode-login for test-nx case.
(cedric briner <work@infomaniak.ch>)
* Added more examples for "failed ssh connection to localhost" cases.
(cedric briner <work@infomaniak.ch>, fabianx@bat.berlios.de)
* Fixed helpers (desktop, viewer) to honour the AGENT_EXTRA_OPTIONS_{RDP,RFB}
parameters set in node.conf.
(fabianx@bat.berlios.de)
* Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
(fabianx@bat.berlios.de)
* Fixed parsing of SMB port and added a fallback if mport file is empty.
(Patch from Gentoo Portage)
* Run nscd only when nscd.pid is present.
(Patch from Gentoo Portage)
* Fixed possible bug in nxserver when $USER is not set.
(Patch from Gentoo Portage)
* Set ENABLE_USESSION="1" option by default - its hard to find and those who know can
shut it off anyway. Added automatic adding of user nx to group utmp.
(Patch by Gentoo Portage)
* Added support for 3.1.0 and later backends. Made 2.0.0 backend the
default and added a fallback to 1.5.0 via the same detection mechanism.
(fabianx@bat.berlios.de)
* Added the configuration key ENABLE_PULLDOWN_MENU to be able to
disable the pulldown menu for rootless sessions.
(fabianx@bat.berlios.de)
* Fixed a small bug in nxserver when password has spaces at the end or
beginning.
(Dimitar Paskov)
* Fixed round-robin mode of load balancing.
(fabianx@bat.berlios.de)
* Added check for /tmp/.X11-unix/X*.
(Yves-Gaël Chény <yves-gael.cheny at tranquil-it-systems.fr>)
* Fixed --send|--broadcast for load balancing case.
Note: ssh is used, so you need to either insert your root ssh password
for the nodes again and again, use a public key + agent or use host keys.
(fabianx@bat.berlios.de)
* Added possibility to use the new nxsmb backend. This enables us to support
CIFS and SMB printing at the same time - without recompiling samba -
via the nxredir preload library.
(fabianx@bat.berlios.de)
* Added usage of nxredir library to forward port 139,445 to the
client side forwarded SMB port.
(fabianx@bat.berlios.de)
* Made the slave mode finally functional. With that slave mode it is
possible to do a single sign on instead of the multiple logins used
before. It is also possible to use a suid wrapper to login as user.
With single sign on session startup is a lot faster. This is true
especially if there are many printers and files to be shared.
(fabianx@bat.berlios.de)
* Added detection of backend version and added this output
to version string.
(fabianx@bat.berlios.de)
* Added foomatic-ppdfile to the retested values.
(fabianx@bat.berlios.de)
* Added possibility to balance all nx services to different cores
using taskset. Use for example USE_PROCESSOR_TASKSET="3,4" to
balance all services to processor cores 3 and 4.
This wish was granted for Gregory Carter.
(fabianx@bat.berlios.de)
* Added initial code to add an application to an already running
rootless session.
Set ENABLE_ADVANCED_SESSION_CONTROL="1" and use session name
like "add <sessionname>". Unfortunately the client returns an
error, but the application is started anyway.
The wish was granted for Bernhard Donaubauer.
(fabianx@bat.berlios.de)
* Added option to disable the showing of running sessions.
Set ENABLE_SHOW_RUNNING_SESSIONS="0" if you want that behaviour.
(fabianx@bat.berlios.de)
* Updated documentation in INSTALL file.
(fabianx@bat.berlios.de)
* Added nxviewer-passwd to distribution. It is a fork of the
tightvnc vncpasswd part, which is necessary for FreeNX to work
with standard vncviewer.
(fabianx@bat.berlios.de)
* Added a Makefile so FreeNX can be build and installed via.
$ make
$ # edit nxloadconfig to point where it should install to
$ make install
Hereby FreeNX is installed to where nxloadconfig points and
static paths in nxredir and nxsmb are adjusted accordingly.
So if you want it to be in /usr/NX/ be sure to apply
gentoo-nomachine.diff first or edit nxloadconfig manually.
(fabianx@bat.berlios.de)
* Added nxacl.sample component. If you copy nxacl.sample to
$PATH_BIN/nxacl you can make as complex acl scenarios as you
want. You have complete control over all data and can deny
any session.
(fabianx@bat.berlios.de)
14.10.2007 FreeNX 0.7.1 "Hip Hop Edition"
* Fixed the issue that makes fonts look tiny and unreadable by default
with freenx and the commercial client. (diamond@google.com)
* Added invalidating of NSCD cache after group and user add.
(diamond@google.com)
* Added better wording with less misunderstanding to dialog of
nxclient for Suspend/Terminate/Close case. (diamond@google.com)
* Added 'dialog_interface=dialog' option since many installations may
not have Xdialog and since xmessage is very limiting. This new option
will work on any machine that has dialog and xterm.
(puterguy@bat.berlios.de)
* Fixed the APPLICATION_LIBRARY_PRELOAD to be just a warning and fixed
the default path. (fabianx@bat.berlios.de)
* Added drivers.cache.all that is reloaded just every 60 minutes.
(puterguy@bat.berlios.de)
* Fixed missing services stop that lead to redundant mounts and still
running cupsd processes.
(puterguy@bat.berlios.de)
* Added support for mount.cifs additionally to the deprecated
smbmount. (fabianx@bat.berlios.de, puterguy@bat.berlios.de)
* Added "host" output to --list to see which user is connected to
which server in case of loadbalancing.
(fabianx@bat.berlios.de, Bastian Kames <kames@ibg-monforts.de>)
* Fixed nxclient -printer to not use commercial client, because its too
slow in case of huge databases like foomatic. (fabianx@bat.berlios.de)
* Removed bad -noautokill option from the nxclient dialog spawning.
(wayneb@bat.berlios.de)
* Added basic support for mirrored sessions.
* The functionality can be used by connecting to VNC session
and choosing to "resume" such a session.
* New configuration key: ENABLE_MIRROR_VIA_VNC=1
* New configuration key: ENABLE_DESKTOP_SHARING=1
(fabianx@bat.berlios.de)
* Fixed some portability issues.
* Fixed nxloadconfig in case that COMMAND_X is not only one word,
like "openssl md5".
* Added usage of "openssl md5" instead of "md5sum" by default.
* Changed perl to COMMAND_PERL.
* Removed rev and replaced the code with efficient awk code.
* Added an outcommented way to also use "POSIX find" for history
cleaning.
(Peter O'Gorman <peter@pogma.com>)
* Fix ownership of $SSH_AUTHORIZED_KEYS in nxkeygen, just in case
it is run without nxsetup.
(fabianx@bat.berlios.de, thx to sambiase on #nx)
* Fixed diverse occurences of $sess_id in nxnode, when hostname
contains whitespace.
(fabianx@bat.berlios.de)
* Fixed setting up KDE_PRINTRC altogether if ENABLE_KDE_CUPS is not 1,
and handles errors better when it is but kde-config is not available
or fails.
(scop@bat.berlios.de)
* Changed unix:$display -> :$display to enable FreeNX usage with newer
xlib in C (used for example by Novell).
(fabianx@bat.berlios.de)
* Enabled 3.0.0 backend with same usage pattern as 2.[0|1].0 backend.
(Shawn Starr <spstarr@kde.org>)
* Bumped version number to 2.1.0-71 to let things like File-sharing
port and auxiliary channels work.
(fabianx@bat.berlios.de)
* Added parsing of aux parameter. This should remove all keyboard
related problems with nxdesktop with 2.[01].0 backend.
(fabianx@bat.berlios.de)
* Renamed nxclient to nxdialog and setup the necessary environment
variable for nxagent to find it.
(fabianx@bat.berlios.de, Thanks to NoMachine for giving this hint)
* Added experimental support for usage of external rdesktop and
vncviewer programs.
This is for example needed for 3.0.0 backend.
(fabianx@bat.berlios.de)
* Changed the default load balancing algorithm to "random"
as the nxcheckload script might not be available.
(fabianx@bat.berlios.de)
* Added ENABLE_CLIPBOARD="none|client|server|both" option
to node.conf to disable, restrict or enable the clipboard
synchronization.
(fabianx@bat.berlios.de)
07.07.2007 FreeNX 0.7.0 "Jornade SPL Edition VI+1"
* Fixed the printing support for CUPS 1.2.
Older versions of CUPS are no longer supported.
* Note: You must do as root:
cp /usr/lib/cups/backend/ipp /usr/lib/cups/backend/nxipp
chmod 755 /usr/lib/cups/backend/nxipp
Or alternatively re-run nxsetup.
* Added foomatic support.
* Note: You might need to do: ln -s /usr/bin/foomatic-ppdfile
/usr/lib/cups/driver/
* Added setting of CUPS_SERVER environment var.
* Added automatic downloading of PPDs, if the client supports it.
* Added configuration vars to tweak the new behaviour.
* Added cups seamless support with no "use this driver?" dialogs at all.
* Note: You need nxcupsd-wrapper on the client side for CUPS 1.2
clients.
Get it from nxutils repository.
* Fixed Support for "Running" sessions - again.
* Made the NXAgent exited with exit code 1 message more verbose.
* Added support for nxipp to nxnode and nxsetup.
* Added nxcups-gethost script for automatic usage in KDE.
* Fixed RDP/VNC sessions. No application should be started for that type.
(Patch by Bernard Cafarelli <voyageur@operamail.com>)
* Added backingstore fix for older clients from Gentoo.
(http://bugs.gentoo.org/show_bug.cgi?id=149298)
* Fixed VNC sessions.
* Fixed fullscreen sessions.
(Patch by Gentoo Bugtracker)
* Fixed --broadcast.
* Added "passwd -u nx" to nxsetup to fix slackware.
* Fixed respecting of enconding settings in case of rootless mode.
* Fixed smb mounting in case nxclient sends the wrong port.
(Patch by Jan Lockenvitz <jan.lockenvitz.ext@siemens.com>)
* Fixed loadbalancing - was still using an undocumented variable.
23.01.2007 FreeNX 0.6.0 "Juliana birthday edition"
* Opened the 0.6.0 branch.
* Added nxnode slave mode.
* General code cleanup.
* Huge cleanup of nxnode.
* Removed "no-x11-forwarding" from keys to allow client to use the
faster interactive sessions.
* Fixed nxsetup automatic testing of sessions and cleared up
explanations.
* Added support for NX 2.0.0 style nxclient dialogs.
* Support for NX 2.0.0 backend in nxloadconfig.
* Fixed cups printing (added username and password).
* Fixed one more stray tail process.
* Added example script for "load" based loadbalancing.
* Fixed spaces in parameters for NX Client 2.0.0.
(ssycplkbocve@spammotel.com)
* Added version 2.1.0 support.
* Fixed LD_LIBRARY_PRELOAD default path in nxloadconfig.
* Fixed nxclient to work with 2.1.0 backend.
* Added autodetection of backend.
01.07.2006 FreeNX 0.5.0 "UKUUG 2006 Edition"
* Opened the 0.5.0 branch.
* Added load balancing.
* Completely removed support for 1.4.0 backend.
* Rootless mode is now the default.
* Reworked nxnode / suspend on connection failure should work now.
* Added support for "Running" sessions.
* Fixed --send command. (Emmanuel Blindauer <freenx@mooby.net>)
* Fixed resume with nxclient >=1.5.0-106 for Windows.
* Fixed rootless sessions with Windows nxclient.
* Fixed keyboard issues by enabling the keybd channel.
* Fixed one more stray tail process and being able to
cleanup after a hopelessly failed reconnection. (i.e. agent died)
* Fixed detection of xauth / netcat. Added option to disable extra
checks.
* Fixed --terminate / --suspend when hostname has a '-' in it.
(Emmanuel Blindauer <freenx@mooby.net>)
* ESD_NO_SPAWN is always set when ESPEAKER is set.
("Felipe Alfaro Solana" <felipe.alfaro@gmail.com>)
* Added perl replacement for 'rev' function on Sun OS 5.10.
* Fixed NODE_AUTOSTART to be unable to block sessions.
* Fixed stale sessions introduced by the new session handling model.
* Added usage of TCP NODELAY option.
* Fixed loadbalancing IP issues.
* Added --force-terminate to remove session info.
Fixed issue with suspend/terminate commands.
* Added correct errorcode 596 instead of 504.
* Implemented "round-robin" and "load" loadbalancing algorithms.
Cleaned up node.conf keys.
* Fixed help for --restart.
* Fixed session_running function, which fixes all remaining stale
session problems.
* Removed termination of nxagent in case of rootless mode.
(Fixes kontact without --nofork)
* Last minute fixes for new functions using rev.
* Added experimental last minute support for NX 2.0.0 backend.
(set ENABLE_2_0_0_BACKEND=1)
XX.XX.2006 FreeNX 0.4.5 "aKademy Edition"
* Made nxsetup more user-friendly and hopefully finally failsafe.
* Added --agent to nxnode/nxserver to allow easier debugging.
* Added addgroup/groupadd to nxsetup
* Added --ignore-errors support on nxsetup/nxloadconfig
* Added check for expect.
06.08.2005 FreeNX 0.4.4 "UKUUG Enterprise Edition"
* Added ENABLE_1_5_0_BACKEND configuration directive:
* Fixed fullscreen support in nxdesktop (still feels more like
'Available Area', but with Ctrl-Alt-F you can get "real"
fullscreen)
* Added COMMAND_MD5SUM directive
* Security: $USER_FAKE_HOME/.nx now gets 0700
* Fixed support for CUPS forwarding.
* Added secure re-transmitting to client.
* Removed grep from getent to not search through the whole database.
(Suggestion by "Matthew S. Harris" <mharris@google.com>,
"Ed Warnicke" <eaw@cisco.com>)
* Set sleeps to 60 instead of 10 seconds, removed one wrong trap.
(Suggestion by "Sunil" <funtoos@yahoo.com>)
* Made automatic timeout configurable.
(Patch by "Ed Warnicke" <eaw@cisco.com>)
* Made nxsetup more enterprise friendly. Added --localuser
(RedHat only) and --gid.
(Based on a patch by "Ed Warnicke" <eaw@cisco.com>)
* Fixed resume of multiple sessions.
28.07.2005 FreeNX 0.4.3 "NoMachine 1.5.0 Edition"
* Fixed reconnection problems with !M 1.5.0 client.
* Fixed reconnection problems with !M 1.5.0 backend.
* Added evaluation of $NX_ETC_DIR/node.conf.d/* config files.
* Fixed a possible security problem. (The client was able
to overwrite parameters set by the server)
* Added ENABLE_1_5_0_BACKEND configuration directive:
* Added support for fake cookie authentication with
!M 1.5.0 client and 1.5.0 backend.
* Fixed nxagent termination problems with !M 1.5.0
backend.
* Added RDP highcolor support for !M 1.5.0 client
with !M 1.5.0 backend.
* Added secure logging - Passwords are no longer shown in log files.
* Security: Certain passwords for VNC/RDP could have been visible via
`ps aux`.
* Added experimental usermode authentication scheme.
(Disabled by default)
16.07.2005 FreeNX 0.4.2 "Solaris / Bugfix / Linux Infotag Pforzheim Edition"
* Removed forwarding support via "freenx.<user>", because it was
buggy.
* Cleaned up lots of code.
* Fixed one case of a left over file.
* Removed one unnecessary usage of a temporary file.
* Added exit handlers in nxserver and nxnode for more stability on
reboot of system.
* Changed nxnode to be much more stable.
* Catched one additional "unclean termination of nxagent"
case, which lead to "zombie" sessions.
* Reworked reconnection support for more stability.
* Added displaying of reconnection failure in
system log / client ssh log.
* Added even more possibilities to catch and report session startup
failures.
* Fixed PNG and JPEG-levels pack method.
* Added usage of netcat -z to check that the port is really not used by
another agent.
* Added nxserver --cleanup, which terminates all running sessions.
Useful after a power outage.
* Fixed nxclient invocation with non-standard installation path
* Added detection of SSH2_CLIENT variable (commercial ssh)
* Finally fixed problems with GNOME.
* FINALLY added Solaris Support Patch.
24.06.2005 FreeNX 0.4.1 "LinuxTag Edition"
* Fixed a small security problem giving access to session database.
* Added support for 1.5.0 OSS components. (especially rootless mode)
* Fixed Filesharing over the Internet. (Thanks to rogierm@users.berlios.de)
* Fixed Resume on Windows with non-fullscreen sessions.
* Added suspend/resume support for 1.5.0 OSS components.
* Fixed display of suspended sessions in nxserver --list.
04.05.2005 FreeNX 0.4.0 "SambaXP Edition"
* Opened the 0.4.0 branch.
* Added initial support for filesharing via samba.
* Improvements to be more node.conf compatible.
* Added COMMAND_NETCAT, COMMAND_SSH & COMMAND_SSH_KEYGEN directive
* Added support for 'nxloadconfig --check' to validate node.conf
settings
* Added initial support for sound (esd/artsd).
* Added optional support for utmp/wtmp/lastlog database.
* Removed support for OSS components prior version 1.4.0 in nxnode.
Added -option option to nxagent/nxdesktop/nxviewer.
* Added forwarding to commercial server via destination port.
* Added more compatible getparam function
* Sets LD_PRELOAD for applications and LD_LIBRARY_PATH for
nxagent/nxproxy by default.
- SET_LD_LIBRARY_PATH replaces NX_NOMACHINE_WAY and is
enabled by default, as it is now safe to do so
* Implemented SSHD_CHECK_IP directive.
* Added the SESSION_HISTORY directive. Session history will by default
be kept for 30 days.
* Implemented DEFAULT_X_WM for unix-application virtual desktop mode.
* Implemented SESSION_LIMIT and SESSION_USER_LIMIT.
* Fixed nxviewer commandline for geometry and fullscreen-support
* Added NX_LOG_LEVEL instead of NX_LOGGING, allowing less verbose
logfile.
* Added SESSION_LOG_CLEAN for configurable removal of the temporary
session directory.
* Added "--ssh2" cmdline switch for commercial ssh2-server support
in nxsetup.
* Added ENABLE_FORCE_ENCRYPTION to enforce the usage of encryption on
the server.
* Added nxprint and added -printer to nxclient together with handling
of drivers cache.
* Fixed a possible race-condition. (reported by Edward Warnicke
<eaw@cisco.com>)
* Feature Request #847 (stderror of some applications to log-file)
* Feature Request #900 (Detect ssh/sshd in nxsetup)
* Added printing support via userspace CUPSd and Samba.
20.03.2005 FreeNX 0.3.1 "Bugfix Edition"
* Fixed keyboard mapping problems.
* Fixed unix-custom mode; now allowing parameters to be passed.
* Fixed password prompt detection support in nxnode-login.
* Fixed locking to prevent usage of the same display.
* Fixed resume when agent is no longer there.
* Fixed error message shown to user, when session startup fails.
* Fixed handling of /tmp/.X*-lock files.
* Fixed handling of not closed sessions in "Terminating" status.
* Fixed resume of multiple suspended sessions.
05.03.2005 FreeNX 0.3.0 "Chemnitzer LinuxTage Edition"
* Initial CVS checkin.
* Added unix-default as session type - by Kalev Lember
<kalev@smartlink.ee>
* Fixed nxclient loop - by "Neil Wilson" <neil@aldur.co.uk>.
* Several fixes by Thorsten Sandfuchs <fux@users.berlios.de>.
* Optional config file support (system- and user-wide)
- by Jon Severinsson <jonno@users.berlios.de>.
* Moved logfile to /var/log/nxserver.log.
* Moved nx homedir to /var/lib/nxserver/home
* Complete rewrite of authentication code
* passdb, su or ssh is now supported.
- by Jon Severinsson <jonno@users.berlios.de>.
* Added NODE_AUTOSTART, EXPORT_{USERIP/SESSIONID} config file
directives.
* Added mechanism to forward connection to commercial NoMachine
nxserver (as available from www.nomachine.com).
* Added mechanism to forward connection to another nxserver. This
allows using a "chain" of nxservers.
* Added "floating window" support by using rootless nxagent as
it will be standard in NX 1.5.0.
* Added "floating window" support by just nxproxy/nxproxy connection
and added configuration directive to enable rootless mode.
* Added nxsetup --uninstall and added more feature to nxsetup.
Note: You need to use nxsetup --install for installation now.
* Added Disabling of port-forwarding, X11-forwarding, ... to ssh-key.
* Security: Fixed a security blunder. Authority file was not used
and so basically xhost +localhost was set. (ported from
0.2.8)
Update immediately.
* Security: Fixed two possible security problems (umask was not set
correctly; ported from 0.2.8)
20.11.2004 FreeNX 0.2.7 "Skolelinux Edition"
* Fix nxserver to work again with KNX-Client. ('\r' is evil)
* Fix timeout in nxnode-login to allow proper session management
again.
* Fixed possible race condition for the wait-file.
11.11.2004 FreeNX 0.2.6
* Security: Fixed a possible exploit in ssh-usage
(thanx to Sebastian Krahmer from the SuSE security team)
* Important: Public/Private key is no longer used for PAM auth mode.
14.10.2004 FreeNX 0.2.5
* Added Xdialog interface for nxclient and automatic usage
of commercial nxclient when available. (Thx go to Rick Stout
<zipsonic@gmail.com>)
* Added bugfix from the 0.3.0 branch for more flexible nxdesktop in
nxnode.
* Added patch by Rick Stout for permission problems in nxnode.
* Added patch by Rick Stout for a typo in nxkeygen.
* Updated gentoo-nomachine.diff.
* Updated CONTRIB to include a description of lazy-image encoding.
11.09.2004 FreeNX 0.2.4
* Added timeout to avoid having hanging tail processes.
* Added "locking" of the display-offset if nxagent failed to start.
* Fixed ssh encryption for resume on client 1.4.0-snapshot 5.
* Fixed mktemp, which was non-portable to FreeBSD and Red Hat 9.
10.09.2004 FreeNX 0.2-3
* Added support for autoreconnection or autoreconnection just
for the case when an older client version is used.
* This makes it possible to use Reconnection with the
stable version 1.3.2-7 (enabled by default)
* Added instructions how to install the NoMachine sources to INSTALL
* Changed $NX_DIR/bin/ssh to ssh to fix gentoo-nomachine.diff
* Added nxkeygen by Stuart Herbert for easier change from the
NoMachine key to another key afterwards.
* Security: Any user was able to change the status of other sessions
in the session database by providing the correct uniqueid.
10.09.2004 FreeNX 0.2-2
* Added additional support for safe session suspend,
autosuspend when network connection times out works now!
* AuthorizedKeysFile cannot be safely determined on Gentoo;
changed it to config option now.
* Added config option to completely disable passdb support.
* Fixed bugs in nxclient dialog frontend.
* Removed all usage of nxssh due to security concerns from SuSE.
* Fixed session management for knx client.
* Added detection of failed nxagent startup.
* Updated the gentoo-nomachine.diff to be not fuzzy.
08.09.2004 FreeNX 0.2-1
* Fixed support for one windows client version.
* Fixed setting of key with --adduser.
(Thanks to Stuart Herbert <stuart@gentoo.org>)
* Fixed _some_ cases for AuthorizedKeysFile in sshd_config.
(Thanks to Peter Holik <peter@holik.at>)
* Fixed gentoo-nomachine.diff (nxnode not in path, but nxnode-login would try that)
* Fixed the bug with hanging tail processes.
07.09.2004 FreeNX 0.2-0
* Reworked the whole security model in nxsetup due to requests from SuSE and Gentoo.
- nxsetup does not use the NoMachine key by default.
- PAM authentication is enabled by default.
* Added nxclient for compatibility with nxclient -dialog mode.
* Minor changes
* Added SSHD_AUTH_PORT to config vars in nxserver
* Made all programs NX_ aware
* Programs do now honor the setting of AuthorizedKeysFile in sshd_config
* Changed nxsetup check from direct reading of passwd to getent
(Thanks to Tom Hibbert <tom@nsp.co.nz>)
* Changed overall messages in nxsetup
* Made a overall clean upstream package.
* Added Gentoo / NoMachine compatibility diff
06.09.2004
* Added pam authentication
* Added user_db switch
* moved some su - to nxnode-login
02.09.2004
* Added support for snapshot 4 (43/66)
* Fixed compatibility issue with 1.3.0
(Used by Knoppix 3.4 and earlier)
* added sane logging (LOGGING is now properly used)
20.06.2004
* Added Protocol version 1.4.0
* Cleanup
* Added missing functions
14.06.2004
* Added Protocol version 1.3.2

116
INSTALL Normal file
View File

@@ -0,0 +1,116 @@
INTRODUCTION
------------
This is the FreeNX server package.
DEPENDENCIES
------------
It depends on:
- NX sources
- X11 libraries
- sshd
- expect
- netcat
NOTE
----
This tarball is intented mainly for distributions, which want to use FreeNX as building the other OpenSource NX components is quite difficult.
In the following sections it is outlined how to install FreeNX as soon as you've build all open source components.
HOWTO MANUALLY INSTALL
----------------------
The easy way:
See: http://mail.kde.org/pipermail/freenx-knx/2007-October/006041.html
The real way:
You must apply the gentoo-nomachine.diff and then copy the files to /usr/NX/bin and /usr/NX/lib.
Here is a howto:
Get all sources except nx-X11-compat.tar.gz from www.nomachine.com/sources.php
Untar all sources, install all dependencies then do:
$ cd nx-X11
$ make World
$ cd ..
$ cd nxproxy
$ ./configure && make
# Libraries
You can use the following schema to do the install to /usr/NX/:
$ NXPREFIX=/usr/NX
$ mkdir -p ${NXPREFIX}/lib ${NXPREFIX}/bin
$ cp -a nx-X11/lib/X11/libX11.so* ${NXPREFIX}/lib
$ cp -a nx-X11/lib/Xext/libXext.so* ${NXPREFIX}/lib
$ cp -a nx-X11/lib/Xrender/libXrender.so* ${NXPREFIX}/lib
$ cp -a nxcomp/libXcomp.so* ${NXPREFIX}/lib
$ cp -a nxcompext/libXcompext.so* ${NXPREFIX}/lib
# binaries
$ cp -a nx-X11/programs/Xserver/nxagent ${NXPREFIX}/bin
$ cp -a nxproxy/nxproxy ${NXPREFIX}/bin
### Now comes the FreeNX part
# build binaries and libs included in FreeNX distribution
$ cd freenx-<version>
$ patch -p0 < gentoo-nomachine.diff
$ make
$ make install
You should also install the nxclient from NoMachine or install Xdialog.
Then you need to run 'nxsetup --install' and follow the instructions given.
Have Fun!
Best regards,
Fabian
--
Old way without Makefile (instead of make; make install):
# nxredir
$ cd nxredir
$ make
$ cd ..
# nxpasswd
$ cd nxviewer-passwd
$ xmkmf
$ make World
$ cd ..
# install binaries included in FreeNX trunk
$ cd nxredir
$ make install
$ cd ..
$ cp -a nxviewer-passwd/nxpasswd/nxpasswd ${NXPREFIX}/bin
# scripts
$ cp nx* ${NXPREFIX}/bin
# config file
$ cp -a freenx*/node.conf.sample ${NXPREFIX}/etc/
SVN: $Id: INSTALL 536 2008-03-27 18:54:08Z fabianx $

95
Makefile Normal file
View File

@@ -0,0 +1,95 @@
.PHONY: all install clean nxenv_install suid_install
SHELL = /bin/bash
# helpers for "install" target
INSTALL_DIR=install -d -m 755
INSTALL_FILE=install -m 644 -C
INSTALL_PROGRAM=install -m 755
INSTALL_SYMLINK=ln -s -f
NX_ETC_DIR ?= /etc/nxserver
PREFIX ?= /usr
PATH_BIN ?= $(PREFIX)/bin
PATH_LIB ?= $(PREFIX)/lib
CUPS_BACKEND ?= $(PREFIX)/lib/cups/backend
PATH_SHARE ?= $(PREFIX)/share
NX_VERSION=`cat VERSION 2>/dev/null`
SUBDIRS=nxredir nxviewer-passwd nx-session-launcher
PROGRAMS=nxcheckload.sample nxdialog.freenx nxkeygen nxnode nxnode-login nxserver nxsetup nx-session-launcher/nx-session-launcher
PROGRAMS_BIN=nxviewer-passwd/nxpasswd/nxpasswd nx-session-launcher/nx-session-launcher-suid
all:
cd nxviewer-passwd && xmkmf && make Makefiles && make depend
export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION NX_ETC_DIR &&\
for i in $(SUBDIRS) ; \
do\
echo "making" all "in $$i..."; \
$(MAKE) -C $$i all || exit 1;\
done
suid_install:
chown nx:root $(DESTDIR)/$(PATH_BIN)/nx-session-launcher-suid
chmod 4755 $(DESTDIR)/$(PATH_BIN)/nx-session-launcher-suid
chown :users $(DESTDIR)/$(NX_ETC_DIR)/ppd
chmod 775 $(DESTDIR)/$(NX_ETC_DIR)/ppd
chown nx:nx $(DESTDIR)/var/lib/nxserver/home/
chown nx:nx $(DESTDIR)/var/lib/nxserver/db/
nxenv_install:
$(INSTALL_DIR) $(DESTDIR)/$(PATH_BIN)/
$(INSTALL_DIR) $(DESTDIR)/$(PATH_LIB)/freenx-server/
$(INSTALL_DIR) $(DESTDIR)/$(NX_ETC_DIR)/
$(INSTALL_FILE) conf/node.conf $(DESTDIR)/$(NX_ETC_DIR)/
$(INSTALL_FILE) data/Xkbmap $(DESTDIR)/$(NX_ETC_DIR)/
$(INSTALL_PROGRAM) data/fixkeyboard $(DESTDIR)/$(NX_ETC_DIR)/
$(INSTALL_PROGRAM) data/Xsession $(DESTDIR)/$(NX_ETC_DIR)/
$(INSTALL_DIR) $(DESTDIR)/$(NX_ETC_DIR)/node.conf.d/
$(INSTALL_FILE) conf/conf.d/*.conf $(DESTDIR)/$(NX_ETC_DIR)/node.conf.d/
$(INSTALL_DIR) $(DESTDIR)/$(NX_ETC_DIR)/acls/
$(INSTALL_FILE) conf/acls/* $(DESTDIR)/$(NX_ETC_DIR)/acls/
install -m775 -gusers -d $(DESTDIR)/$(NX_ETC_DIR)/ppd/
$(INSTALL_DIR) $(DESTDIR)/$(PATH_SHARE)/freenx-server/node.conf.def
$(INSTALL_FILE) node.conf.def/* $(DESTDIR)/$(PATH_SHARE)/freenx-server/node.conf.def/
$(INSTALL_FILE) nxfuncs $(DESTDIR)/$(PATH_SHARE)/freenx-server/
$(INSTALL_DIR) $(DESTDIR)/$(CUPS_BACKEND)/
$(INSTALL_DIR) $(DESTDIR)/etc/logrotate.d/
$(INSTALL_FILE) data/logrotate $(DESTDIR)/etc/logrotate.d/freenx-server
$(INSTALL_DIR) $(DESTDIR)/etc/sudoers.d/
install -m400 data/sudoers.conf $(DESTDIR)/etc/sudoers.d/nxserver
$(INSTALL_DIR) $(DESTDIR)/etc/dbus-1/system.d/
$(INSTALL_FILE) nx-session-launcher/ConsoleKit-NX.conf $(DESTDIR)/etc/dbus-1/system.d/
$(INSTALL_DIR) $(DESTDIR)/var/lib/nxserver/
install -m2750 -d $(DESTDIR)/var/lib/nxserver/home/
install -m2770 -d $(DESTDIR)/var/lib/nxserver/db/
for i in $(PROGRAMS) ;\
do\
$(INSTALL_PROGRAM) $$i $(DESTDIR)/$(PATH_BIN)/ || exit 1;\
done
for i in $(PROGRAMS_BIN) ;\
do\
$(INSTALL_PROGRAM) -s $$i $(DESTDIR)/$(PATH_BIN)/ || exit 1;\
done
$(MAKE) -C nxredir install
#$(MAKE) suid_install
clean:
for i in $(SUBDIRS) ; \
do\
echo "making" clean "in $$i..."; \
if test -e "$$i/Makefile"; \
then $(MAKE) -C $$i clean || exit 1;\
else echo ignoring $$i;\
fi;\
done
rm -f nxviewer-passwd/Makefile.back
rm -f nxviewer-passwd/Makefile
rm -f nxviewer-passwd/nxpasswd/Makefile
rm -f nxviewer-passwd/libvncauth/Makefile
install:
export PATH_BIN PATH_LIB CUPS_BACKEND NX_VERSION NX_ETC_DIR &&\
$(MAKE) nxenv_install

77
README.md Normal file
View File

@@ -0,0 +1,77 @@
# Evolution of classic nx technology - FreeNX
All these years, the classic nx was not as dead as it seemed ;)
It is used in production and develops as fast as it can.
I am very grateful to the developers of the [ArcticaProject/nx-libs](https://github.com/ArcticaProject/nx-libs) for maintaining backward
compatibility and the opportunity to use their libraries instead
of self-assembly.
Compared to the original freenx new features added by community:
- CUPS Server mode: servers's system CUPS used directlty (witch sudo)
and remote printers can be share between users;
- NXACLS in user mode: control of starting specific applications and
their substitution for users and groups;
- Printers and shares multimount: in case multiply sessions from one
client's computer try shares leave while there is at least one running
session;
- Pulseaudio sound: tunnelled, with or without resampling;
- Localization of windows sharenames;
- Control of rootles sessions ending: based on application-process
internal customizable map;
- Reduced connection time;
- Used nxsetting sqlite db (nxsetup --reload or nxsetup --mkdb for update).
Everything got even a little faster;
- vnc and rdp over nx modes running;
- Shadow mode worked also;
- nxshadowacl script functionality moved to existing acl.
Many thanks to Djelf for long consultations on sqlite.
Thats all worked with [opennx ce](https://github.com/dimbor-ru/opennx) liux/windows client, but original nxclient
basicaly alive too (with restrictions).
Debian package home-maded for Devuan ASCII now. There is a suspicion that
under Debian Stretch everything will be fine.
On modern systems with glibc >= 2.28 to run nxclient you must apply [solution](https://github.com/dimbor-ru/freenx-server/issues/5#issuecomment-579694048)
from Djelf (on nxclient side of course).
Code from him to install nxclient 32/64:
#!/bin/sh
mkdir nxclient
cd nxclient
wget http://debian.rot13.org/binary/64.34.161.181/download/3.5.0/Linux/nxclient_3.5.0-7_amd64.deb
#wget http://debian.rot13.org/binary/64.34.161.181/download/3.5.0/Linux/nxclient_3.5.0-7_i386.deb
wget https://github.com/dimbor-ru/freenx-server/files/4128228/nxfixglibc1190.tar.gz
dpkg -i ./nxclient_3.5.0-7_amd64.deb
find /usr/NX/lib -name "libz*" -delete
tar -xvf nxfixglibc1190.tar.gz
#cp ./nxfixglibc1190/x32/nxfixglibc1190.so /usr/NX/lib/nxfixglibc1190.so
cp ./nxfixglibc1190/x64/nxfixglibc1190.so /usr/NX/lib/nxfixglibc1190.so
cp /usr/NX/bin/nxclient /usr/NX/bin/nxclient.bin
echo '#!/bin/sh' > /usr/NX/bin/nxclient
echo 'LD_PRELOAD=/usr/NX/lib/nxfixglibc1190.so /usr/NX/bin/nxclient.bin /$@' >> /usr/NX/bin/nxclient
Solution to use Arctica nx-libs:
#!/bin/sh
find /usr/NX/lib -name "libjpeg*" -delete
find /usr/NX/lib -name "libXcomp*" -delete
ln -s /usr/lib/x86_64-linux-gnu/libjpeg.so /usr/NX/lib/libjpeg.so.62
ln -s /usr/lib/x86_64-linux-gnu/libXcomp.so.3 /usr/NX/lib/libXcomp.so
Archives of old nx stuff you can find [here](http://ftp.disconnected-by-peer.at/NX/)
dimbor. 2022

1
VERSION Normal file
View File

@@ -0,0 +1 @@
3.5.0-2.1.3-CE

32
conf/acls/README Normal file
View File

@@ -0,0 +1,32 @@
# nxacl.app v1.1 Copyleft by dimbor at unixforum.org <i@dimbor.ru>
# Freenx parse ACL-files in NX_ACL_DIR and search user/group permissions
# for given cmdstr. ACL filenames are usernames, groupnames and "all".
# Permissions search order: user - group - all. ACL contain one or more
# strings of regexp-patterns. See examples at existing ACL. Format:
#
# # some comment-string
# [!]CmdTpl [%%% [[!][@@]OnceAppTpl] %%% Prog|"Msg"]
#
# ! - not equal == invert rule
# %%% - fields delimiter
# CmdTpl - startsession command template
# OnceAppTpl - if it not found/found (""/"!") in process-list of user do'nt start session
# @@ - search in process-list of all users (ps ax)
# Prog - string for nxdialog or other x-binary to execute instead session-app
# if "OnceAppTpl" condition is FALSE
#
# Attention!!! Spec-symbols (like ".","$","^") must be escaped twice vs once
# ('\\.' vs '\.'), sorry.
#
# In acl file for any user0 may be addded special CmdTpl named '@shadow@'.
# Format:
#
# @shadow@ %%% user1[,user2[,user3...]]
#
# It means that user0 have permissions to shadow connect to sessions running
# of the users listed in the second field.
#
# user may be described as [#]user[!]
# where '#' means view only mode, '!' - don't ask user for authorization
#
# In the list of users is also allowed keyword 'all'

17
conf/acls/all Normal file
View File

@@ -0,0 +1,17 @@
# ACL for all users, that not mentioned in others ACLS
# Uncomment string below to set communism for them
#.*
# Uncomment below to send them your original message only (bad example)
#.* %%% !.* %%% "Get out, imbecile!"
# the same
#.* %%% %%% "Get out, imbecile!"
# Uncomment below to start very specialy app instead of given (good example ;)
#.* %%% !.* %%% /usr/games/kpat
# Uncomment below if your'e contempt is limited to running standart
# warning app. (WARN_APP from nxacl script.)
# But this is a useless act, because it's installed by default. ;)
#.* %%% !.*

7
conf/acls/dim Normal file
View File

@@ -0,0 +1,7 @@
# ACL for user named <filename>
# start KDE-session only once, else warn.
startkde %%% !startkde %%% "You can have only one KDE-session!"
# start KDE-session only once, else start your script
#startkde %%% !startkde %%% /usr/bin/super-puper-start-with-control KDE

8
conf/acls/odmin Normal file
View File

@@ -0,0 +1,8 @@
# ACL for user named <filename>
# Admin is like a Got. Well, almost...
.*
# Admin have permissions to shadow connect to sessions of all users
# without authorization
@shadow@ %%% all!

8
conf/acls/sveta Normal file
View File

@@ -0,0 +1,8 @@
# ACL for user named <filename>
# could start app 1c.sh if "Alliance" present in own parameters
1c8\\.sh.*Alliance
# user have permissions to shadow connect to sessions of dim and all users
# to all except dim - in view mode only
@shadow@ %%% dim,#all

3
conf/acls/users Normal file
View File

@@ -0,0 +1,3 @@
# ACL for group named <filename>
1c8\\.sh %%% !1cv8 %%% "You can only run one 1C app at a time."

12
conf/conf.d/00-general.conf Normal file
View File

@@ -0,0 +1,12 @@
#########################################################################
# General FreeNX directives
#########################################################################
# The host name which is used by NX server. It's should be used if it's
# different than the default hostname (as returned by `hostname`)
#SERVER_NAME="$(hostname)"
# The node ip which is used by NX Node in unecnrypted session mode.
# Set it if you want to use a specific external ip or the autodetection
# is not working.
#EXTERNAL_PROXY_IP=""

25
conf/conf.d/01-auth.conf Normal file
View File

@@ -0,0 +1,25 @@
#########################################################################
# Authentication / Security directives
#########################################################################
# If enabled forces the user to use encryption. This will bail out
# if the user does not have encryption enabled.
#ENABLE_FORCE_ENCRYPTION=0
# Refuse the NX client connection if SSHD does not export the
# SSH_CONNECTION and SSH_CLIENT variables in the environment
# passed to the NX server.
# 1: Will check the remote IP and will not accept the
# connection if it can't be determined.
# 0: Will accept the connection even if the remote IP
# is not provided.
#SSHD_CHECK_IP=0
# If ENABLE_LOG_FAILED_LOGINS=1 then failed login attempts are logged to the
# system auth.log.
#
# This is useful in combination with tools like fail2ban.
#
# The default is to log failed login attemps via syslog (3).
#
#ENABLE_LOG_FAILED_LOGINS=1

109
conf/conf.d/02-restriction.conf Normal file
View File

@@ -0,0 +1,109 @@
#########################################################################
# Restriction directives
#########################################################################
# The base display number from which sessions are started.
#DISPLAY_BASE=2000
# The maximum number of contemporary sessions that can be run on FreeNX
#SESSION_LIMIT=200
# The maximum number of contemporary sessions that a single user can run
# on FreeNX.
#SESSION_USER_LIMIT=20
# The number of displays reserved for sessions, it has to be greater or equal
# to the maximum number of contemporary sessions that a server can run.
#DISPLAY_LIMIT=200
# User for which sessions should be persistent. Either the keyword "all" or a
# comma-separated list of usernames or groups in the @groupname syntax.
#ENABLE_PERSISTENT_SESSION="all"
# Users and groups for whom persistent sessions should be disabled.
# Especially useful if ENABLE_PERSISTENT_SESSION="all"
#DISABLE_PERSISTENT_SESSION=""
# General nx shadowing
# If ENABLE_SESSION_SHADOWING=1 nxserver will store in db shadow
# cookies
#ENABLE_SESSION_SHADOWING=1
#
# When using NX 3.0 shadowing, this enables asking the user whether
# he authorizes another user to shadow his session
#
# 0: No authorization request will be presented,
# and the session will be shadowed as if the user had approved.
# 1: (default) Ask for authorization
#
#ENABLE_SESSION_SHADOWING_AUTHORIZATION=1
# Allow session shadowing in interactive mode:
#
# 1: The shadowing user can interact with the shadowed session.
#
# 0: The shadowed session is view-only. No interaction with the
# shadowed session is possible.
#
#ENABLE_INTERACTIVE_SESSION_SHADOWING=1
#
# Enable or disable clipboard:
#
# client: The content copied on the client can be pasted inside the
# NX session.
#
# server: The content copied inside the NX session can be pasted
# on the client.
#
# both: The copy&paste operations are allowed both between the
# client and the NX session and vice-versa.
#
# none: The copy&paste operations between the client and the NX
# session are never allowed.
#
#ENABLE_CLIPBOARD="both"
#
# Enable or disable the pulldown dialog, which provides a graphical
# way to suspend or terminate the rootless session:
#
# 1: Enabled. The pulldown menu is shown when the mouse pointer
# moves near the middle of the top boundary of a window and
# allows the user to suspend or terminate the session by means
# of an icon-click.
#
# 0: Disabled. The ctrl+alt+T key combination has to be issued
# to get the dialog for suspending or terminating the session.
#
#ENABLE_PULLDOWN_MENU=1
# If you set ENABLE_ADVANCED_SESSION_CONTROL=1 you can start a new application
# in an already running rootless session by using "add <rest of name>" as
# session name.
#
# Note: The client will return a message on that.
#
#ENABLE_ADVANCED_SESSION_CONTROL=0
# If you set ENABLE_SHOW_RUNNING_SESSIONS=0 then nxserver will only show
# suspended sessions and you will not be able to resume or terminate a running
# session.
# dimbor: for autoreconnect must set to 0
#
#ENABLE_SHOW_RUNNING_SESSIONS=0
# If value of this option not empty (valid dir) "run-acl" system is switch on:
# On session start (node_find_application) called acl check process.
# ACL-files in NX_ACL_DIR describes user/group permissions for given cmdstr.
# ACL filenames are usernames, groupnames and "all". Permissions search order:
# user - group - all. See $NX_ETC_DIR/acls/README for detail
# After change of NX_ACL_DIR running 'nxsetup --mkdb' is required
# Example: NX_ACL_DIR="/etc/nxserver/acls"
#NX_ACL_DIR=""
# Default acl warning message.
#NX_ACL_WARN="Access denied!"

24
conf/conf.d/03-logging.conf Normal file
View File

@@ -0,0 +1,24 @@
#########################################################################
# Logging directives
#########################################################################
# This directives controls the verbosity of the server-wide log.
# 0/1: No Logging/Logging
#NX_LOG_LEVEL=0
# Before turning logging on, please make sure that NX_LOGFILE is
# writeable for the "nx" user
#NX_LOGFILE=/var/log/nxserver.log
# This directive controls if the temporary session directory
# ($HOME/.nx/C-<hostname>-<display>-<session_id>) should be kept after a
# session has ended. A successfully terminated session will be saved as
# T-C-<hostname>-<display>-<session_id> while a failed session will be saved
# as F-C-<hostname>-<display>-<session_id>.
# The default is to cleanup the directories.
#SESSION_LOG_CLEAN=1
# Amount of seconds nxserver is to keep session history. The default of 2592000
# is equivalent to 30 days. If this is 0 no session history will be kept
# and a negative value denotes infinity.
#SESSION_HISTORY=2592000

31
conf/conf.d/04-balancing.conf Normal file
View File

@@ -0,0 +1,31 @@
# LOAD BALANCING
# ==============
#
# To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
# make:
#
# - either sure that all incoming connections are sent to the master
# server by using forwarding directives on the "slave" servers.
#
# - or share the session database space via NFS between the servers.
# (not recommended at the moment as race conditions for DISPLAYs can
# occur)
#
#LOAD_BALANCE_SERVERS=""
# The following load_balance_algorithms are available at the moment:
#
# "load", "round-robin", "random"
#
# For "load" you need a script called nxcheckload in PATH_BIN.
#
# A sample script, which you can change to your needs it shipped with
# FreeNX under the name nxcheckload.sample.
#LOAD_BALANCE_ALGORITHM="random"
# By setting ENABLE_LOADBALANCE=1 you can let users choose their
# preferred host, while being forwarded to another server. Of course
# this is just a preference. The loadbalancing algorithm can completely
# choose to ignore the users choice.
#ENABLE_LOAD_BALANCE_PREFERENCE=0

1
conf/conf.d/05-sound.conf Normal file
View File

@@ -0,0 +1 @@
# is empty

116
conf/conf.d/06-path.conf Normal file
View File

@@ -0,0 +1,116 @@
#########################################################################
# Path directives
#########################################################################
# Add the nx libraries to LD_LIBRARY_PATH before starting nx agents.
# WARNING: This will NOT (and should not) affect applications. ONLY Disable
# this if the nx libraries are in a standard system path (such as /usr/lib)!
#SET_LD_LIBRARY_PATH=0
# The command binary for the default window manager. If set it is run when a
# 'unix-custom' session is requested by the NX Client and an application
# to run is specified. It defaults to empty (ie no WM is run).
# If KILL_DEFAULT_X_WM is set the WM is terminated after the started
# application finishes. Else FreeNX will wait for the WM to complete.
#DEFAULT_X_WM=""
#KILL_DEFAULT_X_WM=1
# When a 'unix-default' session is requested by the client the user's X startup
# script will be run if pressent and executable, otherwise the default X
# session will be run.
# Depending on distribution USER_X_STARTUP_SCRIPT might be .Xclients, .xinitrc
# and .Xsession
# Depending on distribution DEFAULT_X_SESSION might be /etc/X11/xdm/Xsession,
# /etc/X11/Sessions/Xsession or /etc/X11/xinit/xinitrc
#USER_X_STARTUP_SCRIPT=.Xclients
#DEFAULT_X_SESSION=/etc/X11/Xsession
#COMMAND_GDM_X_SESSION="/etc/X11/gdm/Xsession custom"
# When the session is started some distros execute some scripts to get the
# environment ready. Set 1 if you want DEFAULT_X_SESSION to be called before
# executing the session.
#BOOTSTRAP_X_SESSION=0
# The key that contains the name of the script that starts a KDE session.
# It's run when a 'unix-kde' session is requested by the client.
# Default is "startkde"
#COMMAND_START_KDE=startkde
# The key that contains the name of the script that starts a gnome session.
# It's run when a 'unix-gnome' session is requested by the client.
# Default is "gnome-session"
#COMMAND_START_GNOME=gnome-session
# The key that contains the name of the script that starts a CDE session.
# It's run when a 'unix-cde' session is requested by the client.
#COMMAND_START_CDE=cdwm
#COMMAND_NXAGENT=nxagent
# The key that contains the name of the complete path of command name
# 'xterm'. It is run when a unix "xterm" session is requested by the
# client.
#COMMAND_XTERM=xterm
# The key that contains the name of the complete path of command name
# 'xauth'.
#COMMAND_XAUTH=xauth
# The key that contains the name of the complete path of command name
# 'sudo'.
#COMMAND_SUDO=sudo
# The key that contains the name of the complete path of command name
# 'mount'.
#COMMAND_MOUNT_LIST=mount
# The key that contains the name of the complete path of command name
# 'mount.cifs'.
#COMMAND_SMBMOUNT=mount.cifs
# The key that contains the name of the complete path of command name
# 'umount.cifs'.
#COMMAND_SMBUMOUNT=umount
# The key that contains the name of the complete path of the 'netcat' command.
#COMMAND_NETCAT=netcat
# The key that contains the name of the complete path of the 'ssh' and
# 'ssh-keygen' command.
#COMMAND_SSH=ssh
#COMMAND_SSH_KEYGEN=ssh-keygen
# The tool to generate md5sums with
#COMMAND_MD5SUM=md5sum
# The key that contains the name of the complete path of the 'rdesktop' command.
#COMMAND_RDESKTOP=rdesktop
# The key that contains the name of the complete path of the 'vncviewer' command.
#COMMAND_VNCVIEWER=vncviewer
#COMMAND_NXCHECKLOAD="nxcheckload"
# The key that contains the name of the complete path of the 'vncpasswd' command.
# By default the builtin nxpasswd is used.
#COMMAND_VNCPASSWD=nxpasswd
#COMMAND_SESSREG=sessreg
# Command for cp converting
#COMMAND_ICONV=iconv
# Commands for hiding/unhiding passwords
#COMMAND_HIDE=base64
#COMMAND_UNHIDE="base64 -d"
# Command to get process list
#COMMAND_PS=ps
# Commands to pulseaudio control
#COMMAND_PA=pulseaudio
#COMMAND_PACTL=pactl
# Application to display X message.
#COMMAND_XMSG="nxdialog --dialog ok --caption 'freenx server' --message"

42
conf/conf.d/07-misc.conf Normal file
View File

@@ -0,0 +1,42 @@
#########################################################################
# Misc directives
#########################################################################
# When set to 1 this will automatically resume started sessions
#ENABLE_AUTORECONNECT=1
# When set to 1 exports NXUSERIP / NXSESSIONID in nxnode
#EXPORT_USERIP=1
#EXPORT_SESSIONID=1
# This can be set to any executable, which is started after session startup
# like: $NODE_AUTOSTART {start|restore}
#NODE_AUTOSTART=""
# When set to 1 will start nxagent in rootless mode.
#ENABLE_ROOTLESS_MODE=1
# If enabled writes entries via the COMMAND_SESSREG program
# into utmp/wtmp/lastlog database.
# Note: You have to make sure that you add the nx user to the
# utmp or tty group or how its called on your system
# before this directive works.
#ENABLE_USESSION=1
# Extra options to vncviewer command. Default are for tigervnc-viewer
#EXTRA_OPTIONS_RFB="-Shared"
# Extra options to rdesktop command. Default are for xfreerdp
#EXTRA_OPTIONS_RDP="/cert-ignore /kbd:0x00000409 /home-drive +clipboard"
# Time to sleep before calling terminate nxagent
#NODE_APP_WAIT_TIMEOUT=3
# Force terminate session if NODE_APP_WAIT_TIMEOUT ends
#ENABLE_ROOTLESS_TERMINATE_SESSION=0
# In case ENABLE_ROOTLESS_TERMINATE_SESSION=1 if starting apps found
# in APP_WAIT_MAP then appropriate processes will be controlled of.
# Further nxnode will wait for them completion after main app finished.
# Format: "app_name1:sname1[,sname2...][;app_name2:sname3[,sname4...][;...]]"
#APP_WAIT_MAP=""

11
conf/conf.d/08-bash.conf Normal file
View File

@@ -0,0 +1,11 @@
# If SOURCE_SYS_PROFILE is not empty and readable FreeNX will source
# it before application startup as we are kind of a login shell.
# default: /etc/profile
#SOURCE_SYS_PROFILE="/etc/profile"
# If SOURCE_BASH_USER_PROFILE is not empty and readable FreeNX will source
# it before application startup as we are kind of a login shell.
# Please use absolute path or short file name.
# default: .profile
#SOURCE_USER_PROFILE=".profile"

26
conf/conf.d/09-cups.conf Normal file
View File

@@ -0,0 +1,26 @@
# System CUPS with sudo is used.
# put drivers to /etc/nxserver/ppd dir (more info in
# http://unixforum.org/index.php?showforum=89)
# Our own CUPS ppd dir
#NX_PPD_DIR=$NX_ETC_DIR/ppd
# Commands to CUPS control
#COMMAND_LPINFO=lpinfo
#COMMAND_LPSTAT=lpstat
#COMMAND_LPADMIN="lpadmin"
#COMMAND_PPDCAT=/usr/lib/cups/daemon/cups-driverd
#CUPS_DEFAULT_SOCK=/var/run/cups/cups.sock
# for check cups backends only
#CUPS_BACKEND=/usr/lib/cups/backend
#CUPS_IPP_BACKEND=$CUPS_BACKEND/ipp
#CUPS_NXSMB_BACKEND=$CUPS_BACKEND/nxsmb

16
conf/conf.d/10-samba.conf Normal file
View File

@@ -0,0 +1,16 @@
# FreeNX with ENABLE_SAMBA_PRELOAD=1 will automatically setup
# port 445 and 139 and forward them to the used samba port.
#
# This enables samba browsing to the local subnet in for example
# konqueror.
#
#ENABLE_SAMBA_PRELOAD=0
# Additional mount options for mount command (mount.cifs)
#SMB_MOUNT_OPTIONS="vers=2.1,iocharset=utf8,file_mode=0660,dir_mode=0770"
# How to inteprete international symbols in win-client resource-names.
# Contains none,one or more charsets pairs - arguments "[from]>[to]" of iconv command.
# if none, it's equivalent of system charset,
# eg ">cp1252 cp1251>" == "latin1>cp1252 cp1251>UTF-8"
#WIN_CP_CONVERT_CHAIN=""

10
conf/conf.d/11-nxagent.conf Normal file
View File

@@ -0,0 +1,10 @@
#AGENT_EXTRA_OPTIONS_X="-nolisten tcp -dpi 96"
# The number of seconds we wait for the nxagent to start before
# deciding startup has failed
#AGENT_STARTUP_TIMEOUT=15
# The font server the agent will use. If set to "" no font server is used.
# For this to do any good, the client has to have the same font server set
# in /etc/X11/XF86Config
#AGENT_FONT_SERVER=""

10
conf/conf.d/12-nxproxy.conf Normal file
View File

@@ -0,0 +1,10 @@
# Disable or enable use of 'tcp nodelay' on proxy. Old versions of Linux
# kernels have problems using this option on sockets that will cause a loss
# of TCP connections. This option is not set by default to allow clients to
# specify whether to enable or disable TCP nodelay. Setting this option to
# the value of 0 NX proxy avoids using 'tcp nodelay' but it will cause a
# loss of interaction in sessions.
#PROXY_TCP_NODELAY=""
# Extra options to nxproxy. See !M documentation for useful parameters.
#PROXY_EXTRA_OPTIONS=""

8
conf/conf.d/50-numlockx.conf Normal file
View File

@@ -0,0 +1,8 @@
# Binary filename provides numlockx
#NUMLOCKX=numlockx
# numlockx run strategy. valid value are:
# 'on' -- run 'numlockx on' at session startup
# 'off' -- run 'numlockx off' at session startup
# 'system' -- default. don't run numlockx
#NUMLOCK_METHOD="system"

1
conf/node.conf Normal file
View File

@@ -0,0 +1 @@
# See /etc/nxserver/node.conf.d/*.conf

22
data/99-debian-dimbor.conf Normal file
View File

@@ -0,0 +1,22 @@
# kill warnings
COMMAND_START_CDE="/bin/false"
COMMAND_START_KDE="/bin/false"
COMMAND_START_GNOME="/bin/false"
# my settings
DISPLAY_BASE=4000
WIN_CP_CONVERT_CHAIN=">cp1252 cp1251>"
#ENABLE_DIRECT_NATIVE_PA_CHECK="1"
NX_LOG_LEVEL=1
SESSION_LOG_CLEAN=0
COMMAND_XTERM="/usr/bin/xfce4-terminal --hide-menubar --geometry 80x40"
#AGENT_EXTRA_OPTIONS_X="-nolisten tcp -dpi 120"
#AGENT_EXTRA_OPTIONS_X="-forcenx"
EXTERNAL_PROXY_IP="192.168.1.86"
ENABLE_ROOTLESS_TERMINATE_SESSION="1"
NODE_APP_WAIT_TIMEOUT="2"
APP_WAIT_MAP="1c8.sh:1cv8s;test.sh:xfce4-terminal"

2
data/Xkbmap Normal file
View File

@@ -0,0 +1,2 @@
-layout en_US,ru(winkeys)
-option grp:ctrl_shift_toggle,grp_led:scroll

222
data/Xsession Executable file
View File

@@ -0,0 +1,222 @@
#!/bin/bash -login
#
# Copyright (C) 2002-2006 Dmitry V. Levin <ldv@altlinux.org>
#
# Traditional X session start script.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
#
PROG="${0##*/}"
if [ -z "$DISPLAY" ]; then
echo "$PROG: \$DISPLAY undefined." >&2
exit 1
fi
# Emulate which(1) internally.
absolute()
{
local WHICH
[ -n "$1" ] || return 1
WHICH="$(type -p "$1")" || return 1
[ "$WHICH" != "${WHICH##/}" ] || return 1
[ -x "$WHICH" ] || return 1
printf %s "$WHICH"
}
SourceIfNotEmpty()
{
local f="$1"
shift
[ -s "$f" ] && . "$f" "$@"
}
RunIfExecutable()
{
local f="$1"
shift
f="$(absolute "$f")" && [ -x "$f" ] && "$f" "$@"
}
ExecIfExecutable()
{
local f="$1"
shift
f="$(absolute "$f")" && [ -x "$f" ] && exec "$f" "$@"
}
f="$HOME/.xsession-errors"
[ -z "${DISPLAY##:*}" ] && f="$f$DISPLAY" || f="$f-$DISPLAY"
# Redirect errors to a file.
for errfile in "$f" "$HOME/.xsession-errors"; do
if install -m600 /dev/null "$errfile" 2>/dev/null; then
exec &>"$errfile"
break
fi
done
unset f
echo "Running $PROG[$$] $*"
if [ $# -ge 1 ]; then
# Clean up after xbanner.
RunIfExecutable freetemp
else
# ALT default background and cursor.
xsetroot -solid "#666699"
xsetroot -cursor_name left_ptr
fi
if [ -n "$LANGUAGE" ]; then
try_lang="$LANGUAGE"
elif [ -n "$LANG" ]; then
try_lang="$LANG"
else
try_lang=
fi
Xrdb()
{
if [ -s "$1" ]; then
xrdb -merge "$1"
return 0
else
return 1
fi
}
MergeResources()
{
local f
for f in "$@"; do
Xrdb "$f"
local found=
local n
for n in `printf %s "$try_lang" |tr : ' '`; do
n1="${n%.*}"
n2="${n1%_*}"
Xrdb "$f.$n2" && found=1
Xrdb "$f.$n1" && found=1
Xrdb "$f.$n" && found=1
[ -z "$found" ] || break
done
done
}
# Merge in defaults and keymaps.
if [ -d /etc/X11/Xresources ]; then
Xresources_d=$(ls /etc/X11/Xresources)
MergeResources $Xresources_d "$HOME/.Xresources" "$HOME/.Xdefaults"
else
MergeResources /etc/X11/Xresources "$HOME/.Xresources" "$HOME/.Xdefaults"
fi
TryXBrowser()
{
local n
for n in "$@"; do
if n=`absolute "$n"`; then
export BROWSER="$n"
break
fi
done
return 0
}
TryTextBrowser()
{
local n
for n in "$@"; do
if n=`absolute "$n"`; then
export BROWSER="xvt -e $n"
break
fi
done
return 0
}
# We need to set default browser.
# Window manager may redefine this setting.
if [ -z "$BROWSER" ] || [ ! -x "$BROWSER" ]; then
TryXBrowser xbrowser mozilla firefox konqueror
fi
if [ -z "$BROWSER" ] || [ ! -x "$BROWSER" ]; then
TryTextBrowser browser links lynx
fi
if [ -z "$BROWSER" ] || [ ! -x "$BROWSER" ]; then
export BROWSER=
fi
export HELP_BROWSER="$BROWSER"
# Source shell scripts from user ~/.xprofile
SourceIfNotEmpty "$HOME"/.xprofile "$@"
# Run system scripts from /etc/X11/xinit.d/
for f in /etc/X11/xinit.d/*; do
# Don't run *.rpm* and *~ scripts
[ "${f%.rpm*}" = "$f" -a "${f%\~}" = "$f" ] || continue
if [ -x "$f" ]; then
"$f" &
fi
done
# Run user scripts from ~/.xsession.d/
for f in "$HOME"/.xsession.d/*; do
# Don't run *.rpm* and *~ scripts
[ "${f%.rpm*}" = "$f" -a "${f%\~}" = "$f" ] || continue
if [ -x "$f" ]; then
"$f" &
fi
done
unset f
RunIfExecutable /etc/nxserver/fixkeyboard
RunIfExecutable /etc/X11/xinit/xrandrrc
RunIfExecutable /etc/X11/xinit/fixkeyboard
RunIfExecutable /etc/X11/xinit/XIM
CMD=""
#ssh-agent doesnt start
[ -z "$SSH_AGENT_PID" ] && CMD="$CMD /usr/bin/ssh-agent"
[ -z "$DBUS_SESSION_BUS_ADDRESS" ] && CMD="$CMD /usr/bin/dbus-launch --exit-with-session"
if [ $# -ge 1 ]; then
$CMD "$@"
else
# Try user defined action.
RunIfExecutable "$HOME/.xsession"
RunIfExecutable "$HOME/.Xclients"
# Try WM Selector.
RunIfExecutable wm-select
# Try WM Manager.
RunIfExecutable wmselect
# Try default from runwm.
runwm default
fi

19
data/fixkeyboard Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/sh
# Startup script called from /etc/X11/Xsession and /etc/X11/xdm/Xsetup_0
# to adjust keyboard.
usermodmap="$HOME/.Xmodmap"
userxkbmap="$HOME/.Xkbmap"
sysmodmap=/etc/nxserver/Xmodmap
sysxkbmap=/etc/nxserver/Xkbmap
if xdpyinfo |fgrep -qs XKEYBOARD; then
[ -s "$sysxkbmap" ] && setxkbmap `cat "$sysxkbmap"`
[ -s "$userxkbmap" ] && setxkbmap `cat "$userxkbmap"`
fi
[ -s $sysmodmap ] && xmodmap "$sysmodmap"
[ -s $usermodmap ] && xmodmap "$usermodmap"
exit 0

8
data/logrotate Normal file
View File

@@ -0,0 +1,8 @@
/var/log/nxserver.log {
rotate 4
size=1M
notifempty
missingok
sharedscripts
copytruncate
}

11
data/sudoers.conf Normal file
View File

@@ -0,0 +1,11 @@
Defaults:nx targetpw,passwd_tries=1,timestamp_timeout=0.3,umask=0777
nx ALL= (%users) /bin/bash -c /usr/bin/nxnode *
User_Alias ADMINS = %nxadmin
User_Alias USERS = %users
ADMINS ALL= NOPASSWD: /bin/bash -c /usr/bin/nxserver --admin
USERS ALL= NOPASSWD: /usr/sbin/lpadmin
USERS ALL= NOPASSWD: /sbin/mount.cifs
USERS ALL= NOPASSWD: /bin/umount

22
data/terminate-suspend-nx.sh Executable file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
[ -e /etc/sysconfig/freenx-server ] && . /etc/sysconfig/freenx-server
SESSION_TTL=${SESSION_TTL:-3600}
nxdir="/var/lib/nxserver/db/running"
nxserver="/usr/bin/nxserver"
if [ -d "$nxdir" -a $SESSION_TTL -gt 0 ] ; then
for f in `ls $nxdir` ; do
sessiontype=`cat $nxdir/$f | grep status | cut -d= -f2`
user=`cat $nxdir/$f | grep userName | cut -d= -f2`
sessiontime=`cat $nxdir/$f | grep creationTime | cut -d= -f2`
sessionid=`cat $nxdir/$f | grep sessionId | cut -d= -f2`
criticaltime=$(expr `date +%s` - $SESSION_TTL)
if [ $sessiontime -lt $criticaltime ] ; then
if [ $sessiontype = "Suspended" ] ; then
$nxserver --terminate $sessionid
fi
fi
done
fi

8
debian/README.Debian vendored Normal file
View File

@@ -0,0 +1,8 @@
freenx for Debian
Please edit this to provide information specific to
this freenx Debian package.
(Automatically generated by debmake Version 4.2.9)
-- Dmitry Borisov <i@dimbor.ru> Fri, 27 Dec 2019 00:21:36 +0300

37
debian/changelog vendored Normal file
View File

@@ -0,0 +1,37 @@
freenx-server (2.1.3) UNRELEASED; urgency=low
* Fixing a funny misunderstanding with localization.
-- Dmitry Borisov <i@dimbor.ru> Wed, 08 Nov 2023 02:40:25 +0300
freenx-server (2.1.2) UNRELEASED; urgency=low
* Fix ACL parsing (no globbing).
-- Dmitry Borisov <i@dimbor.ru> Tue, 05 Sep 2023 06:48:35 +0300
freenx-server (2.1.1) UNRELEASED; urgency=low
* Shadow mode add view only on client request.
* nxshadowacl add new keyword 'all'.
-- Dmitry Borisov <i@dimbor.ru> Sun, 19 Jun 2022 12:07:23 +0300
freenx-server (2.1.0) UNRELEASED; urgency=low
* Shadow mode is worked now.
* Readd nxshadowacl functionality.
-- Dmitry Borisov <i@dimbor.ru> Thu, 16 Jun 2022 22:39:43 +0300
freenx-server (2.0.0) UNRELEASED; urgency=low
* Release with sqlite3 db engine.
-- Dmitry Borisov <i@dimbor.ru> Fri, 27 May 2022 20:04:11 +0300
freenx-server (1.0.0) UNRELEASED; urgency=low
* Initial release.
-- Dmitry Borisov <i@dimbor.ru> Fri, 27 Dec 2019 00:21:36 +0300

1
debian/compat vendored Normal file
View File

@@ -0,0 +1 @@
9

36
debian/control vendored Normal file
View File

@@ -0,0 +1,36 @@
Source: freenx-server
Section: x11
Priority: optional
Maintainer: Dmitry Borisov <i@dimbor.ru>
Build-Depends: debhelper (>=9), xutils-dev
Standards-Version: 3.9.8
Homepage: https://unixforum.org/viewforum.php?f=89
Package: freenx-server
Architecture: any
Multi-Arch: foreign
Depends:
openssh-server,
libnx-x11-6 (>= 3.5.0),
libxcomp3 (>= 3.5.0),
nxagent (>= 3.5.0),
nxproxy (>= 3.5.0),
expect,
sudo,
zenity,
x11-xserver-utils,
x11-xkb-utils,
x11-utils,
gettext,
sqlite3
Recommends: cups, samba, pulseaudio, tigervnc-viewer, freerdp-x11
Description: Evolution of Freenx application/thin-client server
Freenx is an application/thin-client server based on nx technology.
NoMachine nx is the next-generation X compression and roundtrip suppression
scheme. It can operate remote X11 sessions over 56k modem dialup links
or anything better. This package contains a free (GPL) implementation
of the nxserver component.
Added features of community: printers/shares multimount, cups-server
system mode, direct and tunnelled pulseaudio sound, acls on user's level
... etc. Thats all worked with opennx ce client, but original nxclient
basicaly alive too.

347
debian/copyright vendored Normal file
View File

@@ -0,0 +1,347 @@
This package was debianized by Dmitry Borisov <i@dimbor.ru> on
Copyright: 2005 Fabian Franz <freenx@fabian-franz.de>
2005 Jon Severinsson <jonno@users.berlios.de>
2008-2019 Dmitry Borisov <i@dimbor.ru>
License: GPL-2.0
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
.
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
.
Preamble
.
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
.
The precise terms and conditions for copying, distribution and
modification follow.
.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
.
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
.
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
.
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
.
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
.
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
.
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
.
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
.
NO WARRANTY
.
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
.
END OF TERMS AND CONDITIONS
.
How to Apply These Terms to Your New Programs
.
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
.
.
Also add information on how to contact you by electronic and paper mail.
.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
.
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
.
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
.
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

49
debian/freenx-server.postinst vendored Normal file
View File

@@ -0,0 +1,49 @@
#!/bin/sh
# postinst script for opennx
#
# see: dh_installdeb(1)
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
configure|triggered)
PBIN="/usr/bin"
groupadd nx 2>/dev/null
groupadd nxadmin 2>/dev/null
useradd -g nx -G utmp -d /var/lib/nxserver/home/ \
-s $PBIN/nxserver -c "NX System User" nx 2>/dev/null
chown nx:root $PBIN/nx-session-launcher-suid
chmod 4755 $PBIN/nx-session-launcher-suid
chown :users /etc/nxserver/ppd
chown nx:nx /var/lib/nxserver/home
chown nx:nx /var/lib/nxserver/db
sessdb="/var/lib/nxserver/db/sessions.sq3"
[ -f "$sessdb" ] && rm -f "$sessdb" 2>/dev/null
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

6
debian/rules vendored Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/make -f
export DH_VERBOSE=1
%:
dh $@

1
debian/source/format vendored Normal file
View File

@@ -0,0 +1 @@
3.0 (native)

4
dists/alt/99-altlinux.conf Normal file
View File

@@ -0,0 +1,4 @@
# override defaualts for altlinux
CUPS_ETC=/usr/share/cups/mime
DEFAULT_X_SESSION=/etc/X11/Xsession
COMMAND_START_GNOME="startgnome2"

440
dists/alt/rx-etersoft.spec Normal file
View File

@@ -0,0 +1,440 @@
%define cups_root %_prefix/lib
%define oname freenx-server
Name: rx-etersoft
Version: 1.1.1
Release: alt13
Summary: Freenx application/thin-client server
Group: Networking/Remote access
License: GPLv2
Url: http://wiki.etersoft.ru/RX
Packager: Denis Baranov <baraka@etersoft.ru>
Source: ftp://updates.etersoft.ru/pub/Etersoft/RX@Etersoft/unstable/sources/tarball/%oname-%version.tar.bz2
Source1: %oname.init
Source2: %oname.outformat
Source6: sudoers.conf
Source8: terminate-suspend-nx.sh
Source10: 99-altlinux.conf
Obsoletes: freenx
Provides: freenx = %version
Obsoletes: %oname
Provides: %oname = %version
Requires: nx
Requires: openssl
Requires: netcat
Requires: expect
Requires: foomatic-db-engine
Requires: zenity
%if %_vendor == "alt"
Requires: dbus-tools-gui
# FIXME: it needs for strings command, need to be removed
Requires: binutils
#Requires: Xdialog
# FIXME: for which purposes?
#Requires: /usr/bin/xvt
%endif
BuildPreReq: rpm-build-intro
BuildRequires: imake xorg-cf-files gccmakedep xauth openssh-server
%description
Freenx is an application/thin-client server based on nx technology.
NoMachine nx is the next-generation X compression and roundtrip suppression
scheme. It can operate remote X11 sessions over 56k modem dialup links
or anything better. This package contains a free (GPL) implementation
of the nxserver component.
%prep
%setup -n %oname-%version
# wrong install path
%__subst "s|/usr/lib|%_libdir|g" nxredir/Makefile
%__subst "s|%_libdir/cups|%cups_root/cups|g" Makefile
# install use nxloadconfig
%__subst "s|/usr/lib|%_libdir|g" nxloadconfig
%__subst "s|%_libdir/cups|%cups_root/cups|g" nxloadconfig
%__subst "s|\$NX_DIR/lib|%_libdir|g" nxloadconfig
# nxredir nxsmb
%__subst "s|/usr/lib|%_libdir|g" nxredir/nxredir
%__subst "s|/usr/lib|%_libdir|g" nxredir/nxsmb
%__subst "s|/usr/lib|%_libdir|g" %SOURCE10
%__subst "s|%_libdir/cups|%cups_root/cups|g" nxredir/nxsmb
%build
%make_build
%install
%makeinstall_std
mkdir -p %buildroot%_bindir/
mkdir -p %buildroot%_var/lib/nxserver/home/
mkdir -p %buildroot%_var/lib/nxserver/db/
mkdir -p %buildroot%_sysconfdir/nxserver/node.conf.d/
mkdir -p %buildroot%_sysconfdir/nxserver/acls/
mkdir -p %buildroot%_datadir/%oname/node.conf.d/
mkdir -p %buildroot%_sysconfdir/sysconfig/
echo "# See /etc/nxserver/node.conf.d/*.conf" > node.conf
install -m755 rxsetup %buildroot%_bindir/
install -Dp -m755 %SOURCE1 %buildroot%_initdir/%oname
install -Dp -m755 data/fixkeyboard %buildroot%_sysconfdir/nxserver/fixkeyboard
install -Dp -m755 data/Xsession %buildroot%_sysconfdir/nxserver/Xsession
install -Dp -m644 data/Xkbmap %buildroot%_sysconfdir/nxserver/Xkbmap
install -Dp -m400 %SOURCE6 %buildroot%_sysconfdir/sudoers.d/nxserver
install -Dp -m700 %SOURCE8 %buildroot%_bindir/terminate-suspend-nx
install -Dp -m644 node.conf %buildroot%_sysconfdir/nxserver/node.conf
install -m644 conf/conf.d/*.conf %buildroot%_datadir/%oname/node.conf.d
install -m644 conf/conf.d/*.conf %buildroot%_sysconfdir/nxserver/node.conf.d
install -m644 conf/acls/* %buildroot%_sysconfdir/nxserver/acls
%if %_vendor == "alt"
install -m644 %SOURCE10 %buildroot%_sysconfdir/nxserver/node.conf.d/
%else
install -m755 %SOURCE2 %buildroot%_initdir/
%endif
install -Dp -m644 data/logrotate %buildroot%_sysconfdir/logrotate.d/freenx-server
install -Dp -m644 nx-session-launcher/ConsoleKit-NX.conf %buildroot%_sysconfdir/dbus-1/system.d/ConsoleKit-NX.conf
mv nx-session-launcher/README nx-session-launcher/README.suid
cat >> %buildroot%_sysconfdir/sysconfig/%oname << EOF
#Time to live SUSPENDED freenx session in seconds for cron task.
#If not set default value is 3600.
#Cron task enable if value greater than 0.
SESSION_TTL=0
EOF
%pre
%groupadd nx 2> /dev/null ||:
%useradd -g nx -G utmp -d /var/lib/nxserver/home/ -s %_bindir/nxserver \
-c "NX System User" nx 2> /dev/null ||:
# FIXME: remove it strange code
if [ ! -d %_datadir/fonts/misc ] && [ ! -e %_datadir/fonts/misc ] && [ -d %_datadir/fonts/bitmap/misc ]
then
ln -s %_datadir/fonts/bitmap/misc %_datadir/fonts/misc
fi
%files
%doc AUTHORS ChangeLog CONTRIB nxcheckload.sample node.conf.sample nx-session-launcher/README.suid
%dir %_sysconfdir/nxserver/
%dir %_sysconfdir/nxserver/node.conf.d/
%dir %_sysconfdir/nxserver/acls/
%config(noreplace) %_sysconfdir/nxserver/node.conf
%config(noreplace) %_sysconfdir/nxserver/node.conf.d/*
%config(noreplace) %_sysconfdir/nxserver/acls/*
%_sysconfdir/nxserver/node.conf.sample
%config(noreplace) %_sysconfdir/logrotate.d/freenx-server
%attr(0400,root,root) %config %_sysconfdir/sudoers.d/nxserver
%config(noreplace) %_sysconfdir/dbus-1/system.d/ConsoleKit-NX.conf
%config(noreplace) %_sysconfdir/nxserver/Xkbmap
%_sysconfdir/nxserver/fixkeyboard
%_sysconfdir/nxserver/Xsession
%config(noreplace) %_sysconfdir/sysconfig/%oname
%_sysconfdir/cron.hourly/terminate-suspend-nx.sh
%_initdir/%oname
%if %_vendor == "alt"
%else
%_initdir/%oname.outformat
%endif
%attr(4711,nx,root) %_bindir/nx-session-launcher-suid
%_bindir/nx*
%_bindir/rxsetup
%dir %_libdir/%oname/
%attr(755,root,root) %_libdir/%oname/libnxredir.so.0
%cups_root/cups/backend/nx*
%attr(2750,nx,nx) %_var/lib/nxserver/home/
%attr(2750,root,nx) %_var/lib/nxserver/db/
%_datadir/%oname/
%changelog
* Fri Oct 21 2011 Denis Baranov <baraka@altlinux.ru> 1.1.1-alt13
- add nx-3.5.0 version in check function (eterbug #7728)
* Thu Sep 01 2011 Denis Baranov <baraka@altlinux.ru> 1.1.1-alt12
- fix requires
* Thu Aug 04 2011 Denis Baranov <baraka@altlinux.ru> 1.1.1-alt11
- add start kill suspend script every 10 min
- move sudo settings to sudoers.d folder
* Fri Jan 14 2011 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt10
- Fix error with zenity
- Add message when folder not mount
* Thu Jan 06 2011 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt9
- rxsetup: add check for expect
- fix error on mount folder with empty password
- fix rxsetup log path
- nxnode: logging is a little faster
- fix endless cycle in node_start_applications()
- new algorithm of share mounting (--smbmount)
- chg start-modes of share/printer adding
- norm_param(): check for iconv, logging switch off
- fix Makefile: add nxacl.app to
- smile acl syntax fix
- upd config to acls check
- add code&configs to acls check
* Thu Dec 16 2010 Vitaly Lipatov <lav@altlinux.ru> 1.1.1-alt8
- cleanup spec
- change SMB_MOUNT_OPTIONS again, change links to unixforum.org
- converting smb/cifs resurce-names
- fix check_remote_printer()
- fix for kde4 (merge with git.alt)
- fix node_umount_smb()
- new code to ENABLE_SHARE_MULTIMOUNT=1 or
- nxlog tunning
- rxsetup: disable direct dependency to /etc/init.d (missed on ALT)
- rxsetup write output into log
- update sudoers.conf
* Tue Oct 12 2010 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt7
- load config files from node.conf.d/ only *.conf
* Mon Oct 11 2010 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt6
- add autodetect KDE4 by default in conf
- clean node.conf, all values must be override from /etc/nxserver/node.conf.d/*.conf
* Thu Oct 07 2010 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt5
- change COMMAND_MD5SUM on md5sum
- add in config default DPI=96 (eterbug#6112)
* Thu Oct 07 2010 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt4
- fix build requeries
* Fri Oct 01 2010 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt3
- fix requeries
* Fri Jul 30 2010 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt2
- add support zenity for dialog interface
- add requires zenity
* Mon Jul 26 2010 Denis Baranov <baraka@etersoft.ru> 1.1.1-alt1
- release RX@Etersoft 1.1.1
* Sun Jul 25 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt24
- fix printer forwarding (thx to dimbor and unixforum)
- nxlog now always return '0'
* Mon Jul 12 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt23
- fix double slashes in nxsmb and nxredir (thx to dimbor)
* Sun Jul 11 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt22
- Added rxsetup script
- Fixed config replacement
- fix restore session after suspend (eterbug #5704)
- do not source /etc/X11/profile.d/* in freenx Xsession
* Sun Feb 14 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt21
- move default config set to %_datadir/%name/node.conf.d.
All values must be override from /etc/nxserver/node.conf
and /etc/nxserver/node.conf.d
* Sun Jan 31 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt20.1
- fix defaults for all
- add 100-altlinux.conf with ALTLinux defaults
* Sun Jan 31 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt20
- move all config values form node.conf to %_sysconfdir/nxserver/node.conf.d/*.conf
* Sun Jan 03 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt19.7
- fix permission on /tmp/.X11-unix after creating (fix eter#4653)
* Sun Jan 03 2010 Boris Savelev <boris@altlinux.org> 0.7.4-alt19.6
- fix NETCAT_COMMAND running (fix eter#3818)
- add additional config for profile including during node startup ('on' by default)
* Tue Dec 29 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt19.5
- fix COMMAND_START_GNOME for ALTLinux (fix eter#4725)
- don't start numlockx during session startup by default. Add additional config for numlockx
* Wed Dec 02 2009 Eugeny A. Rostovtsev (REAL) <real at altlinux.org> 0.7.4-alt19.4.1
- Rebuilt with python 2.6
* Fri Nov 20 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt19.4
- disable terminate-suspend-nx.sh cron task by default
* Thu Nov 12 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt19.3
- add Requires schedutils for ALT-system (fix eter#4421)
- add cron-script for terminate suspended sessions (fix eter#4436)
* Wed Oct 07 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt19.2
- fix perm on nxserver sudo config (closes: #21860)
* Tue Oct 06 2009 Vitaly Lipatov <lav@altlinux.ru> 0.7.4-alt19.1
- fix mount-additional.conf packing
* Wed Sep 30 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt19
- add patch for Server mode CUPS
and SMB per-user share mount (from dimbor)
* Tue Sep 22 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.12
- fix CUPSLogLevel config parser
* Thu Jul 30 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.11
- fix restoring suspended sessions
* Wed Jul 29 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.10
- fix new bash regexp syntax
* Wed Jul 29 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.9
- fix new bash regexp syntax
* Mon Jul 27 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.8
- add patch from Mario Becroft (increase nxserver work speed)
* Mon Jul 27 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.7
- increase timeout for hangup session
* Tue Jul 21 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.6
- fix typo in nxnode
* Tue Jul 21 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.5
- fix typo in nxnode. Affected non-ALT systems
* Tue Jul 14 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.4
- add additional conf for mount share and CUPS
* Sat Jun 13 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.3
- xrdb merge /etc/X11/Xresources on startup
* Tue Jun 09 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.2
- use %_bindir/xvt if possible for ALT (ALT#20381)
* Sat Jun 06 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18.1
- add requires Xdialog (ALT#20325)
* Sat Apr 11 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt18
- include patch from Jeffrey J. Kosowsky for CUPS
* Thu Apr 09 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt17
- 2 small fixes
- move fixkeyboard and etc to /etc/nxserver
* Tue Mar 10 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt16.1
- fix COMMAND_SMBMOUNT redifines
* Tue Mar 10 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt16
- build with for new nx
* Sat Mar 07 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt15
- force umount
- merge with teambzr upstream
* Fri Feb 27 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt14
- fix export CUPS_SERVER with Win-client
* Thu Feb 26 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt13
- don't use Xsession for start desktop
* Wed Feb 25 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt12
- move libnxredir to %%_libdir/%name
- check for first run in init-script
* Wed Feb 25 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt11
- add bungle for fixkeyboard
- fix perm on libnxredir (hack, will be fixed soon)
* Sun Feb 22 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt10
- logrotate rule.
- add LSB header.
- patches from Ubuntu.
- implementation of guest login.
- nx-session-launcher:
+ add DBUS rules
+ fix permission on nx-session-launcher-suid
+ add README for nx-session-launcher
* Fri Feb 20 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt9
- fix nxloadconfig for Etersoft SHARE_FAST_MOUNT
* Thu Feb 19 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt8
- fix eterbug #3226 (patch from horch)
- add sleeping wait for valid display (fixkeyboard fails)
* Thu Jan 08 2009 Boris Savelev <boris@altlinux.org> 0.7.4-alt7
- fix path to cups backends on x86_64 (alt bug #18462)
- fix path to LOCKDIR on Debian (eter bug #3094)
* Tue Dec 16 2008 Boris Savelev <boris@altlinux.org> 0.7.4-alt6
- fix path to cups
- run "numlockx on" on session start
* Sun Nov 23 2008 Boris Savelev <boris@altlinux.org> 0.7.4-alt5
- fix permission on nx homedir
* Sat Nov 22 2008 Boris Savelev <boris@altlinux.org> 0.7.4-alt4
- add support nx 3.3
* Tue Nov 11 2008 Boris Savelev <boris@altlinux.org> 0.7.4-alt3
- add /var/lib/nxserver
* Fri Sep 05 2008 Boris Savelev <boris@altlinux.org> 0.7.4-alt2
- Fixed non-encrypted session mode. You might need to set EXTERNAL_PROXY_IP in node.conf.
* Thu Aug 28 2008 Boris Savelev <boris@altlinux.org> 0.7.4-alt1
- Opened the 0.7.4 development.
- Fixed missing export of NX_ETC_DIR in Makefile, so node.conf.sample is installed correctly.
- Fixed broken round-robin load balance algorithm.
- Fixed --terminate|--suspend|--force-terminate for load balancing case.
- Fixed --terminate|--suspend|--force-terminate for usermode case.
* Sat Aug 23 2008 Boris Savelev <boris@altlinux.org> 0.7.3-alt3
- Changed type for external agents to windows-helper or vnc-helper so that those sessions can be mirrored / shadowed as well.
- Added nxshadowacl.sample component to be able to shadow foreign sessions.
- Prepared shadowing foreign users for VNC-shadowing.
- Added shadow support to --listsession command.
- Added shadow mode as nxagent target.
- Fixed shadow mode and made it usable.
* Mon Aug 18 2008 Boris Savelev <boris@altlinux.org> 0.7.3-alt2
- Build from git
- Finally checked for all service ports. (cups, media, samba) and also checked it on the host where the load balancing actually leads to.
- Fixed broken fallback logic if SSH_CLIENT variables cannot be read correctly.
- Overhauled the usermode:
- There are now two modes of operation.
- One statically setting the ENABLE_USERMODE_AUTHENTICATION key in node.conf. (old behavior)
- Or using nxserver-usermode as startup binary, which directly goes into the 103 stage.
- Fixed using commandline parameters like --cleanup for static usermode.
- Enabled the root commandline parameters in usermode.
- Fixed usage of "nx" user as normal user in usermode.
- Disabled slave mode and load balancing for usermode.
- Fixed creation of the logfile directory.
- Fixed nxnode usage of SSH_CLIENT using fallback mechanism.
- Added disabled nxserver-suid wrapper with help from Google. To enable it uncomment the suid_install target in Makefile.
- Automatically disabled slave mode, when load balancing is activated.
- Made ENABLE_SLAVE_MODE="1" the new default as its faster and more reliable. If you encounter any problems with it, disable it in node.conf.
* Mon Aug 11 2008 Boris Savelev <boris@altlinux.org> 0.7.3-alt1
- svn update to r565
- fix x86_64 build
* Tue Jul 15 2008 Boris Savelev <boris@altlinux.org> 0.7.2-alt2
- svn update to r546
* Fri Jun 13 2008 Boris Savelev <boris@altlinux.org> 0.7.2-alt1
- new version
- fix altbug #16049
- new init-script
* Mon Jan 14 2008 Igor Zubkov <icesik@altlinux.org> 0.7.2-alt5.r430
- fix path for libXrender
* Sun Jan 06 2008 Igor Zubkov <icesik@altlinux.org> 0.7.2-alt4.r430
- fix font path (#13830)
* Thu Jan 03 2008 Igor Zubkov <icesik@altlinux.org> 0.7.2-alt3.r430
- update from svn
* Fri Dec 28 2007 Igor Zubkov <icesik@altlinux.org> 0.7.2-alt2.r427
- mark %_sysconfdir/nxserver/node.conf a config(noreplace)
- own %_sysconfdir/nxserver dir
- add requires nx
* Mon Dec 24 2007 Igor Zubkov <icesik@altlinux.org> 0.7.2-alt1.r427
- build for Sisyphus

14
dists/gentoo/files/70-gentoo.conf Normal file
View File

@@ -0,0 +1,14 @@
ENABLE_SLAVE_MODE="0"
ENABLE_SHOW_RUNNING_SESSIONS="0"
#NX_ACL_DIR="/etc/nxserver/acls"
KDE4_ENABLE="0"
COMMAND_START_KDE=/bin/false
COMMAND_START_CDE=/bin/false
COMMAND_START_KDE4=/bin/false
ENABLE_KDE_CUPS="0"
ENABLE_CUPS_SERVER_MODE="1"
SAMBA_MOUNT_SHARE_PROTOCOL="cifs"
ENABLE_SHARE_MULTIMOUNT="1"
COMMAND_SMBMOUNT=/bin/false
COMMAND_SMBUMOUNT=/bin/false
COMMAND_SMBUMOUNT_CIFS="/bin/umount"

68
dists/gentoo/files/nxserver-freenx-0.7.4-nxloadconfig.patch Normal file
View File

@@ -0,0 +1,68 @@
--- freenx-server/nxloadconfig.orig 2012-07-18 17:45:54.624000000 +0400
+++ freenx-server/nxloadconfig 2012-07-18 17:43:42.454003648 +0400
@@ -58,7 +58,7 @@
# Where can different nx components be found
NX_DIR=/usr
PATH_BIN=$NX_DIR/bin # if you change that, be sure to also change the public keys
-PATH_LIB=$NX_DIR/lib
+PATH_LIB=$NX_DIR/lib/NX/lib
NX_ETC_DIR=/etc/nxserver
NX_SESS_DIR=/var/lib/nxserver/db
NX_HOME_DIR=/var/lib/nxserver/home
@@ -183,7 +183,7 @@
#JJK: added the following path referenced in nxprint
PPD_DIR="/usr/share/cups/model" #JJK: Note /usr/share/ppd on some systems
-CUPS_BACKEND="/usr/lib/cups/backend"
+CUPS_BACKEND="/usr/libexec/cups/backend"
CUPS_IPP_BACKEND="$CUPS_BACKEND/ipp"
CUPS_DEFAULT_SOCK="/var/run/cups/cups.sock"
CUPS_ETC="/etc/cups/"
@@ -202,15 +202,15 @@
KILL_DEFAULT_X_WM="1"
BOOTSTRAP_X_SESSION="0"
USER_X_STARTUP_SCRIPT=.Xclients
-DEFAULT_X_SESSION=/etc/X11/xdm/Xsession
+DEFAULT_X_SESSION=/etc/X11/Sessions/Xsession
COMMAND_GDM_X_SESSION="/etc/X11/gdm/Xsession custom"
if [ ! -x "$COMMAND_GDM_X_SESSION" ]
then
- COMMAND_GDM_X_SESSION="/etc/X11/Xsession"
+ COMMAND_GDM_X_SESSION="/etc/X11/Sessions/Xsession"
fi
COMMAND_START_KDE="startkde"
COMMAND_START_KDE4="startkde4"
-COMMAND_START_GNOME="gnome-session"
+COMMAND_START_GNOME="/etc/X11/Sessions/Gnome"
COMMAND_START_CDE=cdwm
COMMAND_XTERM=xterm
COMMAND_XAUTH=/usr/bin/xauth
@@ -234,14 +234,15 @@
COMMAND_NXSHADOWACL="$PATH_BIN/nxshadowacl"
COMMAND_NXACL="$PATH_BIN/nxacl"
COMMAND_NXCHECKLOAD="$PATH_BIN/nxcheckload"
-COMMAND_NXAGENT="$PATH_BIN/nxagent"
+COMMAND_NXAGENT="REAL_PATH_LIB/nxagent"
# Guest directives
ENABLE_GUEST_LOGIN="0"
-COMMAND_GUEST_LOGIN="/usr/lib/nx/guest/nxnode"
+COMMAND_GUEST_LOGIN="/usr/lib/NX/guest/nxnode"
# Try to use protected enviroment for guest sessions
-COMMAND_GUEST_X_SESSION="/usr/share/gdm/guest-session/Xsession custom"
-if [ ! -x "/usr/share/gdm/guest-session/Xsession" ]
+COMMAND_GUEST_X_SESSION="/usr/lib/NX/guest/Gnome"
+
+if [ ! -x "/usr/lib/NX/guest/Gnome" ]
then
COMMAND_GUEST_X_SESSION=$COMMAND_GDM_X_SESSION
fi
@@ -406,7 +407,7 @@
[ -z "$PROXY_LIBRARY_PATH" ] && PROXY_LIBRARY_PATH=$PATH_LIB
[ -z "$APPLICATION_LIBRARY_PATH" ] && APPLICATION_LIBRARY_PATH=$PATH_LIB
-[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11-nx.so.6:$APPLICATION_LIBRARY_PATH/libXext-nx.so.6:$APPLICATION_LIBRARY_PATH/libXcomp.so.3:$APPLICATION_LIBRARY_PATH/libXcompext.so.3:$APPLICATION_LIBRARY_PATH/libXrender.so.1"
+[ -z "$APPLICATION_LIBRARY_PRELOAD" ] && APPLICATION_LIBRARY_PRELOAD="$APPLICATION_LIBRARY_PATH/libX11.so:$APPLICATION_LIBRARY_PATH/libXext.so:$APPLICATION_LIBRARY_PATH/libXcomp.so:$APPLICATION_LIBRARY_PATH/libXcompext.so:$APPLICATION_LIBRARY_PATH/libXrender.so"
NX_BACKEND_VERSION=$(strings $COMMAND_NXAGENT 2>/dev/null | egrep 'NXAGENT - Version' | sed 's/.*Version //g')

10
dists/gentoo/files/nxserver-freenx-0.7.4-pam_ssh.patch Normal file
View File

@@ -0,0 +1,10 @@
--- freenx-server/nxnode-login.orig 2009-04-20 16:54:24.000000000 +0200
+++ freenx-server/nxnode-login 2009-04-20 16:54:27.000000000 +0200
@@ -73,6 +73,7 @@
expect {
"Are you sure you want to continue connecting (yes/no)?" { send "yes\r" }
"assword*:" { sleep 0.3; send "$password\r" }
+ "SSH passphrase:" { sleep 0.3; send "$password\r" }
"Permission denied*" { exit 1 }
"su: Authentication failure" { exit 1 }
"NX> 1000 NXNODE - Version" {

7
dists/gentoo/gentoo.postinst Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
chmod 711 "/usr/libexec/cups/backend/ipp"
chmod 755 "/usr/sbin/cupsd"
chmod 4711 "/sbin/mount.cifs"
ln -s /usr/share/cups/mime/mime.convs /etc/cups
ln -s /usr/share/cups/mime/mime.types /etc/cups

162
dists/gentoo/nxserver-freenx-0.7.4-r665.ebuild Normal file
View File

@@ -0,0 +1,162 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/nxserver-freenx/nxserver-freenx-0.7.3_p104-r6.ebuild,v 1.4 2011/11/24 21:00:12 voyageur Exp $
EAPI=4
inherit git-2 multilib eutils toolchain-funcs versionator
MAJOR_PV="$(get_version_component_range 1-3)"
PATCH_VER="$(get_version_component_range 4)"
MY_PN="freenx-server"
DESCRIPTION="Free Software Implementation of the NX Server"
HOMEPAGE="http://freenx.berlios.de/ https://launchpad.net/~freenx-team"
EGIT_REPO_URI="git://git.etersoft.ru/people/dimbor/packages/freenx-server.git"
#EGIT_BOOTSTRAP="autogen.bash"
SRC_URI=""
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 x86"
IUSE="nxclient rdesktop vnc"
DEPEND="x11-misc/gccmakedep
x11-misc/imake"
RDEPEND="dev-tcltk/expect
media-fonts/font-cursor-misc
sys-devel/bc
media-fonts/font-misc-misc
net-analyzer/gnu-netcat
>=net-misc/nx-2.1.0
sys-apps/gawk
virtual/ssh
x11-apps/xauth
x11-apps/xrdb
x11-apps/sessreg
x11-terms/xterm
nxclient? ( net-misc/nxclient )
!nxclient? ( !net-misc/nxclient
|| ( x11-misc/xdialog
x11-apps/xmessage
gnome-extra/zenity ) )
rdesktop? ( net-misc/rdesktop )
vnc? ( x11-misc/x11vnc
net-misc/tightvnc )"
S=${WORKDIR}
export NX_HOME_DIR=/var/lib/nxserver/home
pkg_setup () {
enewuser nx -1 -1 ${NX_HOME_DIR}
}
src_prepare() {
cd ${S}
epatch "${FILESDIR}"/nxserver-freenx-0.7.4-pam_ssh.patch
epatch "${FILESDIR}"/nxserver-freenx-0.7.4-nxloadconfig.patch
# Path to net-misc/nx files, support for nx >= 3.4.0
sed -e "/PATH_LIB=/s/lib/$(get_libdir)/g" \
-e "s#REAL_PATH_LIB#/usr/$(get_libdir)/NX/bin#" \
-i ${MY_PN}/nxloadconfig || die "nxloadconfig sed failed"
}
src_compile() {
cd ${MY_PN}
emake CC=$(tc-getCC) CDEBUGFLAGS="${CFLAGS}" || die "compilation failed"
}
src_install() {
export NX_ETC_DIR=/etc/nxserver
export NX_SESS_DIR=/var/lib/nxserver/db
cd ${MY_PN}
emake DESTDIR="${D}" install || die "install failed"
# LIBREDIR_DIR="${D}""usr/lib/freenx-server"
# dodir "/usr/lib/freenx-server"
# OLDREDIR_DIR="${D}""usr/$(get_libdir)/NX/$(get_libdir)/freenx-server"
# mv ${OLDREDIR_DIR}/libnxredir.so.0 ${LIBREDIR_DIR}
# [[ $(get_libdir) == "lib64" ]] && rm -r "${D}""usr/$(get_libdir)" || \
# rm -r "${D}""usr/$(get_libdir)/NX"
# This should be renamed to remove the blocker on net-misc/nxclient
use nxclient && rm "${D}"/usr/bin/nxprint
dodir ${NX_ETC_DIR}
for x in passwords passwords.orig ; do
touch "${D}"${NX_ETC_DIR}/$x
chmod 600 "${D}"${NX_ETC_DIR}/$x
done
insinto ${NX_ETC_DIR}
for x in Xkbmap Xsession fixkeyboard ; do
doins "${S}/${MY_PN}/data/$x"
[[ $x == "Xkbmap" ]] && continue
chmod 755 "${D}"${NX_ETC_DIR}/$x
done
CONF_DIR="${NX_ETC_DIR}"/node.conf.d
dodir ${CONF_DIR}
insinto ${CONF_DIR}
doins "${S}/${MY_PN}/conf/conf.d"/*
cp "${FILESDIR}"/70-gentoo.conf "${D}"${CONF_DIR}
ACL_DIR="${NX_ETC_DIR}/acls"
dodir "${ACL_DIR}"
insinto "${ACL_DIR}"
doins "${S}/${MY_PN}/conf/acls"/*
dodir "${NX_ETC_DIR}/ppd"
SUDO_DIR=/etc/sudoers.d
dodir ${SUDO_DIR}
insinto "${SUDO_DIR}"
newins "${S}/sudoers.conf" nxserver
chmod 440 "${D}"${SUDO_DIR}/nxserver
LOGR_DIR=/etc/logrotate.d
dodir ${LOGR_DIR}
insinto "${LOGR_DIR}"
newins "${S}/${MY_PN}/data/logrotate" nxserver
dodir ${NX_HOME_DIR}
for x in closed running failed ; do
keepdir ${NX_SESS_DIR}/$x
fperms 0700 ${NX_SESS_DIR}/$x
done
newinitd "${FILESDIR}"/nxserver.init nxserver
}
pkg_postinst () {
# Other NX servers ebuilds may have already created the nx account
# However they use different login shell/home directory paths
if [[ ${ROOT} == "/" ]]; then
usermod -s /usr/bin/nxserver nx || die "Unable to set login shell of nx user!!"
usermod -d ${NX_HOME_DIR} nx || die "Unable to set home directory of nx user!!"
usermod -a -G utmp nx || die "Unable to add nx user to utmp group!!"
else
elog "If you had another NX server installed before, please make sure"
elog "the nx user account is correctly set to:"
elog " * login shell: /usr/bin/nxserver"
elog " * home directory: ${NX_HOME_DIR}"
elog " * supplementary groups: utmp"
fi
elog "To complete the installation, run:"
elog " nxsetup --install --setup-nomachine-key"
elog "This will use the default Nomachine SSH key"
elog "If you had older NX servers installed, you may need to add \"--clean --purge\" to the nxsetup command"
if has_version net-misc/openssh[-pam]; then
elog ""
elog "net-misc/openssh was not built with PAM support"
elog "You will need to unlock the nx account by setting a password for it"
fi
}

62
node.conf.def/00--internal.cnf Normal file
View File

@@ -0,0 +1,62 @@
#########################################################################
# INTERNAL STUFF DEFAULTS
# DO NOT TOUCH unless you REALLY know what you are doing
#########################################################################
#@ type: string
#@ check: notempty error
NX_VERSION=3.5.0-2.1.3-CE
#@ type: string
#@ check: advanced error
NX_LICENSE="OS (GPL, using backend: %BACKEND%)"
# Where can different nx components be found
#@ type: string
#@ check: dir error
NX_DIR=/usr
# if you change that, be sure to also change the public keys
#@ type: string
#@ check: dir error
PATH_BIN=$NX_DIR/bin
#@ type: string
#@ check: dir error
PATH_LIB=$NX_DIR/lib
#@ type: string
#@ check: dir nx:nx 770 perform
NX_SESS_DIR=/var/lib/nxserver/db
#@ type: string
#@ check: dir nx:nx 700 perform
NX_HOME_DIR=/var/lib/nxserver/home
# Advanced users ONLY
#@ type: string
#@ depend: SET_LD_LIBRARY_PATH
#@ check: dir error
AGENT_LIBRARY_PATH="$PATH_LIB"
#@ type: string
#@ depend: SET_LD_LIBRARY_PATH
#@ check: dir error
PROXY_LIBRARY_PATH="$PATH_LIB"
#@ type: string
#@ depend: SET_LD_LIBRARY_PATH
#@ check: dir error
APPLICATION_LIBRARY_PATH="$PATH_LIB"
#@ type: string
#@ depend: SET_LD_LIBRARY_PATH
#@ check: advanced
APPLICATION_LIBRARY_PRELOAD=""
# the name of the authorized keys file for ssh
#@ type: string
#@ check: advanced
SSH_AUTHORIZED_KEYS="authorized_keys2"

15
node.conf.def/00-general.conf Normal file
View File

@@ -0,0 +1,15 @@
#########################################################################
# General FreeNX directives
#########################################################################
# The host name which is used by NX server. It's should be used if it's
# different than the default hostname (as returned by `hostname`)
#@ type: string
#@ check: notempty error
SERVER_NAME="$(hostname)"
# The node ip which is used by NX Node in unecnrypted session mode.
# Set it if you want to use a specific external ip or the autodetection
# is not working.
#@ type: string
EXTERNAL_PROXY_IP=""

28
node.conf.def/01-auth.conf Normal file
View File

@@ -0,0 +1,28 @@
#########################################################################
# Authentication / Security directives
#########################################################################
# If enabled forces the user to use encryption. This will bail out
# if the user does not have encryption enabled.
#@ type: bool
ENABLE_FORCE_ENCRYPTION=0
# Refuse the NX client connection if SSHD does not export the
# SSH_CONNECTION and SSH_CLIENT variables in the environment
# passed to the NX server.
# 1: Will check the remote IP and will not accept the
# connection if it can't be determined.
# 0: Will accept the connection even if the remote IP
# is not provided.
#@ type: bool
SSHD_CHECK_IP=0
# If ENABLE_LOG_FAILED_LOGINS=1 then failed login attempts are logged to the system
# auth.log.
#
# This is useful in combination with tools like fail2ban.
#
# The default is to log failed login attemps via syslog (3).
#
#@ type: bool
ENABLE_LOG_FAILED_LOGINS=1

129
node.conf.def/02-restriction.conf Normal file
View File

@@ -0,0 +1,129 @@
#########################################################################
# Restriction directives
#########################################################################
# The base display number from which sessions are started.
#@ type: int
#@ check: 1500 error
DISPLAY_BASE=2000
# The maximum number of contemporary sessions that can be run on FreeNX
#@ type: int error
SESSION_LIMIT=200
# The maximum number of contemporary sessions that a single user can run
# on FreeNX.
#@ type: int
#@ check: 1 SESSION_LIMIT
SESSION_USER_LIMIT=20
# The number of displays reserved for sessions, it has to be greater or equal
# to the maximum number of contemporary sessions that a server can run.
#@ type: int
#@ check: SESSION_LIMIT
DISPLAY_LIMIT=200
# User for which sessions should be persistent. Either the keyword "all" or a
# comma-separated list of usernames or groups in the @groupname syntax.
#@ type: string
ENABLE_PERSISTENT_SESSION="all"
# Users and groups for whom persistent sessions should be disabled.
# Especially useful if ENABLE_PERSISTENT_SESSION="all"
#@ type: string
DISABLE_PERSISTENT_SESSION=""
# General nx shadowing
# If ENABLE_SESSION_SHADOWING=1 nxserver will store in db shadow
# cookies
#@ type: bool
ENABLE_SESSION_SHADOWING=1
#
# When using NX 3.0 shadowing, this enables asking the user whether
# he authorizes another user to shadow his session
#
# 0: No authorization request will be presented,
# and the session will be shadowed as if the user had approved.
# 1: (default) Ask for authorization
#
#@ type: bool
ENABLE_SESSION_SHADOWING_AUTHORIZATION=1
# Allow session shadowing in interactive mode:
#
# 1: The shadowing user can interact with the shadowed session.
#
# 0: The shadowed session is view-only. No interaction with the
# shadowed session is possible.
#
#@ type: bool
ENABLE_INTERACTIVE_SESSION_SHADOWING=1
#
# Enable or disable clipboard:
#
# client: The content copied on the client can be pasted inside the
# NX session.
#
# server: The content copied inside the NX session can be pasted
# on the client.
#
# both: The copy&paste operations are allowed both between the
# client and the NX session and vice-versa.
#
# none: The copy&paste operations between the client and the NX
# session are never allowed.
#
#@ type: string
#@ check: list: %server, both, none% error
ENABLE_CLIPBOARD="both"
#
# Enable or disable the pulldown dialog, which provides a graphical
# way to suspend or terminate the rootless session:
#
# 1: Enabled. The pulldown menu is shown when the mouse pointer
# moves near the middle of the top boundary of a window and
# allows the user to suspend or terminate the session by means
# of an icon-click.
#
# 0: Disabled. The ctrl+alt+T key combination has to be issued
# to get the dialog for suspending or terminating the session.
#
#@ type: bool
ENABLE_PULLDOWN_MENU=1
# If you set ENABLE_ADVANCED_SESSION_CONTROL=1 you can start a new application
# in an already
# running rootless session by using "add <rest of name>" as session name.
#
# Note: The client will return a message on that.
#
#@ type: bool
ENABLE_ADVANCED_SESSION_CONTROL=0
# If you set ENABLE_SHOW_RUNNING_SESSIONS=0 then nxserver will only show
# suspended sessions and you will not be able to resume or terminate a running
# session.
# dimbor: for autoreconnect must set to 0
#
#@ type: bool
ENABLE_SHOW_RUNNING_SESSIONS=0
# If value of this option not empty (valid dir) "run-acl" system is switch on:
# On session start (node_find_application) called acl check process.
# ACL-files in NX_ACL_DIR describes user/group permissions for given cmdstr.
# ACL filenames are usernames, groupnames and "all". Permissions search order:
# user - group - all. See $NX_ETC_DIR/acls/README for detail
# After change of NX_ACL_DIR running 'nxsetup --mkdb' is required
# Example: NX_ACL_DIR="/etc/nxserver/acls"
#@ type: string
NX_ACL_DIR=""
# Default acl warning message.
#@type: string
#@depend NX_ACL_DIR
NX_ACL_WARN="Access denied!"

29
node.conf.def/03-logging.conf Normal file
View File

@@ -0,0 +1,29 @@
#########################################################################
# Logging directives
#########################################################################
# This directives controls the verbosity of the server-wide log.
# 0/1: No Logging/Logging
#@ type: bool
NX_LOG_LEVEL=0
# Before turning logging on, please make sure that NX_LOGFILE is
# writeable for the "nx" user
#@ type: string
#@ check: path error
NX_LOGFILE=/var/log/nxserver.log
# This directive controls if the temporary session directory
# ($HOME/.nx/C-<hostname>-<display>-<session_id>) should be kept after a
# session has ended. A successfully terminated session will be saved as
# T-C-<hostname>-<display>-<session_id> while a failed session will be saved
# as F-C-<hostname>-<display>-<session_id>.
# The default is to cleanup the directories.
#@ type: bool
SESSION_LOG_CLEAN=1
# Amount of seconds nxserver is to keep session history. The default of 2592000
# is equivalent to 30 days. If this is 0 no session history will be kept
# and a negative value denotes infinity.
#@ type: int
SESSION_HISTORY=2592000

39
node.conf.def/04-balancing.conf Normal file
View File

@@ -0,0 +1,39 @@
# LOAD BALANCING
# ==============
#
# To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
# make:
#
# - either sure that all incoming connections are sent to the master
# server by using forwarding directives on the "slave" servers.
#
# - or share the session database space via NFS between the servers.
# (not recommended at the moment as race conditions for DISPLAYs can
# occur)
#
#@ type: string
LOAD_BALANCE_SERVERS=""
# The following load_balance_algorithms are available at the moment:
#
# "load", "round-robin", "random"
#
# For "load" you need a script called nxcheckload in PATH_BIN.
#
# A sample script, which you can change to your needs it shipped with
# FreeNX under the name nxcheckload.sample.
#@ type: string
#@ depend: LOAD_BALANCE_SERVERS
#@ check: list: %load, round-robin, random% error
LOAD_BALANCE_ALGORITHM="random"
# By setting ENABLE_LOADBALANCE=1 you can let users choose their
# preferred host, while being forwarded to another server. Of course
# this is just a preference. The loadbalancing algorithm can completely
# choose to ignore the users choice.
#@ type: bool
ENABLE_LOAD_BALANCE_PREFERENCE=0

1
node.conf.def/05-sound.conf Normal file
View File

@@ -0,0 +1 @@
# is empty

186
node.conf.def/06-path.conf Normal file
View File

@@ -0,0 +1,186 @@
#########################################################################
# Path directives
#########################################################################
# Add the nx libraries to LD_LIBRARY_PATH before starting nx agents.
# WARNING: This will NOT (and should not) affect applications. ONLY Disable
# this if the nx libraries are in a standard system path (such as /usr/lib)!
#@ type: bool
SET_LD_LIBRARY_PATH=0
# The command binary for the default window manager. If set it is run when a
# 'unix-custom' session is requested by the NX Client and an application
# to run is specified. It defaults to empty (ie no WM is run).
# If KILL_DEFAULT_X_WM is set the WM is terminated after the started
# application finishes. Else FreeNX will wait for the WM to complete.
#@ type: string
DEFAULT_X_WM=""
#@ type: bool
KILL_DEFAULT_X_WM=1
# When a 'unix-default' session is requested by the client the user's X startup
# script will be run if pressent and executable, otherwise the default X
# session will be run.
# Depending on distribution USER_X_STARTUP_SCRIPT might be .Xclients, .xinitrc
# and .Xsession
# Depending on distribution DEFAULT_X_SESSION might be /etc/X11/xdm/Xsession,
# /etc/X11/Sessions/Xsession or /etc/X11/xinit/xinitrc
#@ type: string
#@ check: rt_expand
USER_X_STARTUP_SCRIPT=.Xclients
#@ type: string
#@ check: exe
DEFAULT_X_SESSION=/etc/X11/Xsession
#@ type: string
#@ check: advanced error
COMMAND_GDM_X_SESSION="/etc/X11/gdm/Xsession custom"
# When the session is started some distros execute some scripts to get the
# environment ready. Set 1 if you want DEFAULT_X_SESSION to be called before
# executing the session.
#@ type: bool
BOOTSTRAP_X_SESSION=0
# The key that contains the name of the script that starts a KDE session.
# It's run when a 'unix-kde' session is requested by the client.
# Default is "startkde"
#@ type: string
#@ check: exe
COMMAND_START_KDE=startkde
# The key that contains the name of the script that starts a gnome session.
# It's run when a 'unix-gnome' session is requested by the client.
# Default is "gnome-session"
#@ type: string
#@ check: exe
COMMAND_START_GNOME=gnome-session
# The key that contains the name of the script that starts a CDE session.
# It's run when a 'unix-cde' session is requested by the client.
#@ type: string
#@ check: exe
COMMAND_START_CDE=cdwm
#@ type: string
#@ check: exe 755 perform
COMMAND_NXAGENT=nxagent
# The key that contains the name of the complete path of command name
# 'xterm'. It is run when a unix "xterm" session is requested by the
# client.
#@ type: string
#@ check: exe
COMMAND_XTERM=xterm
# The key that contains the name of the complete path of command name
# 'xauth'.
#@ type: string
#@ check: exe error
COMMAND_XAUTH=xauth
# The key that contains the name of the complete path of command name
# 'sudo'.
#@ type: string
#@ check: exe error
COMMAND_SUDO=sudo
# The key that contains the name of the complete path of command name
# 'mount'.
#@ type: string
#@ check: exe
COMMAND_MOUNT_LIST=mount
# The key that contains the name of the complete path of command name
# 'mount.cifs'.
#@ type: string
#@ check: exe
COMMAND_SMBMOUNT=mount.cifs
# The key that contains the name of the complete path of command name
# 'umount.cifs'.
#@ type: string
#@ check: exe
COMMAND_SMBUMOUNT=umount
# The key that contains the name of the complete path of the 'netcat' command.
#@ type: string
#@ check: exe error
COMMAND_NETCAT=netcat
# The key that contains the name of the complete path of the 'ssh' and
# 'ssh-keygen' command.
#@ type: string
#@ check: exe error
COMMAND_SSH=ssh
#@ type: string
#@ check: exe error
COMMAND_SSH_KEYGEN=ssh-keygen
# The tool to generate md5sums with
#@ type: string
#@ check: exe error
COMMAND_MD5SUM=md5sum
# The key that contains the name of the complete path of the 'rdesktop' command.
#@ type: string
#@ check: exe
COMMAND_RDESKTOP=xfreerdp
# The key that contains the name of the complete path of the 'vncviewer' command.
#@ type: string
#@ check: exe
COMMAND_VNCVIEWER=vncviewer
#@ type: string
#@ depend: LOAD_BALANCE_SERVERS
#@ check: exe
COMMAND_NXCHECKLOAD="nxcheckload"
# The key that contains the name of the complete path of the 'vncpasswd' command.
# By default the builtin nxpasswd is used.
#@ type: string
#@ check: exe
COMMAND_VNCPASSWD=nxpasswd
#@ type: string
#@ depend: ENABLE_USESSION
#@ check: exe error
COMMAND_SESSREG=sessreg
# Command for cp converting
#@ type: string
#@ check: exe error
COMMAND_ICONV=iconv
# Commands for hiding/unhiding passwords
#@ type: string
#@ check: exe error
COMMAND_HIDE=base64
#@ type: string
#@ check: exe error
COMMAND_UNHIDE="base64 -d"
# Command to get process list
#@ type: string
#@ check: exe error
COMMAND_PS=ps
# Commands to pulseaudio control
#@ type: string
#@ check: exe
COMMAND_PA=pulseaudio
#@ type: string
#@ check: exe
COMMAND_PACTL=pactl
# Application to display X message.
#@ type: string
#@ check: exe error
COMMAND_XMSG="nxdialog --dialog ok --caption 'freenx server' --message"

57
node.conf.def/07-misc.conf Normal file
View File

@@ -0,0 +1,57 @@
#########################################################################
# Misc directives
#########################################################################
# When set to 1 this will automatically resume started sessions
#@ type: bool
ENABLE_AUTORECONNECT=1
# When set to 1 exports NXUSERIP / NXSESSIONID in nxnode
#@ type: bool
EXPORT_USERIP=1
#@ type: bool
EXPORT_SESSIONID=1
# This can be set to any executable, which is started after session startup
# like: $NODE_AUTOSTART {start|restore}
#@ type: string
#@ check: rt_expand
NODE_AUTOSTART=""
# When set to 1 will start nxagent in rootless mode.
#@ type: bool
ENABLE_ROOTLESS_MODE=1
# If enabled writes entries via the COMMAND_SESSREG program
# into utmp/wtmp/lastlog database.
# Note: You have to make sure that you add the nx user to the
# utmp or tty group or how its called on your system
# before this directive works.
#@ type: bool
ENABLE_USESSION=1
# Extra options to vncviewer command. Default are for tigervnc-viewer
#@ type: string
EXTRA_OPTIONS_RFB="-Shared -SecurityTypes VncAuth"
# Extra options to rdesktop command. Default are for xfreerdp
#@ type: string
EXTRA_OPTIONS_RDP="/cert-ignore /kbd:0x00000409 /home-drive +clipboard"
# Time to sleep before calling terminate nxagent
#@ type: int
#@ check: 0 30
NODE_APP_WAIT_TIMEOUT=3
# Force terminate session if NODE_APP_WAIT_TIMEOUT ends
#@ type: bool
ENABLE_ROOTLESS_TERMINATE_SESSION=0
# In case ENABLE_ROOTLESS_TERMINATE_SESSION=1 if starting apps found
# in APP_WAIT_MAP then appropriate processes will be controlled of.
# Further nxnode will wait for them completion after main app finished.
# Format: "app_name1:sname1[,sname2...][;app_name2:sname3[,sname4...][;...]]"
#@ type: string
#@ depend: ENABLE_ROOTLESS_TERMINATE_SESSION
APP_WAIT_MAP=""

14
node.conf.def/08-bash.conf Normal file
View File

@@ -0,0 +1,14 @@
# If SOURCE_SYS_PROFILE is not empty and readable FreeNX will source
# it before application startup as we are kind of a login shell.
# default: /etc/profile
#@ type: string
#@ check: file
SOURCE_SYS_PROFILE="/etc/profile"
# If SOURCE_BASH_USER_PROFILE is not empty and readable FreeNX will source
# it before application startup as we are kind of a login shell.
# Please use absolute path or short file name.
# default: .profile
#@ type: string
SOURCE_USER_PROFILE=".profile"

44
node.conf.def/09-cups.conf Normal file
View File

@@ -0,0 +1,44 @@
# System CUPS with sudo is used.
# put drivers to /etc/nxserver/ppd dir (more info in
# http://unixforum.org/index.php?showforum=89)
# Our own CUPS ppd dir
#@ type: string
#@ check: dir root:users 775 perform
NX_PPD_DIR=$NX_ETC_DIR/ppd
# Commands to CUPS control
#@ type: string
#@ check: exe
COMMAND_LPINFO=lpinfo
#@ type: string
#@ check: exe
COMMAND_LPSTAT=lpstat
#@ type: string
#@ check: exe
COMMAND_LPADMIN=lpadmin
#@ type: string
#@ check: exe
COMMAND_PPDCAT=/usr/lib/cups/daemon/cups-driverd
#@ type: string
#@ check: path
CUPS_DEFAULT_SOCK=/var/run/cups/cups.sock
# for check cups backends only
#@ type: string
#@ check: dir
CUPS_BACKEND=/usr/lib/cups/backend
#@ type: string
#@ check: exe
CUPS_IPP_BACKEND=$CUPS_BACKEND/ipp
#@ type: string
#@ check: exe
CUPS_NXSMB_BACKEND=$CUPS_BACKEND/nxsmb

19
node.conf.def/10-samba.conf Normal file
View File

@@ -0,0 +1,19 @@
# FreeNX with ENABLE_SAMBA_PRELOAD=1 will automatically setup
# port 445 and 139 and forward them to the used samba port.
#
# This enables samba browsing to the local subnet in for example
# konqueror.
#
#@ type: bool
ENABLE_SAMBA_PRELOAD=0
# Additional mount options for mount command (mount.cifs)
#@ type: string
SMB_MOUNT_OPTIONS="vers=2.1,iocharset=utf8,file_mode=0660,dir_mode=0770"
# How to inteprete international symbols in win-client resource-names.
# Contains none,one or more charsets pairs - arguments "[from]>[to]" of iconv command.
# if none, it's equivalent of system charset,
# eg ">cp1252 cp1251>" == "latin1>cp1252 cp1251>UTF-8"
#@ type: string
WIN_CP_CONVERT_CHAIN=""

13
node.conf.def/11-nxagent.conf Normal file
View File

@@ -0,0 +1,13 @@
#@ type: string
AGENT_EXTRA_OPTIONS_X="-nolisten tcp -dpi 96"
# The number of seconds we wait for the nxagent to start before
# deciding startup has failed
#@ type: int
AGENT_STARTUP_TIMEOUT=15
# The font server the agent will use. If set to "" no font server is used.
# For this to do any good, the client has to have the same font server set
# in /etc/X11/XF86Config
#@ type: string
AGENT_FONT_SERVER=""

12
node.conf.def/12-nxproxy.conf Normal file
View File

@@ -0,0 +1,12 @@
# Disable or enable use of 'tcp nodelay' on proxy. Old versions of Linux
# kernels have problems using this option on sockets that will cause a loss
# of TCP connections. This option is not set by default to allow clients to
# specify whether to enable or disable TCP nodelay. Setting this option to
# the value of 0 NX proxy avoids using 'tcp nodelay' but it will cause a
# loss of interaction in sessions.
#@ type: string
PROXY_TCP_NODELAY=""
# Extra options to nxproxy. See !M documentation for useful parameters.
#@ type: string
PROXY_EXTRA_OPTIONS=""

12
node.conf.def/50-numlockx.conf Normal file
View File

@@ -0,0 +1,12 @@
# Binary filename provides numlockx
#@ type: string
#@ check: exe
NUMLOCKX=numlockx
# numlockx run strategy. valid value are:
# 'on' -- run 'numlockx on' at session startup
# 'off' -- run 'numlockx off' at session startup
# 'system' -- default. don't run numlockx
#@ type: string
#@ check: list: %on, off, system%
NUMLOCK_METHOD="system"

2
node.conf.def/README Normal file
View File

@@ -0,0 +1,2 @@
# Do not modify the files here please.
# They are used to set default values by nxsetup.

26
nx-session-launcher/ConsoleKit-NX.conf Normal file
View File

@@ -0,0 +1,26 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Allow nx user to manage sessions -->
<policy user="nx">
<allow own="org.freedesktop.ConsoleKit"/>
<allow send_interface="org.freedesktop.ConsoleKit.Manager"/>
<allow send_interface="org.freedesktop.ConsoleKit.Seat"/>
<allow send_interface="org.freedesktop.ConsoleKit.Session"/>
<deny send_interface="org.freedesktop.ConsoleKit.Manager"
send_member="SetX11ParkingPlace"/>
<allow send_interface="org.freedesktop.ConsoleKit.Manager"
send_member="OpenConsoleWithParameters"/>
<allow send_interface="org.freedesktop.ConsoleKit.Session"
send_member="Lock"/>
<allow send_interface="org.freedesktop.ConsoleKit.Session"
send_member="Unlock"/>
<allow send_destination="org.freedesktop.ConsoleKit"
send_interface="org.freedesktop.DBus.Properties" />
</policy>
</busconfig>

17
nx-session-launcher/Makefile Normal file
View File

@@ -0,0 +1,17 @@
.PHONY: all install
CC=gcc
CFLAGS=-g -O2 -Wall -fPIC
SOURCES = nx-session-launcher-suid.c
PROGRAMS = nx-session-launcher-suid
ifneq ($(NX_VERSION),)
CFLAGS+=-DNXSERVER_COMMAND="\"$(PATH_BIN)/nx-session-launcher\""
endif
all: $(PROGRAMS)
clean:
rm -f $(PROGRAMS)

12
nx-session-launcher/README Normal file
View File

@@ -0,0 +1,12 @@
The unlock buttons on Users and Groups or Network are greyed out and un-accessible.
Running from a term 'sudo users-admin' should work the same way. (Not in Ubuntu due
to bug https://bugs.edge.launchpad.net/ubuntu/+source/policykit/+bug/210897)
If you are not using a packed version, correct the problem by following this steps:
- Copy nx-session-launcher and nx-session-launcher-suid to /usr/bin
- Execute $ chown nx /usr/bin/nx-session-launcher-suid
- Execute $ chmod 4755 /usr/bin/nx-session-launcher-suid
- Copy ConsoleKit-NX.conf to /etc/dbus-1/system.d/
- Reload dbus by issuing /etc/init.d/dbus reload
- Edit /etc/nxserver/node.conf and change '#COMMAND_START_GNOME=gnome-session'
to 'COMMAND_START_GNOME=/usr/bin/nx-session-launcher-suid gnome-session'

19
nx-session-launcher/freenx.session.policy Normal file
View File

@@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<action id="freenx.session.create">
<description>Create a new FreeNX session</description>
<message>System policy allows to create a new session</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
</policyconfig>

170
nx-session-launcher/nx-session-launcher Normal file
View File

@@ -0,0 +1,170 @@
#!/usr/bin/env python
import xml.parsers.expat as expat
import os
import gobject
import dbus
import sys
import logging
logging.basicConfig (level=logging.ERROR, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', stream=sys.stderr)
log = logging.getLogger ("nx-session-launcher")
log.debug ("Starting nx-session-launcher")
# Getting the system dbus
bus = dbus.SystemBus ()
USE_PK_CREDENTIALS = False
# ------------------- ConsoleKit integration ------------------------
# Getting the ConsoleKit object
ck_manager_obj = bus.get_object ('org.freedesktop.ConsoleKit', '/org/freedesktop/ConsoleKit/Manager')
ck_manager = dbus.Interface (ck_manager_obj, 'org.freedesktop.ConsoleKit.Manager')
objs = ck_manager.GetSeats ()
nx_create_session = os.getenv('NX_CREATE_CK_SESSION')
create_session = True
if nx_create_session == "false":
create_session = False
nx_session_type = os.getenv('NX_SESSION_TYPE')
if nx_session_type == None:
nx_session_type = "nx"
display = os.getenv('DISPLAY')
# Get the current session
current_cookie = os.getenv('XDG_SESSION_COOKIE')
current_session = None
if current_cookie != None:
current_session = ck_manager.GetSessionForCookie (current_cookie)
def takeOwnership():
log.debug ("NX_CREATE_CK_SESSION = " + current_cookie)
log.debug ("Not creating a CK session")
session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session)
session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session')
properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties')
try:
properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1))
properties.Set ("org.freedesktop.DBus.Properties", "is-local", dbus.Boolean (True, variant_level=1))
properties.Set ("org.freedesktop.DBus.Properties", "session-type", dbus.String (nx_session_type, variant_level=1))
if display != None:
properties.Set ("org.freedesktop.DBus.Properties", "x11-display", dbus.String (display, variant_level=1))
log.debug ("Ownership taken")
return True
except expat.ExpatError, e:
error_string = str(e)
log.error ("Error: " + error_string)
log.error ("Falling back to create a new session")
return False
except dbus.DBusException, e:
error_string = str(e)
log.error ("Error: " + error_string)
log.error ("Falling back to create a new session")
return False
except Exception, e:
error_string = str(e)
log.error ("Error: " + error_string)
log.error ("Falling back to create a new session")
return False
def createSession():
try:
# Defining the session attributes
params = dbus.Array ([], signature = "(sv)")
params.append (("unix-user", dbus.Int32 (os.getuid(), variant_level=1)))
params.append (("session-type", dbus.String (nx_session_type, variant_level=1)))
if display != None:
params.append (("x11-display", dbus.String (display, variant_level=1)))
params.append (("is-local", dbus.Boolean (True, variant_level=1)))
# Create the ConsoleKit session
cookie = ck_manager.OpenSessionWithParameters (params)
log.debug ("Session " + cookie + " created")
# Exporting the XDG_SESSION_COOKIE variable
os.environ['XDG_SESSION_COOKIE'] = cookie
# Getting the ConsoleKit session
current_session = ck_manager.GetSessionForCookie (cookie)
session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session)
session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session')
# Setting the session as active
properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties')
properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1))
except dbus.DBusException, e:
# Dbus error problably you don't have the dbus rule installed or your launcher is not suid nx
# Open session without the parameters
log.error ("Failed to create a CK session using parameters")
error_string = str(e)
log.error ("Error: " + error_string)
# Create the ConsoleKit session
cookie = ck_manager.OpenSession ()
log.debug ("Session " + cookie + " created")
# Exporting the XDG_SESSION_COOKIE variable
os.environ['XDG_SESSION_COOKIE'] = cookie
def checkPermission ():
if USE_PK_CREDENTIALS == False:
return True
policykit = bus.get_object ('org.freedesktop.PolicyKit', '/', "org/freedesktop/PolicyKit")
if(policykit == None):
log.error ("Error: Could not get PolicyKit D-Bus Interface\n")
else:
polkit_interface = dbus.Interface (policykit, 'org.freedesktop.PolicyKit')
try:
granted = polkit_interface.IsProcessAuthorized ("freenx.session.create", os.getpid(), "false")
if granted == "yes":
return True
else:
return False
except dbus.DBusException, e :
# Dbus error problably you don't have the PolicyKit rule installed
error_string = str(e)
log.error ("Error: " + error_string)
if create_session and ( current_session == None or not takeOwnership () ):
log.debug("Creating a new session")
createSession ()
pid = os.fork ()
if pid == -1:
log.rrror ("error forking child")
elif pid == 0:
log.debug ("Forked")
else:
# Parent
status = os.waitpid (pid, 0)
os._exit (0)
if os.geteuid () != os.getuid ():
# Drop setuid privilege
os.setreuid(os.getuid(), os.getuid())
os.environ ['NX_CREATE_CK_SESSION'] = "false"
# Reexecute this script to really drop euid privilege
# os.spawnvp (os.P_WAIT, sys.argv[0], sys.argv)
# sys.exit()
args = sys.argv
args.pop(0)
log.info ("Launching the program\n")
if checkPermission ():
os.execvp(args[0], args)
else:
log.error ("You don't have permission to execute the action\n")

54
nx-session-launcher/nx-session-launcher-suid.c Normal file
View File

@@ -0,0 +1,54 @@
/*
* Copyright 2007 Google Inc.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Authors: alriddoch@google.com (Alistair Riddoch)
* freenx@fabian-franz.de (Fabian Franz)
*/
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#ifndef SESSION_LAUNCHER_COMMAND
#define SESSION_LAUNCHER_COMMAND "/usr/bin/nx-session-launcher"
#endif
#define CK_LAUNCH_SESSION_COMMAND "/usr/bin/ck-launch-session"
int main(int argc, char ** argv)
{
char ** new_argv;
new_argv = calloc(argc + 1, sizeof(char *));
int i;
for (i = 1; i < argc; ++i) {
new_argv[i] = argv[i];
}
uid_t calling_uid = getuid();
if (geteuid() == calling_uid) {
printf("Not running suid. Executing ck-launch-session.\n");
new_argv[0] = CK_LAUNCH_SESSION_COMMAND;
}else{
new_argv[0] = SESSION_LAUNCHER_COMMAND;
}
return execv(new_argv[0], new_argv);
}

67
nxcheckload.sample Executable file
View File

@@ -0,0 +1,67 @@
#!/bin/bash
#
# nxcheckload - sample script for calculation of the load for a node.
#
# Version 0.5
#
# Under GPL
#
# Jonathan "Arrouan" ROUZAUD-CORNABAS (rouzaud.jonathan@gmail.com)
#
# Fabian Franz <FreeNX@fabian-franz.de>
#
# 0.5
# - Rewrote huge parts
#
# Change between 0.3 and 0.4
# - Add of TMP_FILE
# - Add of lock file to avoid two run at once.
#
# Change between 0.2 and 0.3
# - SMP support.
#
if [ "$1" != "" ]; then
# Connect to a remote node
# Note: This is a ssh sample, you'll need to tweak it for your setup
# and setup the secret keys for yourself.
#exec $COMMAND_SSH nxcal@"$1" "$PATH_BIN/nxcheckload"
# Note: This is a netcat example. You need to have nxcheckload running through
# netpipes or netcat like follows:
# node1:~$ faucet 9876 -io $PATH_BIN/nxcheckload
#
# Connect to another node running the load-service on some port.
#
#exec $COMMAND_NETCAT "$1" 9876
# Same as loadbalance_rr_random
# pick a node by random.
echo $RANDOM
exit 0
fi
# Be sure to use C numeric for calculations
export LC_NUMERIC=C
# The 3 variables of load from uptime
LOADXX=$(awk '{ printf("(100-%s)+(100-%s)+(100-%s)\n", $1, $2, $3); }' /proc/loadavg | bc -q) #"
# Add of total memory and free memory
Mt=$(awk 'BEGIN { N=0 } /MemTotal|MemFree/ { N+=$2; } END { print N }' /proc/meminfo)
# NBCPU = number of CPU
NBCPU=$(cat /proc/cpuinfo | grep ^processor | wc -l)
# CPU = Mhz of the CPU
CPU=$(cat /proc/cpuinfo | grep "cpu MHz" | head -n1 | cut -d':' -f2 | cut -d' ' -f2)
# Number of Xorg already launch and running.
UNB=$(ps aux | grep Xorg | grep -v grep | wc -l)
# Final calcul of the number of load.
echo "100 * $LOADXX + $Mt + ( $NBCPU * $CPU ) / 100 + $UNB * 100" | bc -q | cut -d. -f1

298
nxdialog.freenx Executable file
View File

@@ -0,0 +1,298 @@
#!/bin/bash
#
# Copyright (c) 2004 by Fabian Franz <freenx@fabian-franz.de>
# (c) 2004 by Rick Stout <zipsonic@gmail.com>
#
# License: GPL, version 2
#
# Note: NX does not check the exit-code from nxclient,
# but we set it to a "good value" anyway in case
# it does check it someday.
#
# SVN: $Id: nxdialog 512 2008-03-10 23:01:03Z fabianx $
#
# ========================================================================
#JJK: borrowed from Aron Griffis
function requote {
declare arg
for arg; do
arg=$(printf '%q' "$arg")
printf '%s ' "${arg:-''}"
done
}
PARAMS=( "$@" )
INPUTS=$(requote "$@") #JJK: Save input parameter line...
TEMP=`getopt -a -o d: --long local,noautokill,dialog:,caption:,message:,display:,parent: -n $(basename $0) -- "$@"`
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"
DIALOG_TYPE="ok";
DIALOG_CAPTION=""
DIALOG_MESSAGE=""
DIALOG_LOCAL=""
DIALOG_NOAUTOKILL=""
DIALOG_PARENT="$PPID"
while true; do
case "$1" in
--dialog) DIALOG_TYPE="$2"; shift 2 ;;
--caption) DIALOG_CAPTION="$2"; shift 2 ;;
--message) DIALOG_MESSAGE="$2"; shift 2 ;;
--local) DIALOG_LOCAL="yes"; shift ;;
--noautokill) DIALOG_NOAUTOKILL="yes"; shift ;;
--display) DISPLAY="$2"; shift 2 ;;
--parent) DIALOG_PARENT="$2"; shift 2 ;;
--) shift ; break ;;
*) echo "Internal error!" ; exit 1; ;;
esac
done
export DISPLAY
# First check if the commercial nxclient is available and use it
# but check that it isn't this script to prevent a loop!
#
# Also check that not --printer was used, because the commercial
# client does not like large databases like used when ENABLE_FOOMATIC=1.
#
# This seems to be because the used sorting algorithm scales in O(n^2).
#
# This is now fixed in NXClient 3.0.0, but still people sometimes use
# older clients.
[ -x "/usr/bin/nxclient" ] && NXCLIENT="/usr/bin/nxclient"
[ -x "/usr/NX/bin/nxclient" ] && NXCLIENT="/usr/NX/bin/nxclient"
[ -z "$NXCLIENT" ] && NXCLIENT="/usr/NX/bin/nxclient"
[ -x "$NXCLIENT" ] && exec ${NXCLIENT} "${PARAMS[@]}"
if [ -x "/usr/bin/xvt" ] ; then
xterm_command="/usr/bin/xvt"
else
xterm_command=`which xterm`
fi
if [ -x /usr/bin/zenity ]; then
dialog_interface="zenity"
DIALOG=/usr/bin/zenity
# FIXME: This should be COMMAND_XDIALOG, ...
elif [ -x /usr/bin/Xdialog ]; then
dialog_interface="xdialog"
DIALOG=/usr/bin/Xdialog # just in case that we have no good path
elif [ -x /usr/bin/dialog ]; then
#JJK: Added 'dialog_interface=dialog' option because Xdialog not standard
#JJK: on some distros such as Fedora and xmessage won't handle long
#JJK: lists of ppd files while the combination of 'dialog' and 'xterm'
#JJK: should be present on most setups.
dialog_interface="dialog"
DIALOG=/usr/bin/dialog
if [ -z "$NXCLIENT_FIRST_TIME" ]; then
# Run only once in case of subdialogs. Capture result in tempfile
TMPFILE=$(mktemp /tmp/nxclient.XXXXX)
export NXCLIENT_FIRST_TIME=1
$xterm_command -geometry 120x24+100+100 +sb -title "NXclient" -e \
/bin/bash -c "$DIALOG --infobox 'Please wait...' 3 25; $0 $INPUTS | tee $TMPFILE" \
|| exit 1
#Need to recover the last line output (and not remove non-printing chars, because --stdout is used)
tail -1 $TMPFILE
rm -f $TMPFILE
exit 0
fi
else
dialog_interface="xmessage"
xmessage=$(which xmessage 2>/dev/null)
[ -z "$xmessage" ] && xmessage="/usr/X11R6/bin/xmessage"
fi
#
# xmessage dialog interface
#
xmessage_ok() {
$xmessage -buttons "Ok:0" -center "$DIALOG_MESSAGE"
return 0 # Give cancel on close ...
}
xmessage_yesno() {
$xmessage -buttons "Yes:2,No:0" -center "$DIALOG_MESSAGE"
}
xmessage_yesnosuspend() {
$xmessage -buttons "Suspend:3,Terminate:2,Cancel:0" -center "$DIALOG_MESSAGE"
}
xmessage_panic() {
$xmessage -buttons "Terminate:2,Cancel:0" -center "$DIALOG_MESSAGE"
}
xmessage_quit() {
$xmessage -buttons "Quit:0" -center "$DIALOG_MESSAGE"
return 0 # Give cancel on close ...
}
#
# zenity interface
#
zenity_ok() {
$DIALOG --info --title="$DIALOG_CAPTION" --text="$DIALOG_MESSAGE"
return 0 # Give cancel on close ...
}
zenity_yesno() {
$DIALOG --question --title="$DIALOG_CAPTION" --text="$DIALOG_MESSAGE"
RC=$?
[ $RC -eq 0 ] && return 2
[ $RC -eq 1 ] && return 0
}
zenity_yesnosuspend() {
Suspend="Disconnect (Suspend session)"
Terminate="Terminate (Log Out)"
ans=$($DIALOG --title="$DIALOG_CAPTION" \
--text="$DIALOG_MESSAGE Close this dialog to cancel." \
--list --radiolist --column "" --column "" \
TRUE "$Terminate" FALSE "$Suspend")
RC=$?
case $ans in
$Terminate)
return 2;
;;
$Suspend)
return 3;
esac
[ $RC -eq 1 ] && return 0
}
zenity_panic() {
$DIALOG --question --no-wrap --title="$DIALOG_CAPTION" \
--ok-label="Terminate" --cancel-label="Cancel" \
--text="$DIALOG_MESSAGE"
RC=$?
[ $RC -eq 0 ] && return 2
[ $RC -eq 1 ] && return 0
}
zenity_quit() {
$DIALOG --info --title="$DIALOG_CAPTION" --text="$DIALOG_MESSAGE"
return 0 # Give cancel on close ...
}
#"
# xdialog interface
#
xdialog_ok() {
$DIALOG --title "$DIALOG_CAPTION" --msgbox "$DIALOG_MESSAGE" 0 0
return 0 # Give cancel on close ...
}
xdialog_yesno() {
$DIALOG --title "$DIALOG_CAPTION" --yesno "$DIALOG_MESSAGE" 0 0
RC=$?
[ $RC -eq 0 ] && return 2
[ $RC -eq 1 ] && return 0
}
xdialog_yesnosuspend() {
$DIALOG --title "$DIALOG_CAPTION" --buttons-style text \
--ok-label "Suspend" --cancel-label "Terminate" \
--yesno "$DIALOG_MESSAGE Close this dialog to cancel." 400x150
RC=$?
[ $RC -eq 0 ] && return 3
[ $RC -eq 1 ] && return 2
}
xdialog_panic() {
$DIALOG --title "$DIALOG_CAPTION" --buttons-style text --default-no \
--ok-label "Terminate" --cancel-label "Cancel" \
--yesno "$DIALOG_MESSAGE" 0x0
RC=$?
[ $RC -eq 0 ] && return 2
[ $RC -eq 1 ] && return 0
}
xdialog_quit() {
$DIALOG --buttons-style text --ok-label "Quit" --title "$DIALOG_CAPTION" \
--msgbox "$DIALOG_MESSAGE" 0 0
return 0 # Give cancel on close ...
}
#JJK: dialog interface "
# These are analogous to the Xdialog functions with a few subtle
# syntax differences
#
dialog_ok() {
$DIALOG --stdout --title "$DIALOG_CAPTION" --msgbox "$DIALOG_MESSAGE" 0 0
return 0 # Give cancel on close ...
}
dialog_yesno() {
$DIALOG --stdout --title "$DIALOG_CAPTION" --yesno "$DIALOG_MESSAGE" 0 0
RC=$?
[ $RC -eq 0 ] && return 2
[ $RC -eq 1 ] && return 0
}
dialog_yesnosuspend() {
$DIALOG --stdout --title "$DIALOG_CAPTION" --yes-label "Suspend" \
--no-label "Terminate" \
--yesno "$DIALOG_MESSAGE\n\nPress 'Esc' to cancel." 8 60
RC=$?
[ $RC -eq 0 ] && return 3
[ $RC -eq 1 ] && return 2
}
dialog_panic() {
$DIALOG --stdout --title "$DIALOG_CAPTION" --defaultno \
--yes-label "Terminate" --no-label "Cancel" \
--yesno "$DIALOG_MESSAGE" 0 0
RC=$?
[ $RC -eq 0 ] && return 2
[ $RC -eq 1 ] && return 0
}
dialog_quit() {
$DIALOG --stdout --ok-label "Quit" --title "$DIALOG_CAPTION" \
--msgbox "$DIALOG_MESSAGE" 0 0
return 0 # Give cancel on close ...
}
#
# main case statement
#
case $DIALOG_TYPE in
ok)
${dialog_interface}_ok
;;
yesno)
${dialog_interface}_yesno
;;
yesnosuspend)
${dialog_interface}_yesnosuspend
;;
panic)
${dialog_interface}_panic
;;
quit)
${dialog_interface}_quit
;;
esac
#
# Time for exit code checks :)
#
RC=$?
[ $RC -eq 2 ] && kill -TERM $DIALOG_PARENT
[ $RC -eq 3 ] && kill -HUP $DIALOG_PARENT
exit 0

437
nxfuncs Normal file
View File

@@ -0,0 +1,437 @@
#!/bin/bash
#
# Copyright (c) 2020 by Dmitry Borisov <i@dimbor.ru>
#
# License: GPL, version 2
#
# ========================================================================
ip4_pattern='[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+'
num_pattern='[+-]?[0-9]+([.][0-9]+)?'
# setup NX_ETC_DIR here because we allways should to read settings first
NX_ETC_DIR="/etc/nxserver"
sq_settings_fn="$NX_ETC_DIR/nxsettings.sq3"
# following two functions are Copyright by Klaus Knopper
stringinstring() { case "$2" in *$1*) return 0;; esac; return 1; }
getparam() {
#args: <instring> <param_name> [recode_hex_%NN] [delimiter='&']
# Reread given line; echo last parameter's argument or return false.
local d='&'; [ -n "$4" ] && d="$4"
local pattern=".*$d$2=([^$d]*)" str="$d$1" r;
[[ "$str" =~ $pattern ]]; r=${BASH_REMATCH[1]}
[ -n "$3" ] && echo -e "${r//\%/\\x}" || echo "$r"
[ "$BASH_REMATCH" != "" ]
}
delparam() {
#args: <instring> <param_name> [delimiter='&']
# Delete parameter with value.
local d='&'; [ -n "$3" ] && d="$3"
local pat=".*($d$2=[^$d]*)" str="$1" r;
[ "${str:0:1}" = "$d" ] || str="$d$str"
[[ "$str" =~ $pat ]]; r=${BASH_REMATCH[1]}
echo "${str/$r/}"
}
trim() {
local v="$*"; v=${v#${v%%[![:space:]]*}};
v=${v%${v##*[![:space:]]}}; echo -n "$v"
}
fcount() {
#args: <text> [delim=$'\n']
#ret: count of fields (lines by default)
local IFS=$'\n'; [ -n "$2" ] && IFS="$2"
local a=($1); echo "${#a[@]}"
}
cutfn() {
#args: line field_num_start_at_0 [delim=$IFS]
set -f
if [ -n "$3" ]; then local IFS="$3"; fi
local a=($1);
#echo "${a[($2)]}" # negative values works on all systems?
echo "${a[@]:($2):1}"
set +f
}
rematchfn(){
#args: (pattern) <text> [match_num=0] [reversive]
# if match_num == "all" returns all found matches delimited by newlines
local pat n OIFS a ntl nr a r r1 res;
pat="$1"; [ -z "$3" -o "$3" = "all" ] && n=0 || n="$3"
OIFS=$IFS; local IFS=$'\n'; a=($2); IFS=$OIFS;
ntl=${#a[@]}; nr=0; r=(); res="";
if [ -z "$4" ]; then
for ((i=0;i<$ntl;i++)) {
[[ "${a[$i]}" =~ $pat ]] || continue
((nr++)); r+=(${BASH_REMATCH[1]})
[ "$nr" = "$n" ] && break
}
else
for ((i=$ntl;i>=0;i--)) {
[[ "${a[$i]}" =~ $pat ]] || continue
((nr++)); r+=(${BASH_REMATCH[1]})
[ "$nr" = "$n" ] && break
}
fi
if [ "$3" = "all" ]; then
for r1 in ${r[@]}; do res+="${res:+$'\n'}$r1"; done
echo "$res"
else echo "${r[($n)]}"
fi
[ "$nr" != "0" ]
}
set_vars_from_params() {
#args: <instring> <varnames> [var_prefix=""] [%hex_recode=""]
# varnames_list_delimited_by_spaces_or_commas
local vnames vn vv;
vnames="${2//,/ }"
for vn in $vnames; do
vv=$(getparam "$1" $vn $4); #[ -z "$vv" ] && continue;
declare -g $3$vn="$vv"
done
}
set_vars_from_ampstr() {
#param: <ampstr> [var_prefix=""] [%hex_recode=""]
local kv vn vv;
local IFS='&'; local -a a=($1) a2;
for kv in ${a[@]}; do
IFS='=' a2=($kv); vn=${a2[0]}; [ -z "$vn" ] && continue;
vv=${a2[1]}; [ -n "$3" ] && vv=$(echo -e "${vv//\%/\\x}")
declare -g $2$vn=$vv
done
}
set_vars_from_ampvals() {
#args: <instring> <varnames> [var_prefix=""] [%hex_recode=""]
# varnames_list_delimited_by_spaces_or_commas, values delimited by '&'
local vnames vn vv i=0
local OIFS=$IFS IFS='&' a
a=($1); IFS=$OIFS; vnames="${2//,/ }"
for vn in $vnames; do
vv=${a[$i]}; declare -g $4$vn="$vv"; ((i++))
done
}
port_is_listening() {
#args: <port> [host=127.0.0.1] [proto=tcp]
local hip="127.0.0.1"; [ -n "$3" ] && hip=$2
local proto="tcp"; [ -n "$3" ] && proto=$3
2>/dev/null > /dev/$proto/$hip/$1
}
# ===========================================================================
# sqlite3 functions
declare -g sq_cmd="/usr/bin/sqlite3";
declare -g DBE_PID="" DBE_PIDS_FILE="";
lock_dbe() {
#arg: [wait_cycles=80] [whit_step=0.05s]
local i rc ccls=60; [ -n "$1" ] && ccls=$1
local step=0.05; [ -n "$2" ] && step=$2
for (( i=0; i<=ccls; i++ )); do
mkdir "$DBE_PIDS_FILE.lock" &>/dev/null; rc=$?
[ $rc -eq 0 ] && break
sleep $step"s"
done
return $rc
}
unlock_dbe() { rmdir "$DBE_PIDS_FILE.lock" &>/dev/null; return 0; }
q_dbe0() {
local rc
echo -e "$@" >/proc/$DBE_PID/fd/0; rc=$?
return $rc
}
q_dbe() {
local rc; lock_dbe || return 1
q_dbe0 "$@"; rc=$?
unlock_dbe; return $rc
}
qa_dbe0() {
#args: <query_string> ...
local qstr="$@" r res=""; qstr+="SELECT '{end}';"
echo -e "$qstr" >/proc/$DBE_PID/fd/0
while read r </proc/$DBE_PID/fd/1; do
r=$(trim "$r")
[ "${r:(-5)}" = "{end}" ] && break
res+="${res:+$'\n'}$r"
done
echo "$res";
}
qa_dbe() {
#args: <query_string> ...
local rc
lock_dbe || return 1
local res=$(qa_dbe0 "$@"); rc=$?
echo "$res"; unlock_dbe; return $rc
}
ctl_dbe() {
#arg: <pid_of_parent>
#coproc /usr/bin/stdbuf -i0 -o0 $sq_cmd -batch 2>/tmp/dbe_stderr-$$.log
coproc /usr/bin/stdbuf -i0 -o0 $sq_cmd -batch 2>/dev/null
echo "$COPROC_PID" > "$DBE_PIDS_FILE"
wait $COPROC_PID
}
open_dbe() {
#arg: <pid_of_parent>
#ret: 0 if dbe started, 1 - dbe connected, 2 - error;
#echo "open dbe start $1"
local new_dbe="" pids cntr;
[ "$USER" != "nx" ] && DBE_PIDS_FILE="/var/lock/nxdbe-$USER"
if [ -z "$DBE_PID" ]; then
if [ -r "$DBE_PIDS_FILE" ]; then
pids=($(< "$DBE_PIDS_FILE")); DBE_PID=${pids[0]};
else new_dbe="1"
fi
fi
if [ -n "$DBE_PID" ]; then
if kill -0 $DBE_PID 2>/dev/null; then
echo "$1" >> "$DBE_PIDS_FILE"
return 1
else
DBE_PID=""; rm -f "$DBE_PIDS_FILE"; new_dbe="1";
#echo "rm old pidfile";
fi
fi
if [ -n "$new_dbe" ]; then
local dbc_pid="";
[ "$USER" = "nx" ] && DBE_PIDS_FILE="/var/lock/nxdbe-$1"
(ctl_dbe $1) &
dbc_pid=$!; disown $dbc_pid;
cntr=200;
while [ ! -e "$DBE_PIDS_FILE" ]; do sleep 0.01s; ((cntr--)); ((cntr<=0)) && break; done
#echo "create dbe $((200-cntr))0 ms"
DBE_PID=$(< "$DBE_PIDS_FILE"); echo "$1" >> "$DBE_PIDS_FILE"
q_dbe ".timeout 500\n.separator '&'" # not work with later attached tables after '.mode csv tname'
#q_dbe "PRAGMA journal_mode = WAL;" # causes error on keyslst_for_user() now
return 0
fi
return 2
}
attach_db() {
#args: <filename> [ro=""]
local dbname=${1##*\/}; dbname=${dbname%.*}
local db=$1; [ -n "$2" ] && db="file:$1?mode=ro"
q_dbe "ATTACH DATABASE '$db' AS $dbname;"
}
close_dbe() {
#arg: <pid_of_parent>
# if arg empty close ultimately
#echo "dbe close start - $1; $DBE_PIDS_FILE; $DBE_PID"
[ -z "$DBE_PID" ] && return
[ ! -e "$DBE_PIDS_FILE" ] && return
local pids=($(< "$DBE_PIDS_FILE"))
local chgfl="" i;
for ((i=1; i<${#pids[@]}; i++)) do
if kill -0 ${pids[i]} &>/dev/null; then
[ "$1" = "${pids[$i]}" ] && { unset pids[i]; chgfl="1"; }
else
unset pids[i]; chgfl="1"
fi
done
if ((${#pids[@]}>1)); then
[ -n "$chgfl" ] && echo ${pids[@]} > "$DBE_PIDS_FILE"
return 1
fi
q_dbe ".quit"; unset DBE_PID; rm -f "$DBE_PIDS_FILE"
return 0
}
exit_proc() {
close_dbe $$; exit $1;
}
s2sq() {
local res="$1" v
v=${res:0:1}; stringinstring "$v" "'\"" && res=${res:1:-1}
res=${res//&/%26}; res="${res//\"/%22}"; res="${res//\'/%27}"
echo "$res"
}
sq2s() {
local res="$1"; [ "$res" = "\"\"" ] && return
res=${res//%26/&}; res="${res//%22/\"}"; res="${res//%27/\'}"
echo "$res"
}
colval_set_or_cond() {
#args: <col1,col2...> <val1&val2...> [cond] [values_delim='&']
#ret: string of columns and values for SET or for WHERE
# if cond='INS' returns list_cols&list_vals for INSERT env
local delim="&"; [ -n "$4" ] && delim="$4"
local ret="" r2="" key val keys=(${1//,/ });
OIFS=$IFS; IFS=$delim; local -a vals=($2); IFS=$OIFS
for idx in ${!keys[*]}; do
key=${keys[$idx]}; val=${vals[$idx]}
if [ -z "$3" ]; then # set env
[ "$val" = "NULL" -o "$val" = "null" ] && continue
ret+="${ret:+,}$key='$val'"
elif [ "$3" = "INS" ]; then # ins env
[ "$val" = "NULL" -o "$val" = "null" ] && continue
ret+="${ret:+,}$key"; r2+="${r2:+,}'$val'"
else # cond env
if [ "$val" = "NULL" -o "$val" = "null" ]; then
ret+="${ret:+ $4 }$key IS NULL"
else ret+="${ret:+ $4 }$key='$val'"
fi
fi
#echo "\"$key\" = \"$val\""
done
[ "$3" = "INS" ] && ret+="&$r2"
echo "$ret"
}
q_row_ins() {
#args: <table_name> <col1,col2...> <val1&val2...> [values_delim='&']
local colvals=$(colval_set_or_cond "$2" "$3" "INS" "$4")
local keys=${colvals%%&*} vals=${colvals#*&}
q_dbe "INSERT INTO $1($keys) VALUES($vals);"
}
q_rows_upd() {
#args: <table_name> <where_str> <col1,col2...> <val1&val2...> [values_delim='&']
local setls=$(colval_set_or_cond "$3" "$4" "" "$5")
q_dbe "UPDATE $1 SET $setls WHERE $2;"
}
q_vals_str_get() {
#args: <table_name> <where_str> <col1,col2...> [values_delim='&']
local d="&"; [ -n "$4" ] && d="$4";
local mode=".mode csv $1\n.separator '$d'\n"
local rs=$(qa_dbe "$mode" "SELECT count(*),$3 FROM $1 WHERE $2 LIMIT 1;") #"
[ "${rs%%$d*}" -gt "0" 2>/dev/null ] || { echo; return 1; }
local ret=${rs#*$d}; ret=${ret//\"/}
echo "$ret"
}
q_vals_strs_get() {
#args: <table_name> <where_str> <col1,col2...> [query_tail_str] [values_delim='&']
local d="&"; [ -n "$5" ] && d="$5";
local mode=".mode csv $1\n.separator '$d'\n"
local rs=$(qa_dbe "$mode" "SELECT $3 FROM $1 WHERE $2 $4;") #"
local ret=${rs//\"/}
echo "$ret"
}
str_eq_cond() {
#args: expr vals_str [vals_delim='|'] [NOT=""]
#ret: "expr IN ('A','B','C'...)" or "expr='A'"
local delim="|"; [ -n "$3" ] && delim="$3";
local comma="" ivs="$2" val vals="";
local inv1="" inv2=""
[ -n "$4" ] && { inv1="!"; inv2=" NOT"; }
[ -z "$ivs" ] && ivs="NULL" || ivs=${ivs//$delim/$'\n'}
while read val; do comma="${vals:+,}"; vals+="$comma'$val'"; done <<< "$ivs"
if [ -n "$comma" ]; then echo "$1$inv2 IN ($vals)"
elif [ "$ivs" = "NULL" ]; then echo "$1 IS$inv2 NULL"
else echo "$1$inv1=$vals"
fi
}
q_where_str() {
#arg: term1[&term2...]; term: <exp><cond><val_str>
#cond: = != > < >= <= ; val_str: val1[|val2...] or val_start,val_end
#ret: formated string for sqlite WHERE
local oifs=$IFS IFS='&' terms i res; terms=($1); IFS=$oifs
local pat exp cond inv vals start_val stop_val s simple
for ((i=0;i<${#terms[@]};i++)) {
local pat="([[:alnum:]]+)([^[:alnum:]]+)(.+)"
[[ "${terms[$i]}" =~ $pat ]] || continue
exp=${BASH_REMATCH[1]}; cond=${BASH_REMATCH[2]}; vals=${BASH_REMATCH[3]}
#echo "$exp : $cond : $vals" #debug
[ "${cond:0:1}" = "!" ] && inv=" NOT" || inv=""
simple=0; stringinstring '>' "$cond" && simple=1
[ "$simle" = "0" ] && stringinstring '<' "$cond" && simple=1
if stringinstring ',' "$vals"; then
start_val=$(cutfn "$vals" 0 ','); stop_val=$(cutfn "$vals" 1 ',')
s="$exp$inv BETWEEN $start_val AND $stop_val"
elif [ "$simple" = "0" ]; then
s=$(str_eq_cond "$exp" "$vals" "" "$inv")
else
s="$exp$cond$vals"
fi
res+=${res:+ AND }$s
}
echo "$res"
}
q_sort_str() {
#arg: exp1[!][,exp2...]
#if '!' present then DESC else ASC
#ret: formated string for sqlite ORDER BY
local oifs=$IFS IFS=',' terms i exp order res; terms=($1); IFS=$oifs
for ((i=0;i<${#terms[@]};i++)) {
exp=${terms[$i]}
if [ "${exp:(-1):1}" = "!" ]; then order="DESC"; exp=${exp::-1}
else order="ASC"
fi
res+="${res:+,}$exp $order"
}
echo "$res"
}
qtxt2cmdstrs() {
#params: <text from sqlite3 query (.mode line)>
#ret: nx command strings
local res="" fl="1" line k v;
while read line; do
[ -z "$line" ] && { res+=$'\n'; fl=1; continue; }
[ "$fl" = "1" ] && { res+="a=b&"; fl=0; }
k=$(trim "$(cutfn "$line" 0 '=')") #"
v=$(trim "$(cutfn "$line" 1 '=')") #"
res+="$k=$v&"
done <<< "$@"
echo "$res"
}
# ===========================================================================
# functions to read settings
set_vars_from_db() {
#args: [varnames_list_delimited_by_commas] [[username] [only_users_vars=""]]
# if varnames is empty str rquests all variables
# if username is empty str rquests all variables for NULL
# if username is not empty str rquests all variables user over NULL
# if username and only_users_vars are not empty str rquests users variables only
local mode=".mode csv settings\n.separator '&'\n"
local qstr0 qs_keys0="" qs_keys="" ts a qstr var value;
local keylist
[ -n "$1" ] && {
keylist="'${1//,/\',\'}'"
qs_keys0=" AND key IN ($keylist)"
qs_keys=" AND rs.key IN ($keylist)"
}
if [ -n "$2" ]; then
[ -n "$3" ] && \
qstr="SELECT key,value FROM settings WHERE user='$2' $qs_keys0;" || \
qstr="SELECT rs.key,coalesce(us.value,rs.value) \
as value FROM settings AS rs LEFT JOIN settings AS us ON us.key=rs.key \
AND us.user='$2' WHERE rs.user IS NULL $qs_keys;"
else
qstr="SELECT key,value FROM settings WHERE user IS NULL $qs_keys0;"
fi
#echo "$qstr" #debug
ts=$(qa_dbe "$mode" "$qstr"); #echo "$ts" #debug
while read line; do
[ -n "$line" ] || continue
local OIFS="$IFS"; local IFS='&'; a=($line); IFS="$OIFS"
var=${a[0]}; value=${a[1]}; value=${value//\"/}; value=$(sq2s "$value")
declare -g $var="$value";
#echo "$var=\"$value\"" #debug
done <<< "$ts"
}

85
nxkeygen Executable file
View File

@@ -0,0 +1,85 @@
#!/bin/bash
#
# /usr/NX/bin/nxkeygen
# Create a new client/server key pair
#
# Originally written for Gentoo Linux
#
# Author Stuart Herbert
# (stuart@gentoo.org)
#
# Copyright (c) 2004 Gentoo Foundation
# Released under v2 of the GNU GPL
#
# SVN: $Id: nxkeygen 512 2008-03-10 23:01:03Z fabianx $
#
# ========================================================================
# Read the config file
SHARED_CONFS="/usr/share/freenx-server"
. $SHARED_CONFS/nxfuncs
open_dbe $$
attach_db "$sq_settings_fn" ro || {
echo "Unable to attach db file $sq_settings_fn"; exit 1;
}
set_vars_from_db
[ -z "$NX_KEY_DIR" ] && NX_KEY_DIR="$NX_HOME_DIR/.ssh"
DATE="`date '+%Y%m%d-%H%M%S'`"
NX_CLIENT_KEY="${NX_KEY_DIR}/client.id_dsa.key"
NX_SERVER_KEY="${NX_KEY_DIR}/server.id_dsa.pub.key"
main () {
# create a new key
umask 177
$COMMAND_SSH_KEYGEN -q -t dsa -N '' -f ${NX_KEY_DIR}/local.id_dsa
# backup the existing keys
if [ -f "${NX_SERVER_KEY}" ]; then
echo "Backing up existing server key to ${NX_SERVER_KEY}.${DATE}"
mv -f "${NX_SERVER_KEY}" "${NX_SERVER_KEY}.${DATE}"
fi
if [ -f "${NX_CLIENT_KEY}" ]; then
echo "Backing up existing client key to ${NX_CLIENT_KEY}.${DATE}"
mv -f "${NX_CLIENT_KEY}" "${NX_CLIENT_KEY}.${DATE}"
fi
# put the new keys in place
mv -f "${NX_KEY_DIR}/local.id_dsa" "${NX_CLIENT_KEY}"
mv -f "${NX_KEY_DIR}/local.id_dsa.pub" "${NX_SERVER_KEY}"
for x in ${NX_CLIENT_KEY} ${NX_SERVER_KEY} ; do
chmod 600 $x
chown nx:root $x
done
# copy the key to the authorized_keys2 file
rm -f $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
echo -n "no-port-forwarding,no-agent-forwarding,command=\"$PATH_BIN/nxserver\" " >$NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
cat ${NX_SERVER_KEY} >> $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
# Fix ownership of $SSH_AUTHORIZED_KEYS, just in case nxkeygen is run without nxsetup.
chown nx:root $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
# now tell the user what to do
echo "Unique key generated; your users must install"
echo
echo " ${NX_CLIENT_KEY}"
echo
echo "on their computers."
}
if [ -f "${NX_SERVER_KEY}" -a -f "${NX_CLIENT_KEY}" -a \
! -z "$NX_DONT_OVERRIDE" ]; then
echo "Not overriding the existing key"
exit
fi
main "$@"
close_dbe $$

1487
nxnode Executable file
View File

File diff suppressed because it is too large Load Diff

105
nxnode-login Executable file
View File

@@ -0,0 +1,105 @@
#!/usr/bin/expect
#
# nxnode-login: spawns and controls ssh
#
# Copyright (c) 2004-2006 by Fabian Franz.
#
# License: GPL, version 2
#
# SVN: $Id: nxnode-login 512 2008-03-10 23:01:03Z fabianx $
#
# Syntax: nxnode-login {ssh|su|test-nx} user ssh-port executable command tosend
set auth_method [lindex $argv 0]
set user [lindex $argv 1]
set port [lindex $argv 2]
set executable [lindex $argv 3]
set command [lindex $argv 4]
set tosend [lindex $argv 5]
catch {set tosend $env(NXNODE_TOSEND)}
set command_ssh "ssh"
catch {set command_ssh $env(COMMAND_SSH)}
set host "127.0.0.1"
catch {set host $env(NODE_HOSTNAME)}
#
# Special test-nx instruction for nxsetup
#
if { "$auth_method"=="test-nx" } {
set stty_init "raw icrnl -echo"
set publickey ""
catch {set publickey $env(NODE_PUBLICKEY)}
set pid [spawn -noecho $command_ssh -2 -x -l "$user" "$host" -i "$publickey" -o "RhostsAuthentication no" -o "PasswordAuthentication no" -o "PubkeyAuthentication yes" -o "PreferredAuthentications publickey" -o "ConnectTimeout 3" -p "$port" "$executable $command" ]
while {1} {
expect {
"Are you sure you want to continue connecting*" { send "yes\r" }
"Permission denied*" { exit 1 }
"HELLO NXSERVER - Version*\n" {
break
}
}
}
expect "NX> 105" { send "quit\r" }
expect "NX> 999 Bye"
exit 0
}
#
# Log the user in via the supplied method.
#
expect_user -re "(.*)\n"
set password $expect_out(1,string)
set stty_init "raw icrnl -echo"
if { "$auth_method"=="ssh" } {
set pid [spawn -noecho $command_ssh -2 -x -l "$user" "$host" -o "NumberOfPasswordPrompts 1" -p "$port" "$executable $command" ]
} elseif { "$auth_method"=="su" } {
set env(LANG) "C"
set pid [spawn -noecho su - "$user" -c "$executable $command" ]
} elseif { "$auth_method"=="guest" } {
set pid [spawn -noecho $executable $command ]
} else {
exit 1
}
while {1} {
expect {
"Are you sure you want to continue connecting*" { send "yes\r" }
"assword*:" { sleep 0.3; send "$password\r" }
"SSH passphrase:" { sleep 0.3; send "$password\r" }
"Permission denied*" { exit 1 }
"su: Authentication failure" { exit 1 }
"NX> 1000 NXNODE - Version" {
break
}
}
}
if { "$tosend"!="" } {
send "$tosend\r"
}
expect {
"NX> 716 finished" { }
"NX> 700" {
set timeout -1
expect {
"NX> 1001 Bye." { exit 0 }
"NX> *" { exp_continue }
}
exit 0
}
"NX> 716 Public key is already present in:" { }
"NX> 716 Public key added to:" { }
"NX> 716 Terminating session * on user request." { }
"NX> 716 Suspending session * on user request." { }
"NX> 500 Error: " { exit 1}
}
expect "NX> 1001 Bye."

29
nxredir/Makefile Normal file
View File

@@ -0,0 +1,29 @@
PREFIX ?= /usr
PATH_BIN ?= $(PREFIX)/bin
PATH_LIB ?= $(PREFIX)/lib
CUPS_BACKEND ?= $(PREFIX)/lib/cups/backend
all: libnxredir.so
CC=gcc
CFLAGS=-g -O2 -Wall -fPIC
LIBNAME=libnxredir.so
VERSION=0
libnxredir.so: nxredir.o
$(CC) -fPIC $(CFLAGS) -nostdlib -shared -Wl,-soname,$(LIBNAME).$(VERSION) -o $(LIBNAME).$(VERSION) nxredir.o -ldl -lc
clean:
rm -f $(LIBNAME)
rm -f $(LIBNAME).$(VERSION)
rm -f *.o
install:
install -m755 -s $(LIBNAME).$(VERSION) $(DESTDIR)/$(PATH_LIB)/freenx-server/
install -m755 nxredir $(DESTDIR)/$(PATH_BIN)/
install -m755 nxsmb $(DESTDIR)/$(CUPS_BACKEND)/
sed -i -e 's|PATH_LIB=.*|PATH_LIB='$(PATH_LIB)'|' $(DESTDIR)/$(PATH_BIN)/nxredir
sed -i -e 's|PATH_LIB=.*|PATH_LIB='$(PATH_LIB)'|' $(DESTDIR)/$(CUPS_BACKEND)/nxsmb
sed -i -e 's|CUPS_BACKEND=.*|CUPS_BACKEND='$(CUPS_BACKEND)'|' $(DESTDIR)/$(CUPS_BACKEND)/nxsmb
.PHONY: clean install

21
nxredir/nxredir Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
PATH_LIB="/usr/lib"
NXREDIR_LIBRARY="$PATH_LIB/freenx-server/libnxredir.so.0"
if [ -z "$NXCUPS_PORT" -a -z "$NXSAMBA_PORT" ]
then
echo "nxredir: Redirect standard ports to nxproxy"
echo ""
echo "Usage: export NXCUPS_PORT='where_cups_is_running'"
echo " export NXSAMBA_PORT='where_samba_is_running'"
# invoke the program with the args given
exec "$@"
exit 0
fi
export LD_PRELOAD="$NXREDIR_LIBRARY${LD_PRELOAD:+:$LD_PRELOAD}"
# invoke the program with the args given
exec "$@"

116
nxredir/nxredir.c Normal file
View File

@@ -0,0 +1,116 @@
/*
* libnxredir - Redirect certain ports to other forwarded ports.
*
* Copyright (c) 2005-2008 by Fabian Franz <freenx@fabian-franz.de>.
*
* License: GPL, version 2
*
* Based on TSOCKS - Wrapper library for transparent SOCKS
*
* Copyright (C) 2000 Shaun Clowes
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
*/
char *progname = "libnxredir"; /* Name used in err msgs */
#define _GNU_SOURCE
/* Header Files */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <dlfcn.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
#include <strings.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/poll.h>
#include <sys/time.h>
#include <pwd.h>
#include <errno.h>
#include <fcntl.h>
#include <stdarg.h>
#include <sys/un.h>
#define CONNECT_SIGNATURE int __fd, const struct sockaddr * __addr, socklen_t __len
static int (*realconnect)(CONNECT_SIGNATURE);
/* Exported Function Prototypes */
void _init(void);
int connect(CONNECT_SIGNATURE);
void _init(void)
{
realconnect = dlsym(RTLD_NEXT, "connect");
}
int is_local(struct in_addr *testip) {
if (testip->s_addr == htonl(0x7f000001))
return(1);
return(0);
}
int connect(CONNECT_SIGNATURE)
{
struct sockaddr_in *connaddr;
struct sockaddr_in peer_address;
int sock_type = -1;
socklen_t sock_type_len = sizeof(sock_type);
socklen_t namelen = sizeof(peer_address);
if (realconnect == NULL) {
perror("Unresolved symbol: connect\n");
return(-1);
}
connaddr = (struct sockaddr_in *) __addr;
/* Get the type of the socket */
getsockopt(__fd, SOL_SOCKET, SO_TYPE,
(void *) &sock_type, &sock_type_len);
/* If this isn't an INET socket for a TCP stream we can't */
/* handle it, just call the real connect now */
if ((connaddr->sin_family != AF_INET) || (sock_type != SOCK_STREAM))
return(realconnect(__fd, __addr, __len));
/* If the socket is already connected, just call connect */
/* and get its standard reply */
if (!getpeername(__fd, (struct sockaddr *) &peer_address, &namelen))
return(realconnect(__fd, __addr, __len));
/* If the address is not local call realconnect */
if (!is_local(&(connaddr->sin_addr)))
return(realconnect(__fd, __addr, __len));
/* CUPS */
if ((getenv("NXCUPS_PORT") != NULL) && connaddr->sin_port==htons(631))
connaddr->sin_port=htons(atoi(getenv("NXCUPS_PORT")));
/* SAMBA */
if ((getenv("NXSAMBA_PORT") != NULL) && (connaddr->sin_port==htons(139) || connaddr->sin_port==htons(445)))
connaddr->sin_port=htons(atoi(getenv("NXSAMBA_PORT")));
return realconnect(__fd, __addr, __len);
}

45
nxredir/nxsmb Executable file
View File

@@ -0,0 +1,45 @@
#!/bin/sh
#
# nxsmb: Small wrapper for the SMB backend to be able to print to CIFS or SMB ports directly.
#
# Copyright (c) 2008 by Fabian Franz.
#
#
# turn on DEBUG?
#set -x -v
CUPS_BACKEND="/usr/lib/cups/backend"
PATH_LIB="/usr/lib"
NXREDIR_LIBRARY="$PATH_LIB/freenx-server/libnxredir.so.0"
COMMAND_SMB="$CUPS_BACKEND/smb"
PORT=$(echo $DEVICE_URI | cut -d/ -f3 | cut -d@ -f2 | cut -d: -f2)
PROTOCOL=$(echo $DEVICE_URI | cut -d/ -f4)
PRINTER=$(echo $DEVICE_URI | cut -d/ -f5)
if [ -z "$PRINTER" ]; then # old style setup
echo "Warning: Not using nxredir library. The DEVICE_URI is not in the right format."
exec "$COMMAND_SMB" "$@"
fi
if [ ! -x "$NXREDIR_LIBRARY" ]; then
# repair DEVICE_URI
DEVICE_URI=$(echo $DEVICE_URI | sed "s|/$PROTOCOL||g")
echo "Error: Not using nxredir library. $NXREDIR_LIBRARY could not be found or is not executable."
exec "$COMMAND_SMB" "$@"
fi
if [ "$PROTOCOL" = "cifs" -o "$PROTOCOL" = "CIFS" ]; then
REAL_PORT="445"
else
REAL_PORT="139"
fi
DEVICE_URI=$(echo $DEVICE_URI | sed "s|:$PORT/$PROTOCOL/|:$REAL_PORT/|g")
export DEVICE_URI=$(echo $DEVICE_URI | sed "s|nxsmb://|smb://|g")
export NXSAMBA_PORT="$PORT"
export LD_PRELOAD="$NXREDIR_LIBRARY${LD_PRELOAD:+:$LD_PRELOAD}"
exec "$COMMAND_SMB" "$@"

1515
nxserver Executable file
View File

File diff suppressed because it is too large Load Diff

814
nxsetup Executable file
View File

@@ -0,0 +1,814 @@
#!/bin/bash
# Coypright (c) 2004-2005 by Fabian Franz <freenx@fabian-franz.de>.
# 2005 by Jon Severinsson <jonno@users.berlios.de>.
# 2023 by Dmitry Borisov <i@dimbor.ru>
#
# License: GNU GPL, version 2
HELP="no"; INSTALL="no"; SETUP_NOMACHINE_KEY="no"
SETUP_UID=""; SETUP_GID=""; LOCAL_USER_OPTION=""
# luseradd / luserdel are only available on RedHat
[ -f /etc/redhat-release ] && LOCAL_USER_OPTION="yes"
# altlinux have /etc/redhat-release file but don't have luseradd / luserdel commands
[ -f /etc/altlinux-release ] && LOCAL_USER_OPTION="no"
SETUP_LOCAL_USER="no"; CLEAN="no"; UNINSTALL="no"
PURGE="no"; BUILD_KNOWN_HOSTS="yes"; AUTOMATIC="no"
IGNORE_ERRORS="no"; MKDB="no"
if [ $UID -ne 0 ]; then
echo "You need to be root to use this program."
exit 1
fi
parse_cmdline() {
while [ "$1" ]; do
case "$1" in
--help) HELP="yes"; shift ;;
--install) INSTALL="yes"; shift ;;
--mkdb|mkdb|--reload) MKDB="yes"; shift ;;
--ignore-errors) IGNORE_ERRORS="yes"; shift;;
--setup-nomachine-key) SETUP_NOMACHINE_KEY="yes"; shift ;;
--dont-build-known-hosts) BUILD_KNOWN_HOSTS="no"; shift;;
--uid) SETUP_UID=$2; shift 2 ;;
--gid) SETUP_GID=$2; shift 2 ;;
--localuser) SETUP_LOCAL_USER="yes"; shift;;
--clean) CLEAN="yes"; shift ;;
--uninstall) UNINSTALL="yes"; shift ;;
--purge) PURGE="yes"; shift ;;
--auto) AUTOMATIC="yes"; shift ;;
--test) TEST="yes"; shift ;;
--) shift ; break ;;
*) echo "Invalid flag $1" ; HELP="yes"; shift ; break ;;
esac
done
[ "$TEST" = "yes" ] && return # If we just test, we can return directly
#Check for invalid combinations:
[ "$SETUP_LOCAL_USER" = "yes" -a -z "$LOCAL_USER_OPTION" ] && HELP="yes"
[ "$INSTALL" = "yes" -a "$UNINSTALL" = "yes" ] && HELP="yes"
[ "$INSTALL" = "yes" -a "$CLEAN" = "no" -a "$PURGE" = "yes" ] && HELP="yes"
[ "$UNINSTALL" = "yes" ] && [ "$SETUP_NOMACHINE_KEY" = "yes" -o \
-n "$SETUP_UID" -o "$CLEAN" = "yes" ] && HELP="yes"
[ "$UNINSTALL" = "yes" -a "$CLEAN" = "yes" ] && HELP="yes"
if [ "$INSTALL" = "no" -a "$UNINSTALL" = "no" -a \
"$AUTOMATIC" = "no" -a "$HELP" = "no" -a "$MKDB" = "no" ]; then
HELP="yes"
fi
[ "$INSTALL" = "yes" -o "$AUTOMATIC" = "yes" ] && MKDB="yes"
if [ "$HELP" = "yes" ]; then
echo "nxsetup - Setup the FreeNX server."
echo "Syntax: nxsetup --help"
echo " nxsetup --reload"
echo " nxsetup --mkdb"
echo " nxsetup --test [--ignore-errors]"
echo " nxsetup --install [--setup-nomachine-key] [--uid <nummber>] [--clean [--purge]]"
echo " nxsetup --uninstall [--purge]"
echo
echo " --help Display this help message."
echo " --reload Reload nxsettings db."
echo " --mkdb Reload nxsettings db."
echo " --test Test the configuration and connection to localhost NX Server."
echo " --install Install necessary files and add the special user \"nx\"."
echo " --ignore-errors Check for false configuration, but don't complain."
echo " --setup-nomachine-key Allow login with the key shipped with the NoMachine"
echo " client. This is fairly secure, and it simplifies the "
echo " configuration of clients. (Using a custom key pair."
echo " increases security even more, but complicates the"
echo " configuration of clients.)"
echo " Use this option at your own risk."
echo " --uid <number> Give the uid <number> to the user \"nx\"."
echo " --gid <number> Give the gid <number> to the user \"nx\"."
[ -n "$LOCAL_USER_OPTION" ] && \
echo " --localuser The special user \"nx\" will be created locally using"
echo " \"luseradd\", for use in NIS and NISplus environments."
echo " --clean Perform an uninstallation prior to installation."
echo " --uninstall Remove log and session files, as well as the special"
echo " user \"nx\"."
echo " --purge Remove extra configuration files and ssh keys when"
echo " performing a \"--uninstall\"."
echo " Note that node.conf will always be saved."
echo " --auto Perform automatic installation without testing or asking."
exit 0
fi
#Undocumented
#
# --dont-build-known-hosts For system without /etc/ssh/ssh_host_key.rsa.pub and anyway
# expect should handle nx-users known-hosts keys so why borther
# in nxsetup?
if [ "$INSTALL" = "yes" -a "$AUTOMATIC" = "no" -a \
"$SETUP_NOMACHINE_KEY" = "no" ]; then
echo "------> It is recommended that you use the NoMachine key for"
echo " easier setup. If you answer \"y\", FreeNX creates a custom"
echo " KeyPair and expects you to setup your clients manually. "
echo " \"N\" is default and uses the NoMachine key for installation."
echo ""
echo -n " Do you want to use your own custom KeyPair? [y/N] "
read -n 1 CHOICE
[ "$CHOICE" = "y" ] || SETUP_NOMACHINE_KEY="yes"
fi
}
parse_cmdline "$@"
#======================= nxsettings db manipulatios =========================
SHARED_CONFS="/usr/share/freenx-server"
. $SHARED_CONFS/nxfuncs
ex_rules_cols="val_type,val_depend,val_check"; acl_user="#ACL#"
all_cols="user,key,value,$ex_rules_cols"
conf_buf=""; txt_err=""; txt_warn=""; txt_info="";
qs_create_settings="CREATE TABLE IF NOT EXISTS nxsettings.settings(\
user TEXT, key TEXT NOT NULL, value, val_type TEXT, \
val_depend TEXT, val_check TEXT, PRIMARY KEY(user,key));"
keyslst_for_user() {
#arg: [username] [table='settings']
#ret: keynames delimited by '\n'
local qstr res wstr table;
[ -n "$1" ] && wstr="WHERE user='$1'" || wstr="WHERE user IS NULL"
table="settings"; [ -n "$2" ] && table="$2"
qstr="SELECT key FROM $table $wstr;"
res=$(qa_dbe0 "$qstr"); echo "$res"
}
values_str_from_db() {
#args: key <col1,col2...> [username] [table='settings']
local ucond table qstr r a res;
ucond=" IS NULL"; [ -n "$3" -a "$3" != "NULL" ] && ucond="='$3'"
table="settings"; [ -n "$4" ] && table="$4"
qstr="SELECT $2 FROM $table WHERE user$ucond AND key='$1' LIMIT 1;"
r=$(qa_dbe0 "$qstr"); OIFS="$IFS"; IFS='&'; local a=($r)
res="${a[*]}"; IFS="$OIFS"
echo "${res//\"/}"
}
values_update_db() {
#args: key <col1,col2...> <val1&val2...> [username] [table='settings']
local ucond table qstr upd_s ins_s ik0="" iv0="" ik iv;
ucond=" IS NULL"; [ -n "$4" -a "$4" != "NULL" ] && ucond="='$4'"
table="settings"; [ -n "$5" ] && table="$5"
qstr=$(colval_set_or_cond "$2" "$3"); [ -n "$qstr" ] || return
upd_s="UPDATE $table SET $qstr WHERE user$ucond AND key='$1';"
[ -n "$4" ] && { ik0="user,"; iv0="'$4',"; }
qstr=$(colval_set_or_cond "$2" "$3" "INS"); ik=${qstr%&*}; iv=${qstr#*&}
ins_s="INSERT INTO $table($ik0""key,$ik) SELECT $iv0""'$1',$iv WHERE (SELECT Changes()=0);"
#echo "$upd_s" "$ins_s"
q_dbe0 "$upd_s" "$ins_s"
}
# ===========================================================================
parse_conf_buf() {
#args: user [is_defs] [table='settings']
local ex_vals="type depend check" l0 l ukv="" ik="" iv="";
local key val a0 a first cn cv upd_s ins_s v;
local table="settings"; [ -n "$3" ] && table="$3"
while read l0; do
[ -n "$l0" ] || continue
l=($l0); first=${l[0]:0:1}
if [ "$first" = "#" ]; then
[ -z "$2" ] && continue
# parse comment for extras
l[0]=${l[0]:1}
[ "${l[0]}" = "@" ] && { # set extra column
unset l[0];
a0="${l[@]}"; OIFS="$IFS"; IFS=':'; a=($a0); IFS="$OIFS"
cn=$(trim "${a[0]}"); stringinstring "$cn" "$ex_vals" || continue
#cv=$(trim "${a[@]:1}"); # this kills all colons :(
cv=$(trim "${l0#*:}"); cv=$(s2sq "$cv")
ukv="$ukv,val_$cn='$cv'";
ik="$ik,val_$cn"; iv="$iv,'$cv'"
#echo "!$cn !$cv"
}
continue
fi
[[ "${l[0]:0:1}" =~ [[:upper:]] ]] || continue
# there can be more than one char '=' per line
key=$(trim "${l%%=*}"); [ "$l" = "$key" ] && continue
val=$(trim "${l[@]#*=}"); val=$(s2sq "$val")
# fake upsert to db
uk0="user IS NULL AND "; ik0=""; iv0="";
[ -n "$1" ] && { uk0="user='$1' AND "; ik0="user,"; iv0="'$1',"; }
upd_s="UPDATE $table SET value='$val'""$ukv WHERE $uk0""key='$key';"
ins_s="INSERT INTO $table($ik0""key,value""$ik) SELECT $iv0""'$key','$val'$iv WHERE (SELECT Changes()=0);"
q_dbe0 "$upd_s" "$ins_s"
ukv=""; ik=""; iv=""
done <<< "$conf_buf"
}
check_value() {
#args: <key> <value> <type> <cond> <user> [err_log] [ro=""] [table='settings']
local err_log="" msg="" key=$1 val="$2" cond="$4" nval="$2" umsg="";
local mpref="! $umsg""$key = '$val' " notempty="" act="";
local nump='^'"$num_pattern"'$' cl min max a OIFS;
local cnd cval lst nexe ug local mode mask;
local ma set_ug set_mode res st table;
[ -n "$6" ] && err_log=$6; [ -n "$5" -a "$5" != "NULL" ] && umsg="[$5] "
table="settings"; [ -n "$8" ] && table="$8"
stringinstring "notempty" "$cond" && \
{ notempty="1"; cond=$(trim "${cond/notempty/}"); }
stringinstring "perform" "$cond" && \
{ act="1"; cond=$(trim "${cond/perform/}"); }
case "$3" in
bool) [ "$val" = "0" -o "$val" = "1" ] || {
msg="$mpref must be 0/1, forced to;"$'\n'
[ -n "$val" ] && nval="1" || nval="0"
} ;;
int)
[[ $val =~ $nump ]] || {
msg="$mpref must be the number, forced to 0;"$'\n'; nval="0";
}
[ -n "$cond" ] && {
cl=($cond); min="${cl[0]}"; max="${cl[1]}";
[ -n "$min" ] && {
if ! [[ $min =~ $nump ]]; then
min="${!min}"; [[ $min =~ $nump ]] || min=""
fi
}
[ -n "$max" ] && {
if ! [[ $max =~ $nump ]]; then
max="${!max}"; [[ $max =~ $nump ]] || max=""
fi
}
[ -n "$min" ] && ((val<min)) && \
msg="$mpref is less than MIN value $min;"$'\n'
[ -n "$max" ] && ((val>max)) && \
msg="$mpref is greater than MAX value $max;"$'\n'
} ;;
string)
if [ -n "$notempty" ]; then
[ -z "$val" ] && \
msg="$mpref. Is empty! Set it please;"$'\n'
elif [ -n "$cond" ]; then
cnd=($cond); cval=($val);
[ "${cnd[0]}" = "path" ] && { cval[0]=${cval[0]%/*}; cnd[0]="dir"; }
if [ "${cnd[0]}" = "list:" ]; then
OIFS="$IFS"; local IFS='%'; a=($cond); IFS="$OIFS"; lst=${a[1]}
stringinstring "${cval[0]}" "$lst" || \
msg="! $umsg""$key = '${cval[0]}' value is not in ($lst);"$'\n'
elif stringinstring "${cnd[0]}" "dir,exe,file"; then
if [ -z "${cval[0]}" ]; then
msg="$mpref. Is empty! Set it;"$'\n'
else
if [ "${cnd[0]}" = "exe" -a ! -x "${cval[0]}" ]; then
nexe="$(which ${cval[0]} 2>/dev/null)"
[ -n "$nexe" ] && {
cval[0]=$nexe; nval="${cval[@]}"; err_log=""
} || \
msg="! $umsg""$key = '${cval[0]}': file is not executable;"$'\n'
elif [ "${cnd[0]}" = "dir" ]; then
[ -d "${cval[0]}" ] || \
msg="! $umsg""$key = '${cval[0]}': dir is not found;"$'\n'
elif [ "${cnd[0]}" = "file" ]; then
[ -f "${cval[0]}" ] || \
msg="! $umsg""$key = '${cval[0]}': file is not found;"$'\n'
fi
ug=""; mode=""; mask="";
if [ -n "${cnd[1]}" ]; then
for ((i=1; i<${#cnd[*]}; i++)) do # to collect attrs
if [ "${cnd[$i]:0:1}" = "&" ]; then
cnd[$i]=${cnd[$i]:1}; mask="1";
fi
if [[ ${cnd[$i]:0:1} =~ $nump ]]; then
mode=${cnd[$i]};
while [ "${mode:0:1}" = "0" ]; do mode=${mode:1}; done
else ug=${cnd[$i]}
fi
done
ma=($(stat -c '%U:%G %a' "${cval[0]}" 2>/dev/null));
set_ug=""; set_mode=""; res="";
if [ -n "$msg" -a -n "$act" -a "${cnd[0]}" != "exe" ]; then
if [ "${cnd[0]}" = "dir" ]; then
mkdir -p "${cval[0]}" 2>/dev/null
[ -d "${cval[0]}" ] && { set_mode="1"; set_ug="1"; }
else
touch "${cval[0]}" 2>/dev/null
[ -f "${cval[0]}" ] && { set_mode="1"; set_ug="1"; }
fi
[ -n "$set_mode" ] && \
msg=" $umsg""$key = '${cval[0]}': ${cnd[0]} is not found > Created;"$'\n'
else # check file attrs
ma=($(stat -c '%U:%G %a' "${cval[0]}"));
if [ -n "$ug" -a "$ug" != "${ma[0]}" ]; then
msg+="! $umsg""$key = '${cval[0]}': owners [${ma[0]}] is not \"$ug\";"$'\n'
[ -n "$act" ] && set_ug="1"
fi
if [ -n "$mode" ]; then
if [ -n "$mask" ]; then
res=$(printf '%o' $(( 0$mode & 0${ma[1]} )))
[ "$res" = "$mode" ] || {
msg+="! $umsg""$key = '${cval[0]}': mode [${ma[1]}] does not match the mask '$mode';"$'\n'
[ -n "$act" ] && set_mode="1"
}
elif [ "${ma[1]}" != "$mode" ]; then
msg+="! $umsg""$key = '${cval[0]}': mode [${ma[1]}] is not equal '$mode';"$'\n'
[ -n "$act" ] && set_mode="1"
fi
fi
fi
if [ -n "$set_ug" -a -n "$ug" ]; then
msg+="$umsg"" $key = '${cval[0]}' < owners change to '$ug'"
chown $ug "${cval[0]}" 2>/dev/null && st="OK" || st="FAILED"
msg+=" > $st;"$'\n'
fi
if [ -n "$set_mode" -a -n "$mode" ]; then
[ -n "$mask" ] && \
mode=$(printf '%o' $(( 0$mode | 0${ma[1]} )))
msg+="$umsg"" $key = '${cval[0]}' < mode change to '$mode'"
[ "${#mode}" = "3" ] && mode="00$mode"
chmod $mode "${cval[0]}" 2>/dev/null && st="OK" || st="FAILED"
msg+=" > $st;"$'\n'
fi
fi
fi
fi
fi
#msg="$umsg"" key $key ($3)='$val' checking: '$cond'"$'\n'
;;
esac
[ "$val" = "$nval" ] || {
[ -n "$7" ] || \
values_update_db $key "value" "$(s2sq "$nval")" "$5" "$table"
msg+=" $key < '$nval';"$'\n'; val="$nval"
}
[ -n "$5" ] || declare -g $key="$val" # expand not user's vals only ???
[ -n "$msg" ] && {
[ -n "$err_log" ] && txt_err+="$msg" || txt_warn+="$msg"
}
}
check_value_advanced() {
#args: <key> <value> <type> <cond> <user> [err_log] [ro=""] [table='settings']
local err_log=""; [ -n "$6" ] && err_log=$6
local msg="" key=$1 val="$2" nval="$2"
local umsg=""; [ -n "$5" ] && umsg="[$5] "
local table="settings"; [ -n "$8" ] && table="$8"
local mpref="! $umsg""$key = '$val'" ver;
case "$1" in
NX_LICENSE)
ver=$(rematchfn 'NXAGENT - Version ([[:digit:][:punct:]]+)' \
"$($COMMAND_NXAGENT -version 2>&1)") #'
# it was "$(strings $COMMAND_NXAGENT)"
if [ -n "$ver" ]; then
nval=${NX_LICENSE/\%BACKEND\%/$ver}; err_log=""
else msg="$mpref: backend version is not found;"$'\n'
fi
;;
COMMAND_GDM_X_SESSION)
[ ! -x "${val%% *}" ] && {
nval="/etc/X11/Xsession"; err_log=""
}
;;
esac
#echo "# $1($3)='$2' advanced checking." #debug
[ "$val" = "$nval" ] || {
[ -n "$7" ] || \
values_update_db $key "value" "$(s2sq "$nval")" "$5" "$table"
msg+=" $key < '$nval';"$'\n'; val="$nval"
}
[ -n "$4" ] || declare -g $key="$val" # expand not user's vals only ???
[ -n "$msg" ] && {
[ -n "$err_log" ] && txt_err+="$msg" || txt_warn+="$msg"
}
}
check_keyvals() {
#args: [username] [ro=""] [table='settings']
#echo "$(date "+%T.%3N"): $FUNCNAME" #debug
local table="settings"; [ -n "$3" ] && table="$3"
local keys=$(keyslst_for_user "$1" "$table") r a ad;
local value val_type val_depend val_check;
local err_log dep_for_null vdep tdep nval;
for key in $keys; do
#echo "$(date "+%T.%3N"): ----- $key" #debug
r=$(values_str_from_db $key "value,$ex_rules_cols" "$1" "$table")
OIFS="$IFS"; IFS='&'; a=($r); IFS="$OIFS";
value=$(sq2s "${r%%&*}"); val_type=$(sq2s "${a[1]}");
val_depend=$(sq2s "${a[2]}"); val_check=$(sq2s "${a[3]}");
err_log=""; stringinstring "error" "$val_check" && \
{ err_log="1"; val_check=$(trim "${val_check/error/}"); }
# don't check if depend condition is set and not match
dep_for_null=""
[ -n "$val_depend" ] && {
local first=${val_depend:0:1}
[ "$first" = "!" ] && { val_depend=${val_depend:1}; dep_for_null="1"; }
r=$(values_str_from_db $val_depend "value,val_type" "$1" "$table")
OIFS="$IFS"; IFS='&'; ad=($r); IFS="$OIFS"
vdep=${ad[0]}; tdep=${ad[1]}
[ -z "$dep_for_null" ] && {
case "$tdep" in
bool) [ "$vdep" = "1" ] || continue ;;
string) [ -n "$vdep" ] || continue ;;
int) [ "$vdep" -ne "0" ] || continue ;;
esac
} || {
case "$tdep" in
bool) [ "$vdep" = "1" ] && continue ;;
string) [ -n "$vdep" ] && continue ;;
int) [ "$vdep" -ne "0" ] && continue ;;
esac
}
#echo "$key -> $val_depend ($tdep): '$vdep' $dep_for_null"
}
if stringinstring "rt_expand" "$val_check"; then
val_check=$(trim "${val_check/rt_expand/}")
elif [ "$val_type" = "string" ]; then # expand if no rt_expand only
#nval="${value@P}" # value from db (need to "ORDER BY rowid" in keylist)
nval="${!key}" # expands/chg defaults by means 'bash source *.conf'
[ -n "$nval" -a "$value" != "$nval" ] && {
[ -n "$2" ] || \
values_update_db $key "value" "$(s2sq "$nval")" "$1" "$table"
#txt_warn+=" $key ['$value'] < '$nval';"$'\n'
txt_warn+=" $key < '$nval';"$'\n'
value="$nval"
}
fi
stringinstring "advanced" "$val_check" && {
val_check=$(trim "${val_check/advanced/}")
check_value_advanced $key "$value" "$val_type" \
"$val_check" "$1" "$err_log" "$2" "$table"
continue
}
check_value "$key" "$value" "$val_type" \
"$val_check" "$1" "$err_log" "$2" "$table"
#echo "$key ($val_type) /$val_check/: $value"
done
}
parse_defaults() {
#arg: [table='settings']
local table="settings"; [ -n "$1" ] && table="$1"
local confd=$SHARED_CONFS/node.conf.def curd=$(pwd)
echo "Parse default settings in $confd:"; cd $confd
for fn in *.{cnf,conf}; do [ -r $fn ] && . $fn; done
for fn in *.{cnf,conf}; do
[ -r $fn ] || continue; echo -n " $fn ..";
conf_buf="$(< $fn)"; parse_conf_buf "" 1 "$table"; echo " done."
done
cd $curd
}
parse_settings() {
#arg: [table='settings']
local table="settings"; [ -n "$1" ] && table="$1"
local confd="node.conf.d" fn;
echo "Parse system settings in $NX_ETC_DIR:"; curd=$(pwd)
cd $NX_ETC_DIR
for fn in $confd/*.conf node.conf; do [ -r $fn ] && . $fn; done
for fn in $confd/*.conf node.conf; do
[ -r $fn ] || continue; echo -n " $fn ...";
conf_buf="$(< $fn)"; parse_conf_buf "" "" "$table";
echo " done."
done
cd $curd
}
parse_users_settings() {
#arg: [table='settings']
local table="settings"; [ -n "$1" ] && table="$1"
local fn un qstr ukeys key exvals;
echo "Parse users settings:"; curd=$(pwd)
cd $NX_ETC_DIR
for fn in *.conf; do
[ -r $fn ] || continue; un=${fn//.conf/}
getent passwd "$un" >/dev/null || continue
echo -n " $fn ...";
. $fn; conf_buf="$(< $fn)"; parse_conf_buf "$un" "" "$table"
echo -n " check rules for $un ..."
# user extras setup scrutch
ukeys=$(keyslst_for_user "$un" "$table")
for key in $ukeys; do
echo -n " $key ..."
qstr="SELECT $ex_rules_cols FROM "$table""
qstr+=" WHERE user IS NULL AND key='$key' LIMIT 1;"
exvals=$(qa_dbe0 "$qstr"); exvals=${exvals//\"/}
values_update_db $key "$ex_rules_cols" "$exvals" "$un" "$table"
done
done
echo " done."
cd $curd
}
parse_acl() {
#args: filename [table='settings'] userlist grouplist
local table="settings"; [ -n "$2" ] && table="$2"
local un=${1##*/} user; un=${un%%\.*}; user="#$un" # user
local buf l key val val_dep val_chk ns=0 upd_s ins_s v;
local val_type i ca ans s ov a
if [ "$un" = "all" ]; then user="@$un"
elif ! stringinstring "$un" "$3"; then
stringinstring "$un" "$4" && user="*$un" # group
fi
buf="$(< $1)"
#echo $1
while read l; do
l="$(trim "$l")"; ((ns++))
[ -n "$l" ] || continue
[ "${l:0:1}" = "#" ] && continue
#echo "$l" #debug
key="$(trim "${l%%\%\%\%*}")"; key=$(s2sq "$key");
stringinstring "%%%" "$l" && l="$(trim "${l#*\%\%\%}")" || l=""
val="$(trim "${l%%\%\%\%*}")";
if [ "$key" != "@shadow@" ]; then
val=$(s2sq "$val"); val_type=""
stringinstring "%%%" "$l" && l="$(trim "${l#*\%\%\%}")" || l=""
val_dep="$(trim "${l%%\%\%\%*}")"; val_dep=$(s2sq "$val_dep")
else # parse shadow acl
val=$(trim "${val//\,/ }"); ans=($val); ca=${#ans[@]}
val=""; val_type=""; val_dep="";
for ((i=0; i<$ca; i++)) {
s=${ans[i]}
[ "${s:0:1}" != "#" ] && ov=0 || { ov=1; s=${s:1}; }
[ "${s:(-1):1}" != "!" ] && a=1 || { a=0; s=${s::-1}; }
val+="${val:+,}$s"; val_type+="${val_type:+,}$ov";
val_dep+="${val_dep:+,}$a";
}
fi
val_chk=$(printf "%04d" $ns)
#echo "$user; $key; $val; $val_dep; $val_chk"; #continue #debug
# fake upsert to db
upd_s="UPDATE $table SET value='$val',val_type='$val_type', \
val_depend='$val_dep', val_check='$val_chk' WHERE user='$user' AND key='$key';"
ins_s="INSERT INTO $table(user,key,value,val_type,val_depend,val_check) \
SELECT '$user','$key','$val','$val_type','$val_dep','$val_chk' \
WHERE (SELECT Changes()=0);"
q_dbe "$upd_s" "$ins_s"
#echo "$upd_s" "$ins_s" #debug
val=""; val_dep=""; val_chk=""
done <<< "$buf"
}
parse_acl_dir() {
#arg: [table='settings']
local table="settings"; [ -n "$1" ] && table="$1"
local ffn str ulist="" glist=""
while read str; do
str=${str%%:*}; ulist+="${ulist:+$' '}$str"
done <<< "$(getent passwd)"
while read str; do
str=${str%%:*}; glist+="${glist:+$' '}$str"
done <<< "$(getent group)"
echo "Parse $NX_ACL_DIR:";
for ffn in $NX_ACL_DIR/*; do
stringinstring "README" "$ffn" && continue
[ -r $ffn ] || continue; echo -n " ${ffn##*/} ...";
parse_acl "$ffn" "$table" "$ulist" "$glist";
done
echo " done."
}
open_dbe $$
[ ! -f $sq_settings_fn ] && MKDB="yes"
if [ "$MKDB" = "yes" ]; then
table="mem.settings"
echo "$(date "+%T.%3N"): mem.settings mkdb starting"
q_dbe0 "ATTACH DATABASE ':memory:' AS mem;" \
"${qs_create_settings/nxsettings/mem}";
parse_defaults "$table";
parse_settings "$table";
parse_users_settings "$table";
check_keyvals "" "" "$table"
[ -d "$NX_ACL_DIR" ] && parse_acl_dir "$table"
[ -n "$txt_warn" ] && { echo; echo "Checking results:"; echo "$txt_warn"; }
[ -n "$txt_err" ] && { echo; echo "!!! ERRORS !!!"; echo "$txt_err"; }
txt_err=""; txt_warn=""; txt_info="";
echo "$(date "+%T.%3N"): nxsettings mkdb attach"
attach_db "$sq_settings_fn"|| {
echo "Unable to attach $sq_settings_fn"; exit_proc 1; }
q_dbe0 "DROP TABLE IF EXISTS nxsettings.settings;" "$qs_create_settings" \
"INSERT INTO nxsettings.settings($all_cols) SELECT $all_cols FROM $table;"
echo "$(date "+%T.%3N"): nxsettings mkdb stop"
else
attach_db "$sq_settings_fn" ro || {
echo "Unable to attach db file $sq_settings_fn"; exit_proc 1;
}
set_vars_from_db
fi
#============================================================================
run_nscd() {
NSCD="nscd"
if [ -f /var/run/nscd/nscd.pid ]; then
$NSCD "$@" 2>/dev/null || true
fi
}
install_nx() {
if [ ! -f $NX_ETC_DIR/users.id_dsa ]; then
$COMMAND_SSH_KEYGEN -f $NX_ETC_DIR/users.id_dsa -t dsa -N ""
fi
echo "For backward compatibility to Nomachine, freenx works with dss-keys only."
echo "Please add string \"PubkeyAcceptedKeyTypes=+ssh-dss\" in sshd_config"
echo "and ssh_config if required. This is actual for modern openssh servers."
echo -n "Setting up user and group nx ..."
useradd -g nx -G utmp -d /var/lib/nxserver/home/ \
-s /usr/bin/nxserver -c "NX System User" nx 2>/dev/null
echo "done"
echo -n "Setting up $NX_SESS_DIR ..."
chmod 770 $NX_SESS_DIR
echo "done"
echo -n "Setting up $NX_LOGFILE ..."
mkdir -p $(dirname "$NX_LOGFILE")
touch "$NX_LOGFILE"
chmod 660 "$NX_LOGFILE"
echo "done"
echo -n "Setting up known_hosts and $SSH_AUTHORIZED_KEYS ..."
SETUP_NX_KEY="no"
mkdir -p $NX_HOME_DIR/.ssh
chmod 700 $NX_HOME_DIR/ $NX_HOME_DIR/.ssh
if [ ! -f $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS -o \
"$SETUP_NOMACHINE_KEY" = "yes" ]; then
SETUP_NX_KEY="yes"
if [ "$SETUP_NOMACHINE_KEY" = "yes" ]; then
cat << EOF >$NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS
no-port-forwarding,no-agent-forwarding,command="$PATH_BIN/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@nettuno
EOF
chmod 600 $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS
cat << EOF >$NX_HOME_DIR/.ssh/client.id_dsa.key
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCXv9AzQXjxvXWC1qu3CdEqskX9YomTfyG865gb4D02ZwWuRU/9
C3I9/bEWLdaWgJYXIcFJsMCIkmWjjeSZyTmeoypI1iLifTHUxn3b7WNWi8AzKcVF
aBsBGiljsop9NiD1mEpA0G+nHHrhvTXz7pUvYrsrXcdMyM6rxqn77nbbnwIVALCi
xFdHZADw5KAVZI7r6QatEkqLAoGBAI4L1TQGFkq5xQ/nIIciW8setAAIyrcWdK/z
5/ZPeELdq70KDJxoLf81NL/8uIc4PoNyTRJjtT3R4f8Az1TsZWeh2+ReCEJxDWgG
fbk2YhRqoQTtXPFsI4qvzBWct42WonWqyyb1bPBHk+JmXFscJu5yFQ+JUVNsENpY
+Gkz3HqTAoGANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfa
QU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3
mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8CFDIm1xRf
8xAPsSKs6yZ6j1FNklfu
-----END DSA PRIVATE KEY-----
EOF
chmod 600 $NX_HOME_DIR/.ssh/client.id_dsa.key
else
# generate a new key, backup the old and copy it to $SSH_AUTHORIZED_KEYS
$PATH_BIN/nxkeygen
fi
fi
if [ ! -f $NX_HOME_DIR/.ssh/known_hosts -a "$BUILD_KNOWN_HOSTS" = "yes" ]; then
echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts
if [ -e "/etc/openssh/ssh_host_rsa_key.pub" ] ; then
cat /etc/openssh/ssh_host_rsa_key.pub >> \
$NX_HOME_DIR/.ssh/known_hosts
else
[ -e "/etc/ssh/ssh_host_rsa_key.pub" ] && \
cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts
fi
fi
echo "done"
echo -n "Setting up permissions ..."
chown -R nx:nx /var/lib/nxserver
chown -R nx:nx $NX_SESS_DIR
chown -R nx:nx $NX_HOME_DIR
chown nx:nx "$NX_LOGFILE"
echo "done"
}
test_nx() {
echo ""
echo "----> Testing your nxserver connection ..."
CONNECTION=""
while read -t 3 line; do
echo $line
case "$line" in
*"HELLO NXSERVER - Version $NX_VERSION"*)
CONNECTION="yes"
;;
*"HELLO NXSERVER - Version"*)
echo "Warning: Version mismatch. Expected $NX_VERSION got: $line."
CONNECTION="yes"
;;
*"NX> 999 Bye"*)
break;
;;
esac
done < <(NODE_PUBLICKEY="$NX_HOME_DIR/.ssh/client.id_dsa.key" \
$PATH_BIN/nxnode-login test-nx nx 22 nxserver --check)
if [ -z "$CONNECTION" ]; then
echo "Fatal error: Could not connect to NX Server."
echo
echo "Please check your ssh setup:"
echo ""
echo "The following are _examples_ of what you might need to check."
echo ""
echo " - Make sure \"nx\" is one of the AllowUsers in sshd_config."
echo " (or that the line is outcommented/not there)"
echo " - Make sure \"nx\" is one of the AllowGroups in sshd_config."
echo " (or that the line is outcommented/not there)"
echo " - Make sure your sshd allows public key authentication."
echo " - Make sure your sshd is really running on port 22."
echo " - Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to $SSH_AUTHORIZED_KEYS."
echo " (this should be a filename not a pathname+filename)"
echo " - Make sure you allow ssh on localhost, this could come from some"
echo " restriction of:"
echo " -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost"
echo " -the iptables. add to it:"
echo " $ iptables -A INPUT -i lo -j ACCEPT"
echo " $ iptables -A OUTPUT -o lo -j ACCEPT"
exit_proc 1
fi
echo "<--- done"
echo ""
}
uninstall_nx() {
if [ -e "$NX_SESS_DIR" ]; then
echo -n "Removing session database ..."
rmdir -p $NX_SESS_DIR 2>/dev/null
echo "done"
fi
if [ -e "$NX_LOGFILE" ]; then
echo -n "Removing logfile ..."
rm -f "$NX_LOGFILE" 2>/dev/null
rmdir -p $(dirname "$NX_LOGFILE") 2>/dev/null
echo "done"
fi
if [ "$PURGE" = "yes" -a -e "$NX_HOME_DIR" ]; then
echo -n "Removing home directory of special user \"nx\" ..."
rm -f -r "$NX_HOME_DIR" 2>/dev/null
rmdir -p $(dirname "$NX_HOME_DIR") 2>/dev/null
echo "done"
fi
if [ "$PURGE" = "yes" -a -e "$NX_ETC_DIR" ]; then
echo -n "Removing configuration files ..."
rm -f "$NX_ETC_DIR/users.id_dsa" \
"$NX_ETC_DIR/users.id_dsa.pub" 2>/dev/null
for i in `ls $NX_ETC_DIR/*.node.conf 2>/dev/null`; do
rm -f "$i" 2>/dev/null;
done
echo "done"
fi
}
if [ "$TEST" = "yes" ]; then
test_nx
exit_proc 0
fi
if [ "$INSTALL" = "yes" ]; then
#Perform cleanup?
[ "$CLEAN" = "yes" ] && uninstall_nx
[ -f /etc/nscd.conf ] && { run_nscd --invalidate passwd; run_nscd --invalidate group; }
install_nx
[ "$AUTOMATIC" = "no" ] && test_nx
echo "Ok, nxserver is ready."
if [ "$SETUP_NOMACHINE_KEY" = "no" -a "$SETUP_NX_KEY" = "yes" ]; then
echo
echo "Warning: Clients will not be able to login to this server with the standard key."
echo " Please replace /usr/NX/share/client.id_dsa.key on all clients you want"
echo " to use with $NX_HOME_DIR/.ssh/client.id_dsa.key"
echo " and protect it accordingly."
echo ""
echo " Since 1.5.0 you need to import the correct key via the GUI."
echo
echo " If you really want to use the NoMachine key please remove"
echo " '$NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS'"
echo " and then run this script with the --setup-nomachine-key parameter."
fi
echo "Have Fun!"
elif [ "$UNINSTALL" = "yes" ]; then
uninstall_nx
echo "Ok, nxserver is uninstalled"
echo
if [ "$PURGE" = "yes" ]; then
echo "To complete the uninstallation process, remove the FreeNX scripts in $PATH_BIN"
echo "and the $NX_ETC_DIR/node.conf configuration file."
else
echo "To complete the uninstallation process, remove the FreeNX scripts in $PATH_BIN"
echo
echo "Configuration files and ssh keys are saved in case you would like to reinstall"
echo "freenx at a later time. To remove them, please run 'nxsetup --uninstall --purge'"
fi
fi
exit_proc 0

340
nxviewer-passwd/COPYING Normal file
View File

@@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Appendix: How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) 19yy <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19yy name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

35
nxviewer-passwd/Imakefile Normal file
View File

@@ -0,0 +1,35 @@
/**************************************************************************/
/* */
/* Copyright (c) 2001,2006 NoMachine, http://www.nomachine.com. */
/* */
/* NXVIEWER, NX protocol compression and NX extensions to this software */
/* are copyright of NoMachine. Redistribution and use of the present */
/* software is allowed according to terms specified in the file LICENSE */
/* which comes in the source distribution. */
/* */
/* Check http://www.nomachine.com/licensing.html for applicability. */
/* */
/* NX and NoMachine are trademarks of Medialogic S.p.A. */
/* */
/* All rights reserved. */
/* */
/**************************************************************************/
#define IHaveSubdirs
#define PassCDebugFlags
SUBDIRS = libvncauth nxpasswd
World:
make Makefiles
make depend
make all
@echo ""
@echo Built $(SUBDIRS).
@echo ""
libs:
@echo 'No libraries included.'
MakeSubdirs($(SUBDIRS))
DependSubdirs($(SUBDIRS))

8
nxviewer-passwd/README Normal file
View File

@@ -0,0 +1,8 @@
This is just a fork of the vncpasswd part of TightVNC. This builds nxpasswd, which is needed for FreeNX.
To build:
xmkmf
make World
- Fabian

566
nxviewer-passwd/WhatsNew.TIGHTVNC.original Normal file
View File

@@ -0,0 +1,566 @@
+--------------------------------------------------------------------+
| This is a brief summary of changes introduced in each TightVNC |
| release. For more details, please see ChangeLog files included |
| in TightVNC source and binary archives. |
+--------------------------------------------------------------------+
* TightVNC 1.2.9
- Win32 version: Major security-related bug in the server has been
fixed -- handling of the "QueryAllowNoPass" option was seriously
broken. Together with fixing this bug, the whole authentication
logic in the server code has been redesigned.
- Win32 version: Now the HKEY_CURRENT_USER registry hive is being
closed properly on restoring display settings, on disconnect. This
change should solve the problem with unloading the registry on
logout, when WinVNC is running as a service.
- Win32 version: Problems with "QuerySetting" and "QueryTimeout"
options have been fixed -- the settings could be copied from user
configuration to default settings without user's intention.
- Win32 version: A long-standing bug has been fixed -- the logic to
handle retries after authentication failures was flawed, and used
to delete the same object twice under certain conditions.
- Win32 version: Now it's possible to specify port numbers with the
winvnc -connect option, using the "host::port" format. Also,
providing a -connect option without arguments now brings up the
"Add New Client" dialog.
- Unix version: New "Request refresh" button has been implemented in
the viewer's F8 popup menu.
- Unix version: Xvnc compilation fixes for HP-UX and MacOS X have
been applied, from Ki NETWORKS, Inc.
- Unix version: New vncpasswd -f command-line option has been
implemented. It allows providing passwords on stdin and writes
encrypted passwords to stdout. In addition, the password file name
"-" now denotes stdout. Finally, a buffer overflow has been fixed
in vncpasswd -- it could be caused by a long file name in the
command line.
- Unix version: A patch to fix input focus problems in the X11
viewer has been applied, from Greg Breland.
- Unix version: A patch fixing Xvnc crashes on Sparc has been
applied, from the RealVNC distribution.
- Unix version: A problem with incorrect port interpretation has
been fixed, in the vncviewer's -tunnel option handling. Thanks to
Clark Sessions.
- Java viewer: A modification from Bernd Krueger-Knauber has been
accepted, to pass through X keysyms for foreign currencies.
- Java viewer: The problem with initial keyboard focus not set to
the desktop on some JVMs has been fixed.
- Other minor improvements and bugfixes.
----------------------------------------------------------------------
* TightVNC 1.2.8
- Unix and Win32 versions: Support for a separate view-only password
has been implemented. Now the servers support two passwords -- one
to allow full control, another to restrict remote keyboard and
mouse input.
- Win32 version: The password reset problem has been solved. In
versions starting from 1.2.4, the password could get changed in
the registry on opening Properties dialog and just hitting the OK
button.
- Win32 version: New "-reload" command-line option has been
implemented in Win32 server. It forces the running instance to
reload the registry settings.
- Win32 version: "RemoveWallpaper" and "LockSetting" options have
been made configurable in the Properties dialog; the code has been
ported from RealVNC 3.3.6.
- Win32 version: Support for "AllowEditClients" registry setting has
been ported from RealVNC 3.3.6.
- Unix version: New "-x11cursor" option has been implemented in
vncviewer; a patch from Peter Astrand. This option allows using a
real X11 cursor with X11-style cursor shape updates, disables the
dot cursor, and disables cursor position updates in non-fullscreen
mode.
- Unix version: New "RunCommand" command to customize the X11
vncviewer popup menu has been implemented; a patch from Peter
Astrand.
- Unix version: Several patches from Debian Linux have been applied.
This should fix a number of bugs and improve building on some
platforms supported by Debian Linux.
- Unix version: A problem with Xvnc eating all CPU time after xfs
restarts has been fixed; a patch from Martin Koegler.
- Other minor improvements and bugfixes.
----------------------------------------------------------------------
* TightVNC 1.2.7
- Unix and Win32 versions, Java viewer: The most significant problem
with local cursor handling has been solved -- now clients can see
remote cursor movements performed on the server or by another
client. New PointerPos encoding and cursor shape updates both
minimize bandwidth requirements and greatly improve responsiveness
of the mouse pointer, while still allow to track correct pointer
position in all situations.
- Unix and Win32 versions: In all the places where display numbers
had to be used, now it's easy to use port numbers as well. The
viewers now allow to use new "hostname::port" syntax, in addition
to the traditional "hostname:display" format. The same new syntax
can be used in the "Add new client" dialog of Win32 server. In the
server, now it's equally easy to set display and port numbers.
Besides that, HTTP and RFB port numbers can be set individually.
- Unix and Win32 versions: In servers, decreased JPEG quality
factors for low quality levels. This improves bandwidth usage
while the image quality remains satisfactory in most cases. In
clients, JPEG compression is now enabled by default, because
usually it's a reasonable choice. To prevent viewers from
requesting JPEG compression, new -nojpeg option can be used.
- Unix and Win32 versions: Improved installer under Windows, better
RPMs for Linux.
- Win32 version: Major enhancements in layout and functionality of
the dialog boxes.
- Win32 version: New keyboard handling code has been ported from
RealVNC 3.3.6. This should solve all the issues with arrow keys
acting as numbers in console windows, and shift+arrows not working
under Win2k.
- Win32 version: Adopted WinVNC -reinstall option from RealVNC
3.3.5, together with a number of other changes in different
places. The viewer now accepts a port number after the -listen
command-line option, an improvement from RealVNC 3.3.6.
- Win32 version: Eliminated high CPU usage on the server before
sending cursor shape updates.
- Unix version: Bugfix for Xvnc's -localhost and -interface options
that were broken on many systems, thanks to Luke Mewburn for the
bugfix. Xvnc -version command-line option is now supported.
- Tight encoding is now documented in rfbproto.h files within source
archives.
- Java viewer: Implemented new buttons "Login again" and "Close
window" near the disconnect or error messages in the applet mode,
and introduced new "Offer Relogin" parameter to control this
improvement. Thanks to Peter Astrand for the initial version of
the "Login again" patch.
- Java viewer: Support for connections via HTTP proxies using HTTP
CONNECT method. This will not work in the applet mode, due to Java
security restrictions.
- Java viewer: Extra .vnc files have been removed, having just
index.vnc should be enough. Also, an example HTML page has been
prepared, to simplify installation under a standalone Web server.
- Java viewer: Added a MANIFEST to the JAR archive, to allow easy
execution of the JAR file, using java -jar command-line option.
- Other minor improvements and bugfixes.
----------------------------------------------------------------------
* TightVNC 1.2.6
- Win32 version: In this version, when WinVNC binds to a local TCP
port, it does not try to check several times if the port is in
use. It just re-uses the port if the display number is not set to
"Auto". One visible effect of this change is that the delay
between starting up and showing the icon is greatly reduced.
- Unix version: Fixed the bug which caused the vncserver script to
fail when the XAUTHORITY environment variable was not set.
- Unix version: Fixed the bug which prevented the vncpasswd utility
from setting correct permissions on the passwd file.
- Unix version: Fixed a repeated challenge replay attack
vulnerability, bugtraq id 5296.
- Unix version: Added files to simplify building of Linux RPMs,
thanks to Peter Astrand.
- Unix version: Improved scrolling in the full-screen mode, modified
patch from Ville Herva.
- Minor cleanups.
----------------------------------------------------------------------
* TightVNC 1.2.5
- Win32 version: Fixed a problem in the I/O subsystem that was
introduced in TightVNC 1.2.2 and was causing major slowdown in
communication with clients.
- Win32 version: Enabled remote upgrade in the installation script.
Also, the installer will install a copy of the TightVNC Web site,
and will create shortcuts to most important documentation pages.
- Win32 version: Implemented new feature to specify applet
parameters in URL requests being sent to the built-in HTTP server.
Added support for new "EnableURLParams" registry setting which can
be used to enable this feature.
- Win32 version: Added support for the NewFBSize pseudo-encoding
allowing to change framebuffer geometry on the fly on server's
request.
- Win32 version: Included "solution" and "project" files for MS
Visual Studio 7, from Andrew van der Stock, applied a set of minor
fixes to suppress compilation warnings under MS Visual Studio 7.
- Win32 version: The viewer now tries to preserve the size and
position of the desktop window after applying new connection
options.
- Unix version: Implemented new feature to specify applet parameters
in URL requests being sent to the built-in HTTP server. Added
support for new $PARAMS variable in .vnc HTML templates.
- Unix version: Added the possibility to keep users' vnc directories
under /tmp, as suggested by Ivan Popov. This mode can be enabled
by editing the $vncUserDir variable in the vncserver script. Also,
new -t option has been implemented in the vncpasswd utility which
allows to change VNC password files under /tmp.
- Unix version: Applied Xvnc -viewonly patch from Ehud Karni.
- Unix version: Applied Linux/PowerPC Xvnc fix from Peter A. Castro.
- Unix version: Bug fixed: Xvnc failed to reset compression level
and JPEG image quality on reading lists of encodings supported by
clients.
- Unix version: Made the viewer handle XCursor encoding operating on
the framebuffer instead of setting new cursors directly in X.
- Unix version: Applied a number of porting fixes from Ki Networks,
Inc.
- Java viewer: Added new feature allowing to save RFB sessions in
FBS files compatible with rfbproxy. This feature works only if JVM
security manager allows access to the local filesystem, which is
usually true only when the viewer is used as a standalone
application or if the viewer applet is cryptographically signed.
New "Record" button will appear in the button panel if this
feature is enabled.
- Java viewer: Added new "ENCPASSWORD" parameter, modified patch
from Peter Astrand.
- Java viewer: Applied patch from Peter Astrand to fix problems with
Swedish keys and broken JVMs.
- Other minor fixes and cleanups.
----------------------------------------------------------------------
* TightVNC 1.2.4
- Win32 version: WinVNC crashes on reporting zero statistics were
fixed. This should eliminate crashes when using x2vnc and win2vnc
client programs.
- Win32 version: a problem with listening viewer was fixed.
Initiating multiple non-shared connections could crash the viewer
application.
- Win32 version: real passwords are never placed into the password
text control in the WinVNC Properties dialog any more. This should
prevent grabbing plain-text passwords from that text control.
- Win32 version: logging on errors was improved to provide better
diagnosis for errors, especially for those causing the message
"Connection closed" right after authentication.
- Win32 version: handling of log files was improved. Now WinVNC
should be able to save backup copies of log files under
Win95/98/Me. Also, all log files are now written in MS-DOS/Windows
text format instead of the Unix one.
- Win32 version: a problem with reporting error messages in the
listening viewer was fixed.
- Win32 version: reporting incorrect statistics in the Tight encoder
was fixed.
- Win32 version: HTML pages and templates for the built-in HTTP
server were improved.
- Unix version: applied patch from Ki Networks, Inc. solving build
problems on a number of commercial Unix systems, and fixing a
number of minor bugs and typos.
- Unix version: added a possibility to denote standard input with
the "-" file name instead of a real password file name.
- Unix version: fixed a bug causing vncpasswd utility work
incorrectly when a file name argument was given in the command
line.
- Unix version: applied patch to solve keyboard focus problems in
the full-screen vncviewer, from Peter Astrand. The patch does not
seem to solve all the issues, but definitely makes things better.
New grabKeyboard resource was added to control full-screen mode
behavior.
- Java viewer: new "Show Offline Desktop" parameter was added to
make the desktop still visible even after the remote side has
closed connection.
- Java viewer: error messages were made much more meaningful.
- Java viewer: keyboard focus problems were fixed. This should
prevent opening new windows (e.g. Options or Clipboard) behind the
active authenticator or desktop window.
- Java viewer: now "R"/"r" keys can be used to request screen
updates in view-only mode.
- Java viewer: applied patch from Peter Astrand to fix problems with
Swedish keys and broken JVMs.
- Other minor fixes and cleanups.
----------------------------------------------------------------------
* TightVNC 1.2.3
- Unix and Win32 versions: zlib library was updated to the most
recent version (1.1.4) where a potential security issue was fixed.
- Unix and Win32 versions: fixed blocking I/O problems in built-in
HTTP servers. Older versions had to wait while one client finishes
his transaction, only then they served new client connections,
thus making easy denial-of-service attacks possible.
- Unix and Win32 versions: updated built-in Java viewer, see details
below.
- Win32 version: Added support for mouse wheel events. Wheel mouse
support is fully compatible and interoperable with Unix version
where this feature was available for a long time.
- Win32 version (WinVNC): The -connect command-line option now
accepts a display number after a hostname.
- Win32 version: Creating associations for .vnc files in the
installer.
- Java viewer was GREATLY improved: the code was converted to Java
1.1, painting techniques were re-designed completely (now the
viewer should work in MacOS), several new parameters were added,
all parameters were documented in the README file. Most important
new features include: support for 24-bit colors, JPEG support in
Tight encoding, RFB Bell message support, new "Refresh" button, a
possibility to operate in a separate scrollable window, dynamic
view-only mode. Many more changes were introduces, see the
ChangeLog for more information. Please note that new Java viewer
class names were changed, e.g. vncviewer.jar file has become
VncViewer.jar etc.
- Unix version: a number of changes in the vncserver script, e.g.
the default color depth is now 24, extra delay after Xvnc startup
removed, font path is now configurable in the beginning of the
script, and more.
- Unix version: zlib library was removed from the core X sources.
Instead, both vncviewer and Xvnc now can use either system zlib
and JPEG libraries, or ones packaged within TightVNC source
archive in the lib/ directory. Unix sources are distributed in two
versions: one with these libraries for those who don't have them
installed in the system, and another version without libraries,
copied directly from CVS, for those who do have zlib and/or JPEG
libraries installed. In the former case, build procedure would
include additional "make libs" step. System libraries will be
linked dynamically, libraries included in the source archive will
be linked in statically.
- Unix version now includes comprehensive manual pages for
vncviewer, vncserver, Xvnc, vncconnect and vncpasswd programs. The
vncinstall script in the source distribution now accepts one more
parameter allowing to specify where to install manual pages.
- Unix version (Xvnc): a number of patches from Red Hat Linux vnc
package were incorporated into the TightVNC codebase. This adds
support for more architectures including s390 and s390x, adds a
possibility to use tcp_wrappers for Xvnc access control.
- Unix version (Xvnc): several bugfixes, e.g. applied patch to fix
crash in the code dealing with font server; fixed word alignment
problem in raw encoder experienced by Sparc users.
- Unix version is no more distributed as patches to a standard VNC
release. This is because patches cannot handle changes in binary
files and handle file removals very inefficiently.
- Other minor fixes and cleanups.
----------------------------------------------------------------------
* TightVNC 1.2.2
- Win32 server: long-standing Win9x resource consumption problem has
been fixed. Now the server thread does not use blocking I/O, and
therefore is always ready to process messages from the VNCHooks
DLL.
- Win32 server: now built-in HTTP daemon may be enabled and disabled
interactively from the Advanced Preferences dialog (this setting
is saved in new "EnableHTTPDaemon" registry key).
- Win32 server: changes in layout and text of the Advanced
Preferences dialog.
- Xvnc: Minor bugfix which should prevent potential dereference of a
NULL pointer.
- Unix viewer: Now viewer window would be raised on beep (bell)
event, unless new -noraiseonbeep option is provided in the command
line or "raiseOnBeep" resource set to False.
- One more packaging option for the Unix source: ready to build
archive with Zlib and JPEG libraries inside.
- Other minor fixes and cleanups.
----------------------------------------------------------------------
* TightVNC 1.2.1
- Win32 server: added support for reverse connections on ports other
than 5500, modified patch from Steve Kann.
- Win32 viewer: added support for new command-line options:
-noshared and -encoding XXX.
- Bugfixes in Win32 viewer: changes in exception handling eliminate
Borland C++ compilation problems causing application crashes on
repetitive connections, notably in the listen mode. Also, now
warning exceptions causing disconnects are reported to user,
except for the case when a user has closed the viewer window.
- Better packaging in Win32 version: self-installing package is
available, vncviewer now shows correct icon image.
- Unix vncviewer: Default tunneling command template has been
changed, to allow tunneled connections to hosts where only
loopback VNC connections are enabled. New -via <GATEWAY>
command-line option provides enhanced tunneling functionality, now
one can make vncviewer tunnel connections to a VNC host via third
machine acting as a gateway.
- Java viewer: Addition of new parameters PASSWORD, "Show Controls",
and "View Only", modified patch from Steve Kann.
----------------------------------------------------------------------
* TightVNC 1.2.0
- Tight encoding is now configurable and can operate at different
compression levels where low compression levels are very fast in
terms of CPU usage. New "-compresslevel N" option implemented in
vncviewer to set compression levels for Tight encoding (1 - fast,
9 - best).
- Enhanced techniques to split large rectangles in Tight encoder;
now it tries to find large solid-color areas and send them in
separate rectangles.
- Lossy JPEG compression in Tight encoding has been implemented, new
"-quality N" vncviewer option should be used to enable this
feature (0 - low image quality and best compression, 9 - best
image quality). JPEG compression is used only for screen areas
that seem to be suitable for JPEG compression (although algorithms
to detect such areas are not perfect, of course).
- New "XCursor" and "RichCursor" encodings implemented. They are
used to transmit cursor shape updates from server to clients
("local cursor" feature requested by many users). Mouse movement
no longer causes framebuffer updates to happen, vncviewer
processes mouse locally when this feature is active. New
-nocursorshape vncviewer option turns this feature off.
- A number of recent changes from both TridiaVNC and AT&T's releases
merged into the source, now the code is based on version 3.3.3r2
for Unix part, and on 3.3.3r9 for Win32.
- Unix vncviewer: When -tunnel option is specified in the command
line, special rules are now used to choose preferred encoding. Now
viewer does not think that server is running on the same machine
when tunneling is on and the preferred encoding is now "tight"
with default compression instead of raw.
- Xvnc: Rules to set default pixel formats have been changed: now
they are RGB565 instead of BGR556 for color depth 16, and RGB888
instead of BGR888 for depth 24. This makes Xvnc compatible with
Imlib renderer used in Gnome and also helps to avoid unnecessary
pixel format translations in many cases.
- Xvnc: X11 modifier mapped to META key is now Mod4 instead of Mod1.
New -compatiblekbd option implemented in Xvnc to force META and
ALT keys behave the same way as they do in the original AT&T's
version.
- A number of bugs fixed: viewer crashes after inflate() call, Xvnc
CoRRE encoding problems, Xvnc bit-order issues in XCursor and
RichCursor encodings, etc.
- Java viewer now supports Tight encoding and cursor shape updates.
Drawing techniques were changed, settings "Raw pixel drawing:
Fast/Reliable" and "CopyRect: Fast/Reliable" removed from the
Options panel since they do not make sense in new drawing model.
- Other new features, optimizations, fixes and cleanups, see
ChangeLog files.
----------------------------------------------------------------------
* VNC Tight Encoding 1.1
- New ``gradient'' filter implemented in servers (it can be disabled
in Xvnc with new -lazytight option). The filter preprocess
full-color screen areas prior to compression in order to achieve
better compression ratios (with the cost of slower compression).
Vncviewers of version 1.0 had support for this filter already, but
there was small bug causing image distortions in certain cases. So
it is recommended to upgrade both servers and viewers.
- Stupid bug fixed: extra unused color was included in palettes in
many cases; compression ratios used to be worse than they should
be.
- The algorithm used to split large rectangles into parts has been
changed. This change can increase compression ratios in many
situations.
- Byte-order issues in servers have been (hopefully) fixed.
- Performance tuning, code rewrites and cleanups in various places.
----------------------------------------------------------------------
* VNC Tight Encoding 1.0
- Initial release.
----------------------------------------------------------------------

907
nxviewer-passwd/include/rfbproto.h Normal file
View File

@@ -0,0 +1,907 @@
/*
* Copyright (C) 2000-2002 Constantin Kaplinsky. All Rights Reserved.
* Copyright (C) 2000 Tridia Corporation. All Rights Reserved.
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
/*
* rfbproto.h - header file for the RFB protocol version 3.3
*
* Uses types CARD<n> for an n-bit unsigned integer, INT<n> for an n-bit signed
* integer (for n = 8, 16 and 32).
*
* All multiple byte integers are in big endian (network) order (most
* significant byte first). Unless noted otherwise there is no special
* alignment of protocol structures.
*
*
* Once the initial handshaking is done, all messages start with a type byte,
* (usually) followed by message-specific data. The order of definitions in
* this file is as follows:
*
* (1) Structures used in several types of message.
* (2) Structures used in the initial handshaking.
* (3) Message types.
* (4) Encoding types.
* (5) For each message type, the form of the data following the type byte.
* Sometimes this is defined by a single structure but the more complex
* messages have to be explained by comments.
*/
/*****************************************************************************
*
* Structures used in several messages
*
*****************************************************************************/
/*-----------------------------------------------------------------------------
* Structure used to specify a rectangle. This structure is a multiple of 4
* bytes so that it can be interspersed with 32-bit pixel data without
* affecting alignment.
*/
typedef struct {
CARD16 x;
CARD16 y;
CARD16 w;
CARD16 h;
} rfbRectangle;
#define sz_rfbRectangle 8
/*-----------------------------------------------------------------------------
* Structure used to specify pixel format.
*/
typedef struct {
CARD8 bitsPerPixel; /* 8,16,32 only */
CARD8 depth; /* 8 to 32 */
CARD8 bigEndian; /* True if multi-byte pixels are interpreted
as big endian, or if single-bit-per-pixel
has most significant bit of the byte
corresponding to first (leftmost) pixel. Of
course this is meaningless for 8 bits/pix */
CARD8 trueColour; /* If false then we need a "colour map" to
convert pixels to RGB. If true, xxxMax and
xxxShift specify bits used for red, green
and blue */
/* the following fields are only meaningful if trueColour is true */
CARD16 redMax; /* maximum red value (= 2^n - 1 where n is the
number of bits used for red). Note this
value is always in big endian order. */
CARD16 greenMax; /* similar for green */
CARD16 blueMax; /* and blue */
CARD8 redShift; /* number of shifts needed to get the red
value in a pixel to the least significant
bit. To find the red value from a given
pixel, do the following:
1) Swap pixel value according to bigEndian
(e.g. if bigEndian is false and host byte
order is big endian, then swap).
2) Shift right by redShift.
3) AND with redMax (in host byte order).
4) You now have the red value between 0 and
redMax. */
CARD8 greenShift; /* similar for green */
CARD8 blueShift; /* and blue */
CARD8 pad1;
CARD16 pad2;
} rfbPixelFormat;
#define sz_rfbPixelFormat 16
/*****************************************************************************
*
* Initial handshaking messages
*
*****************************************************************************/
/*-----------------------------------------------------------------------------
* Protocol Version
*
* The server always sends 12 bytes to start which identifies the latest RFB
* protocol version number which it supports. These bytes are interpreted
* as a string of 12 ASCII characters in the format "RFB xxx.yyy\n" where
* xxx and yyy are the major and minor version numbers (for version 3.3
* this is "RFB 003.003\n").
*
* The client then replies with a similar 12-byte message giving the version
* number of the protocol which should actually be used (which may be different
* to that quoted by the server).
*
* It is intended that both clients and servers may provide some level of
* backwards compatibility by this mechanism. Servers in particular should
* attempt to provide backwards compatibility, and even forwards compatibility
* to some extent. For example if a client demands version 3.1 of the
* protocol, a 3.0 server can probably assume that by ignoring requests for
* encoding types it doesn't understand, everything will still work OK. This
* will probably not be the case for changes in the major version number.
*
* The format string below can be used in sprintf or sscanf to generate or
* decode the version string respectively.
*/
#define rfbProtocolVersionFormat "RFB %03d.%03d\n"
#define rfbProtocolMajorVersion 3
#define rfbProtocolMinorVersion 3
typedef char rfbProtocolVersionMsg[13]; /* allow extra byte for null */
#define sz_rfbProtocolVersionMsg 12
/*-----------------------------------------------------------------------------
* Authentication
*
* Once the protocol version has been decided, the server then sends a 32-bit
* word indicating whether any authentication is needed on the connection.
* The value of this word determines the authentication scheme in use. For
* version 3.0 of the protocol this may have one of the following values:
*/
#define rfbConnFailed 0
#define rfbNoAuth 1
#define rfbVncAuth 2
/*
* rfbConnFailed: For some reason the connection failed (e.g. the server
* cannot support the desired protocol version). This is
* followed by a string describing the reason (where a
* string is specified as a 32-bit length followed by that
* many ASCII characters).
*
* rfbNoAuth: No authentication is needed.
*
* rfbVncAuth: The VNC authentication scheme is to be used. A 16-byte
* challenge follows, which the client encrypts as
* appropriate using the password and sends the resulting
* 16-byte response. If the response is correct, the
* server sends the 32-bit word rfbVncAuthOK. If a simple
* failure happens, the server sends rfbVncAuthFailed and
* closes the connection. If the server decides that too
* many failures have occurred, it sends rfbVncAuthTooMany
* and closes the connection. In the latter case, the
* server should not allow an immediate reconnection by
* the client.
*/
#define rfbVncAuthOK 0
#define rfbVncAuthFailed 1
#define rfbVncAuthTooMany 2
/*-----------------------------------------------------------------------------
* Client Initialisation Message
*
* Once the client and server are sure that they're happy to talk to one
* another, the client sends an initialisation message. At present this
* message only consists of a boolean indicating whether the server should try
* to share the desktop by leaving other clients connected, or give exclusive
* access to this client by disconnecting all other clients.
*/
typedef struct {
CARD8 shared;
} rfbClientInitMsg;
#define sz_rfbClientInitMsg 1
/*-----------------------------------------------------------------------------
* Server Initialisation Message
*
* After the client initialisation message, the server sends one of its own.
* This tells the client the width and height of the server's framebuffer,
* its pixel format and the name associated with the desktop.
*/
typedef struct {
CARD16 framebufferWidth;
CARD16 framebufferHeight;
rfbPixelFormat format; /* the server's preferred pixel format */
CARD32 nameLength;
/* followed by char name[nameLength] */
} rfbServerInitMsg;
#define sz_rfbServerInitMsg (8 + sz_rfbPixelFormat)
/*
* Following the server initialisation message it's up to the client to send
* whichever protocol messages it wants. Typically it will send a
* SetPixelFormat message and a SetEncodings message, followed by a
* FramebufferUpdateRequest. From then on the server will send
* FramebufferUpdate messages in response to the client's
* FramebufferUpdateRequest messages. The client should send
* FramebufferUpdateRequest messages with incremental set to true when it has
* finished processing one FramebufferUpdate and is ready to process another.
* With a fast client, the rate at which FramebufferUpdateRequests are sent
* should be regulated to avoid hogging the network.
*/
/*****************************************************************************
*
* Message types
*
*****************************************************************************/
/* server -> client */
#define rfbFramebufferUpdate 0
#define rfbSetColourMapEntries 1
#define rfbBell 2
#define rfbServerCutText 3
/* client -> server */
#define rfbSetPixelFormat 0
#define rfbFixColourMapEntries 1 /* not currently supported */
#define rfbSetEncodings 2
#define rfbFramebufferUpdateRequest 3
#define rfbKeyEvent 4
#define rfbPointerEvent 5
#define rfbClientCutText 6
/*****************************************************************************
*
* Encoding types
*
*****************************************************************************/
#define rfbEncodingRaw 0
#define rfbEncodingCopyRect 1
#define rfbEncodingRRE 2
#define rfbEncodingCoRRE 4
#define rfbEncodingHextile 5
#define rfbEncodingZlib 6
#define rfbEncodingTight 7
#define rfbEncodingZlibHex 8
/*
* Special encoding numbers:
* 0xFFFFFF00 .. 0xFFFFFF0F -- encoding-specific compression levels;
* 0xFFFFFF10 .. 0xFFFFFF1F -- mouse cursor shape data;
* 0xFFFFFF20 .. 0xFFFFFF2F -- various protocol extensions;
* 0xFFFFFF30 .. 0xFFFFFFDF -- not allocated yet;
* 0xFFFFFFE0 .. 0xFFFFFFEF -- quality level for JPEG compressor;
* 0xFFFFFFF0 .. 0xFFFFFFFF -- cross-encoding compression levels.
*/
#define rfbEncodingCompressLevel0 0xFFFFFF00
#define rfbEncodingCompressLevel1 0xFFFFFF01
#define rfbEncodingCompressLevel2 0xFFFFFF02
#define rfbEncodingCompressLevel3 0xFFFFFF03
#define rfbEncodingCompressLevel4 0xFFFFFF04
#define rfbEncodingCompressLevel5 0xFFFFFF05
#define rfbEncodingCompressLevel6 0xFFFFFF06
#define rfbEncodingCompressLevel7 0xFFFFFF07
#define rfbEncodingCompressLevel8 0xFFFFFF08
#define rfbEncodingCompressLevel9 0xFFFFFF09
#define rfbEncodingXCursor 0xFFFFFF10
#define rfbEncodingRichCursor 0xFFFFFF11
#define rfbEncodingPointerPos 0xFFFFFF18
#define rfbEncodingLastRect 0xFFFFFF20
#define rfbEncodingQualityLevel0 0xFFFFFFE0
#define rfbEncodingQualityLevel1 0xFFFFFFE1
#define rfbEncodingQualityLevel2 0xFFFFFFE2
#define rfbEncodingQualityLevel3 0xFFFFFFE3
#define rfbEncodingQualityLevel4 0xFFFFFFE4
#define rfbEncodingQualityLevel5 0xFFFFFFE5
#define rfbEncodingQualityLevel6 0xFFFFFFE6
#define rfbEncodingQualityLevel7 0xFFFFFFE7
#define rfbEncodingQualityLevel8 0xFFFFFFE8
#define rfbEncodingQualityLevel9 0xFFFFFFE9
/*****************************************************************************
*
* Server -> client message definitions
*
*****************************************************************************/
/*-----------------------------------------------------------------------------
* FramebufferUpdate - a block of rectangles to be copied to the framebuffer.
*
* This message consists of a header giving the number of rectangles of pixel
* data followed by the rectangles themselves. The header is padded so that
* together with the type byte it is an exact multiple of 4 bytes (to help
* with alignment of 32-bit pixels):
*/
typedef struct {
CARD8 type; /* always rfbFramebufferUpdate */
CARD8 pad;
CARD16 nRects;
/* followed by nRects rectangles */
} rfbFramebufferUpdateMsg;
#define sz_rfbFramebufferUpdateMsg 4
/*
* Each rectangle of pixel data consists of a header describing the position
* and size of the rectangle and a type word describing the encoding of the
* pixel data, followed finally by the pixel data. Note that if the client has
* not sent a SetEncodings message then it will only receive raw pixel data.
* Also note again that this structure is a multiple of 4 bytes.
*/
typedef struct {
rfbRectangle r;
CARD32 encoding; /* one of the encoding types rfbEncoding... */
} rfbFramebufferUpdateRectHeader;
#define sz_rfbFramebufferUpdateRectHeader (sz_rfbRectangle + 4)
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* Raw Encoding. Pixels are sent in top-to-bottom scanline order,
* left-to-right within a scanline with no padding in between.
*/
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* CopyRect Encoding. The pixels are specified simply by the x and y position
* of the source rectangle.
*/
typedef struct {
CARD16 srcX;
CARD16 srcY;
} rfbCopyRect;
#define sz_rfbCopyRect 4
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* RRE - Rise-and-Run-length Encoding. We have an rfbRREHeader structure
* giving the number of subrectangles following. Finally the data follows in
* the form [<bgpixel><subrect><subrect>...] where each <subrect> is
* [<pixel><rfbRectangle>].
*/
typedef struct {
CARD32 nSubrects;
} rfbRREHeader;
#define sz_rfbRREHeader 4
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* CoRRE - Compact RRE Encoding. We have an rfbRREHeader structure giving
* the number of subrectangles following. Finally the data follows in the form
* [<bgpixel><subrect><subrect>...] where each <subrect> is
* [<pixel><rfbCoRRERectangle>]. This means that
* the whole rectangle must be at most 255x255 pixels.
*/
typedef struct {
CARD8 x;
CARD8 y;
CARD8 w;
CARD8 h;
} rfbCoRRERectangle;
#define sz_rfbCoRRERectangle 4
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* Hextile Encoding. The rectangle is divided up into "tiles" of 16x16 pixels,
* starting at the top left going in left-to-right, top-to-bottom order. If
* the width of the rectangle is not an exact multiple of 16 then the width of
* the last tile in each row will be correspondingly smaller. Similarly if the
* height is not an exact multiple of 16 then the height of each tile in the
* final row will also be smaller. Each tile begins with a "subencoding" type
* byte, which is a mask made up of a number of bits. If the Raw bit is set
* then the other bits are irrelevant; w*h pixel values follow (where w and h
* are the width and height of the tile). Otherwise the tile is encoded in a
* similar way to RRE, except that the position and size of each subrectangle
* can be specified in just two bytes. The other bits in the mask are as
* follows:
*
* BackgroundSpecified - if set, a pixel value follows which specifies
* the background colour for this tile. The first non-raw tile in a
* rectangle must have this bit set. If this bit isn't set then the
* background is the same as the last tile.
*
* ForegroundSpecified - if set, a pixel value follows which specifies
* the foreground colour to be used for all subrectangles in this tile.
* If this bit is set then the SubrectsColoured bit must be zero.
*
* AnySubrects - if set, a single byte follows giving the number of
* subrectangles following. If not set, there are no subrectangles (i.e.
* the whole tile is just solid background colour).
*
* SubrectsColoured - if set then each subrectangle is preceded by a pixel
* value giving the colour of that subrectangle. If not set, all
* subrectangles are the same colour, the foreground colour; if the
* ForegroundSpecified bit wasn't set then the foreground is the same as
* the last tile.
*
* The position and size of each subrectangle is specified in two bytes. The
* Pack macros below can be used to generate the two bytes from x, y, w, h,
* and the Extract macros can be used to extract the x, y, w, h values from
* the two bytes.
*/
#define rfbHextileRaw (1 << 0)
#define rfbHextileBackgroundSpecified (1 << 1)
#define rfbHextileForegroundSpecified (1 << 2)
#define rfbHextileAnySubrects (1 << 3)
#define rfbHextileSubrectsColoured (1 << 4)
#define rfbHextilePackXY(x,y) (((x) << 4) | (y))
#define rfbHextilePackWH(w,h) ((((w)-1) << 4) | ((h)-1))
#define rfbHextileExtractX(byte) ((byte) >> 4)
#define rfbHextileExtractY(byte) ((byte) & 0xf)
#define rfbHextileExtractW(byte) (((byte) >> 4) + 1)
#define rfbHextileExtractH(byte) (((byte) & 0xf) + 1)
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* zlib - zlib compressed Encoding. We have an rfbZlibHeader structure
* giving the number of bytes following. Finally the data follows is
* zlib compressed version of the raw pixel data as negotiated.
*/
typedef struct {
CARD32 nBytes;
} rfbZlibHeader;
#define sz_rfbZlibHeader 4
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* Tight Encoding.
*
*-- The first byte of each Tight-encoded rectangle is a "compression control
* byte". Its format is as follows (bit 0 is the least significant one):
*
* bit 0: if 1, then compression stream 0 should be reset;
* bit 1: if 1, then compression stream 1 should be reset;
* bit 2: if 1, then compression stream 2 should be reset;
* bit 3: if 1, then compression stream 3 should be reset;
* bits 7-4: if 1000 (0x08), then the compression type is "fill",
* if 1001 (0x09), then the compression type is "jpeg",
* if 0xxx, then the compression type is "basic",
* values greater than 1001 are not valid.
*
* If the compression type is "basic", then bits 6..4 of the
* compression control byte (those xxx in 0xxx) specify the following:
*
* bits 5-4: decimal representation is the index of a particular zlib
* stream which should be used for decompressing the data;
* bit 6: if 1, then a "filter id" byte is following this byte.
*
*-- The data that follows after the compression control byte described
* above depends on the compression type ("fill", "jpeg" or "basic").
*
*-- If the compression type is "fill", then the only pixel value follows, in
* client pixel format (see NOTE 1). This value applies to all pixels of the
* rectangle.
*
*-- If the compression type is "jpeg", the following data stream looks like
* this:
*
* 1..3 bytes: data size (N) in compact representation;
* N bytes: JPEG image.
*
* Data size is compactly represented in one, two or three bytes, according
* to the following scheme:
*
* 0xxxxxxx (for values 0..127)
* 1xxxxxxx 0yyyyyyy (for values 128..16383)
* 1xxxxxxx 1yyyyyyy zzzzzzzz (for values 16384..4194303)
*
* Here each character denotes one bit, xxxxxxx are the least significant 7
* bits of the value (bits 0-6), yyyyyyy are bits 7-13, and zzzzzzzz are the
* most significant 8 bits (bits 14-21). For example, decimal value 10000
* should be represented as two bytes: binary 10010000 01001110, or
* hexadecimal 90 4E.
*
*-- If the compression type is "basic" and bit 6 of the compression control
* byte was set to 1, then the next (second) byte specifies "filter id" which
* tells the decoder what filter type was used by the encoder to pre-process
* pixel data before the compression. The "filter id" byte can be one of the
* following:
*
* 0: no filter ("copy" filter);
* 1: "palette" filter;
* 2: "gradient" filter.
*
*-- If bit 6 of the compression control byte is set to 0 (no "filter id"
* byte), or if the filter id is 0, then raw pixel values in the client
* format (see NOTE 1) will be compressed. See below details on the
* compression.
*
*-- The "gradient" filter pre-processes pixel data with a simple algorithm
* which converts each color component to a difference between a "predicted"
* intensity and the actual intensity. Such a technique does not affect
* uncompressed data size, but helps to compress photo-like images better.
* Pseudo-code for converting intensities to differences is the following:
*
* P[i,j] := V[i-1,j] + V[i,j-1] - V[i-1,j-1];
* if (P[i,j] < 0) then P[i,j] := 0;
* if (P[i,j] > MAX) then P[i,j] := MAX;
* D[i,j] := V[i,j] - P[i,j];
*
* Here V[i,j] is the intensity of a color component for a pixel at
* coordinates (i,j). MAX is the maximum value of intensity for a color
* component.
*
*-- The "palette" filter converts true-color pixel data to indexed colors
* and a palette which can consist of 2..256 colors. If the number of colors
* is 2, then each pixel is encoded in 1 bit, otherwise 8 bits is used to
* encode one pixel. 1-bit encoding is performed such way that the most
* significant bits correspond to the leftmost pixels, and each raw of pixels
* is aligned to the byte boundary. When "palette" filter is used, the
* palette is sent before the pixel data. The palette begins with an unsigned
* byte which value is the number of colors in the palette minus 1 (i.e. 1
* means 2 colors, 255 means 256 colors in the palette). Then follows the
* palette itself which consist of pixel values in client pixel format (see
* NOTE 1).
*
*-- The pixel data is compressed using the zlib library. But if the data
* size after applying the filter but before the compression is less then 12,
* then the data is sent as is, uncompressed. Four separate zlib streams
* (0..3) can be used and the decoder should read the actual stream id from
* the compression control byte (see NOTE 2).
*
* If the compression is not used, then the pixel data is sent as is,
* otherwise the data stream looks like this:
*
* 1..3 bytes: data size (N) in compact representation;
* N bytes: zlib-compressed data.
*
* Data size is compactly represented in one, two or three bytes, just like
* in the "jpeg" compression method (see above).
*
*-- NOTE 1. If the color depth is 24, and all three color components are
* 8-bit wide, then one pixel in Tight encoding is always represented by
* three bytes, where the first byte is red component, the second byte is
* green component, and the third byte is blue component of the pixel color
* value. This applies to colors in palettes as well.
*
*-- NOTE 2. The decoder must reset compression streams' states before
* decoding the rectangle, if some of bits 0,1,2,3 in the compression control
* byte are set to 1. Note that the decoder must reset zlib streams even if
* the compression type is "fill" or "jpeg".
*
*-- NOTE 3. The "gradient" filter and "jpeg" compression may be used only
* when bits-per-pixel value is either 16 or 32, not 8.
*
*-- NOTE 4. The width of any Tight-encoded rectangle cannot exceed 2048
* pixels. If a rectangle is wider, it must be split into several rectangles
* and each one should be encoded separately.
*
*/
#define rfbTightExplicitFilter 0x04
#define rfbTightFill 0x08
#define rfbTightJpeg 0x09
#define rfbTightMaxSubencoding 0x09
/* Filters to improve compression efficiency */
#define rfbTightFilterCopy 0x00
#define rfbTightFilterPalette 0x01
#define rfbTightFilterGradient 0x02
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* XCursor encoding. This is a special encoding used to transmit X-style
* cursor shapes from server to clients. Note that for this encoding,
* coordinates in rfbFramebufferUpdateRectHeader structure hold hotspot
* position (r.x, r.y) and cursor size (r.w, r.h). If (w * h != 0), two RGB
* samples are sent after header in the rfbXCursorColors structure. They
* denote foreground and background colors of the cursor. If a client
* supports only black-and-white cursors, it should ignore these colors and
* assume that foreground is black and background is white. Next, two bitmaps
* (1 bits per pixel) follow: first one with actual data (value 0 denotes
* background color, value 1 denotes foreground color), second one with
* transparency data (bits with zero value mean that these pixels are
* transparent). Both bitmaps represent cursor data in a byte stream, from
* left to right, from top to bottom, and each row is byte-aligned. Most
* significant bits correspond to leftmost pixels. The number of bytes in
* each row can be calculated as ((w + 7) / 8). If (w * h == 0), cursor
* should be hidden (or default local cursor should be set by the client).
*/
typedef struct {
CARD8 foreRed;
CARD8 foreGreen;
CARD8 foreBlue;
CARD8 backRed;
CARD8 backGreen;
CARD8 backBlue;
} rfbXCursorColors;
#define sz_rfbXCursorColors 6
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* RichCursor encoding. This is a special encoding used to transmit cursor
* shapes from server to clients. It is similar to the XCursor encoding but
* uses client pixel format instead of two RGB colors to represent cursor
* image. For this encoding, coordinates in rfbFramebufferUpdateRectHeader
* structure hold hotspot position (r.x, r.y) and cursor size (r.w, r.h).
* After header, two pixmaps follow: first one with cursor image in current
* client pixel format (like in raw encoding), second with transparency data
* (1 bit per pixel, exactly the same format as used for transparency bitmap
* in the XCursor encoding). If (w * h == 0), cursor should be hidden (or
* default local cursor should be set by the client).
*/
/*-----------------------------------------------------------------------------
* SetColourMapEntries - these messages are only sent if the pixel
* format uses a "colour map" (i.e. trueColour false) and the client has not
* fixed the entire colour map using FixColourMapEntries. In addition they
* will only start being sent after the client has sent its first
* FramebufferUpdateRequest. So if the client always tells the server to use
* trueColour then it never needs to process this type of message.
*/
typedef struct {
CARD8 type; /* always rfbSetColourMapEntries */
CARD8 pad;
CARD16 firstColour;
CARD16 nColours;
/* Followed by nColours * 3 * CARD16
r1, g1, b1, r2, g2, b2, r3, g3, b3, ..., rn, bn, gn */
} rfbSetColourMapEntriesMsg;
#define sz_rfbSetColourMapEntriesMsg 6
/*-----------------------------------------------------------------------------
* Bell - ring a bell on the client if it has one.
*/
typedef struct {
CARD8 type; /* always rfbBell */
} rfbBellMsg;
#define sz_rfbBellMsg 1
/*-----------------------------------------------------------------------------
* ServerCutText - the server has new text in its cut buffer.
*/
typedef struct {
CARD8 type; /* always rfbServerCutText */
CARD8 pad1;
CARD16 pad2;
CARD32 length;
/* followed by char text[length] */
} rfbServerCutTextMsg;
#define sz_rfbServerCutTextMsg 8
/*-----------------------------------------------------------------------------
* Union of all server->client messages.
*/
typedef union {
CARD8 type;
rfbFramebufferUpdateMsg fu;
rfbSetColourMapEntriesMsg scme;
rfbBellMsg b;
rfbServerCutTextMsg sct;
} rfbServerToClientMsg;
/*****************************************************************************
*
* Message definitions (client -> server)
*
*****************************************************************************/
/*-----------------------------------------------------------------------------
* SetPixelFormat - tell the RFB server the format in which the client wants
* pixels sent.
*/
typedef struct {
CARD8 type; /* always rfbSetPixelFormat */
CARD8 pad1;
CARD16 pad2;
rfbPixelFormat format;
} rfbSetPixelFormatMsg;
#define sz_rfbSetPixelFormatMsg (sz_rfbPixelFormat + 4)
/*-----------------------------------------------------------------------------
* FixColourMapEntries - when the pixel format uses a "colour map", fix
* read-only colour map entries.
*
* ***************** NOT CURRENTLY SUPPORTED *****************
*/
typedef struct {
CARD8 type; /* always rfbFixColourMapEntries */
CARD8 pad;
CARD16 firstColour;
CARD16 nColours;
/* Followed by nColours * 3 * CARD16
r1, g1, b1, r2, g2, b2, r3, g3, b3, ..., rn, bn, gn */
} rfbFixColourMapEntriesMsg;
#define sz_rfbFixColourMapEntriesMsg 6
/*-----------------------------------------------------------------------------
* SetEncodings - tell the RFB server which encoding types we accept. Put them
* in order of preference, if we have any. We may always receive raw
* encoding, even if we don't specify it here.
*/
typedef struct {
CARD8 type; /* always rfbSetEncodings */
CARD8 pad;
CARD16 nEncodings;
/* followed by nEncodings * CARD32 encoding types */
} rfbSetEncodingsMsg;
#define sz_rfbSetEncodingsMsg 4
/*-----------------------------------------------------------------------------
* FramebufferUpdateRequest - request for a framebuffer update. If incremental
* is true then the client just wants the changes since the last update. If
* false then it wants the whole of the specified rectangle.
*/
typedef struct {
CARD8 type; /* always rfbFramebufferUpdateRequest */
CARD8 incremental;
CARD16 x;
CARD16 y;
CARD16 w;
CARD16 h;
} rfbFramebufferUpdateRequestMsg;
#define sz_rfbFramebufferUpdateRequestMsg 10
/*-----------------------------------------------------------------------------
* KeyEvent - key press or release
*
* Keys are specified using the "keysym" values defined by the X Window System.
* For most ordinary keys, the keysym is the same as the corresponding ASCII
* value. Other common keys are:
*
* BackSpace 0xff08
* Tab 0xff09
* Return or Enter 0xff0d
* Escape 0xff1b
* Insert 0xff63
* Delete 0xffff
* Home 0xff50
* End 0xff57
* Page Up 0xff55
* Page Down 0xff56
* Left 0xff51
* Up 0xff52
* Right 0xff53
* Down 0xff54
* F1 0xffbe
* F2 0xffbf
* ... ...
* F12 0xffc9
* Shift 0xffe1
* Control 0xffe3
* Meta 0xffe7
* Alt 0xffe9
*/
typedef struct {
CARD8 type; /* always rfbKeyEvent */
CARD8 down; /* true if down (press), false if up */
CARD16 pad;
CARD32 key; /* key is specified as an X keysym */
} rfbKeyEventMsg;
#define sz_rfbKeyEventMsg 8
/*-----------------------------------------------------------------------------
* PointerEvent - mouse/pen move and/or button press.
*/
typedef struct {
CARD8 type; /* always rfbPointerEvent */
CARD8 buttonMask; /* bits 0-7 are buttons 1-8, 0=up, 1=down */
CARD16 x;
CARD16 y;
} rfbPointerEventMsg;
#define rfbButton1Mask 1
#define rfbButton2Mask 2
#define rfbButton3Mask 4
#define sz_rfbPointerEventMsg 6
/*-----------------------------------------------------------------------------
* ClientCutText - the client has new text in its cut buffer.
*/
typedef struct {
CARD8 type; /* always rfbClientCutText */
CARD8 pad1;
CARD16 pad2;
CARD32 length;
/* followed by char text[length] */
} rfbClientCutTextMsg;
#define sz_rfbClientCutTextMsg 8
/*-----------------------------------------------------------------------------
* Union of all client->server messages.
*/
typedef union {
CARD8 type;
rfbSetPixelFormatMsg spf;
rfbFixColourMapEntriesMsg fcme;
rfbSetEncodingsMsg se;
rfbFramebufferUpdateRequestMsg fur;
rfbKeyEventMsg ke;
rfbPointerEventMsg pe;
rfbClientCutTextMsg cct;
} rfbClientToServerMsg;

30
nxviewer-passwd/include/vncauth.h Normal file
View File

@@ -0,0 +1,30 @@
/*
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
/*
* vncauth.h - describes the functions provided by the vncauth library.
*/
#define MAXPWLEN 8
#define CHALLENGESIZE 16
extern int vncEncryptAndStorePasswd(char *passwd, char *fname);
extern char *vncDecryptPasswdFromFile(char *fname);
extern void vncRandomBytes(unsigned char *bytes);
extern void vncEncryptBytes(unsigned char *bytes, char *passwd);

14
nxviewer-passwd/libvncauth/Imakefile Normal file
View File

@@ -0,0 +1,14 @@
#ifdef SunArchitecture
EXTRA_DEFINES = -D__EXTENSIONS__
#endif
SRCS = vncauth.c d3des.c
OBJS = vncauth.o d3des.o
INCLUDES = -I. -I../include
NormalLibraryTarget(vncauth,$(OBJS))
DependTarget()

440
nxviewer-passwd/libvncauth/d3des.c Normal file
View File

@@ -0,0 +1,440 @@
/*
* This is D3DES (V5.09) by Richard Outerbridge with the double and
* triple-length support removed for use in VNC. Also the bytebit[] array
* has been reversed so that the most significant bit in each byte of the
* key is ignored, not the least significant.
*
* These changes are:
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/* D3DES (V5.09) -
*
* A portable, public domain, version of the Data Encryption Standard.
*
* Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
* Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
* code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
* Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
* for humouring me on.
*
* Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
* (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
*/
#include "d3des.h"
static void scrunch(unsigned char *, unsigned long *);
static void unscrun(unsigned long *, unsigned char *);
static void desfunc(unsigned long *, unsigned long *);
static void cookey(unsigned long *);
static unsigned long KnL[32] = { 0L };
static unsigned long KnR[32] = { 0L };
static unsigned long Kn3[32] = { 0L };
static unsigned char Df_Key[24] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
static unsigned short bytebit[8] = {
01, 02, 04, 010, 020, 040, 0100, 0200 };
static unsigned long bigbyte[24] = {
0x800000L, 0x400000L, 0x200000L, 0x100000L,
0x80000L, 0x40000L, 0x20000L, 0x10000L,
0x8000L, 0x4000L, 0x2000L, 0x1000L,
0x800L, 0x400L, 0x200L, 0x100L,
0x80L, 0x40L, 0x20L, 0x10L,
0x8L, 0x4L, 0x2L, 0x1L };
/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */
static unsigned char pc1[56] = {
56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17,
9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35,
62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21,
13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 };
static unsigned char totrot[16] = {
1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28 };
static unsigned char pc2[48] = {
13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9,
22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1,
40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47,
43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */
unsigned char *key;
int edf;
{
register int i, j, l, m, n;
unsigned char pc1m[56], pcr[56];
unsigned long kn[32];
for ( j = 0; j < 56; j++ ) {
l = pc1[j];
m = l & 07;
pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0;
}
for( i = 0; i < 16; i++ ) {
if( edf == DE1 ) m = (15 - i) << 1;
else m = i << 1;
n = m + 1;
kn[m] = kn[n] = 0L;
for( j = 0; j < 28; j++ ) {
l = j + totrot[i];
if( l < 28 ) pcr[j] = pc1m[l];
else pcr[j] = pc1m[l - 28];
}
for( j = 28; j < 56; j++ ) {
l = j + totrot[i];
if( l < 56 ) pcr[j] = pc1m[l];
else pcr[j] = pc1m[l - 28];
}
for( j = 0; j < 24; j++ ) {
if( pcr[pc2[j]] ) kn[m] |= bigbyte[j];
if( pcr[pc2[j+24]] ) kn[n] |= bigbyte[j];
}
}
cookey(kn);
return;
}
static void cookey(raw1)
register unsigned long *raw1;
{
register unsigned long *cook, *raw0;
unsigned long dough[32];
register int i;
cook = dough;
for( i = 0; i < 16; i++, raw1++ ) {
raw0 = raw1++;
*cook = (*raw0 & 0x00fc0000L) << 6;
*cook |= (*raw0 & 0x00000fc0L) << 10;
*cook |= (*raw1 & 0x00fc0000L) >> 10;
*cook++ |= (*raw1 & 0x00000fc0L) >> 6;
*cook = (*raw0 & 0x0003f000L) << 12;
*cook |= (*raw0 & 0x0000003fL) << 16;
*cook |= (*raw1 & 0x0003f000L) >> 4;
*cook++ |= (*raw1 & 0x0000003fL);
}
usekey(dough);
return;
}
void cpkey(into)
register unsigned long *into;
{
register unsigned long *from, *endp;
from = KnL, endp = &KnL[32];
while( from < endp ) *into++ = *from++;
return;
}
void usekey(from)
register unsigned long *from;
{
register unsigned long *to, *endp;
to = KnL, endp = &KnL[32];
while( to < endp ) *to++ = *from++;
return;
}
void des(inblock, outblock)
unsigned char *inblock, *outblock;
{
unsigned long work[2];
scrunch(inblock, work);
desfunc(work, KnL);
unscrun(work, outblock);
return;
}
static void scrunch(outof, into)
register unsigned char *outof;
register unsigned long *into;
{
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into++ |= (*outof++ & 0xffL);
*into = (*outof++ & 0xffL) << 24;
*into |= (*outof++ & 0xffL) << 16;
*into |= (*outof++ & 0xffL) << 8;
*into |= (*outof & 0xffL);
return;
}
static void unscrun(outof, into)
register unsigned long *outof;
register unsigned char *into;
{
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into++ = *outof++ & 0xffL;
*into++ = (*outof >> 24) & 0xffL;
*into++ = (*outof >> 16) & 0xffL;
*into++ = (*outof >> 8) & 0xffL;
*into = *outof & 0xffL;
return;
}
static unsigned long SP1[64] = {
0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L,
0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L,
0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L,
0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L,
0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L,
0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L,
0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L,
0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L,
0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L,
0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L,
0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L,
0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L,
0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L,
0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L,
0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L };
static unsigned long SP2[64] = {
0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L,
0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L,
0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L,
0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L,
0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L,
0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L,
0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L,
0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L,
0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L,
0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L,
0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L,
0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L,
0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L,
0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L,
0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L,
0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L };
static unsigned long SP3[64] = {
0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L,
0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L,
0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L,
0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L,
0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L,
0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L,
0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L,
0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L,
0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L,
0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L,
0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L,
0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L,
0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L,
0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L,
0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L,
0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L };
static unsigned long SP4[64] = {
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L,
0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L,
0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L,
0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L,
0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L,
0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L,
0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L,
0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L,
0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L,
0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L,
0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L,
0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L,
0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L };
static unsigned long SP5[64] = {
0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L,
0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L,
0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L,
0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L,
0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L,
0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L,
0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L,
0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L,
0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L,
0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L,
0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L,
0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L,
0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L,
0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L,
0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L,
0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L };
static unsigned long SP6[64] = {
0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L,
0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L,
0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L,
0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L,
0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L,
0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L,
0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L,
0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L,
0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L,
0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L,
0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L,
0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L,
0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L,
0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L,
0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L,
0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L };
static unsigned long SP7[64] = {
0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L,
0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L,
0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L,
0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L,
0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L,
0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L,
0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L,
0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L,
0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L,
0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L,
0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L,
0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L,
0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L,
0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L,
0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L,
0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L };
static unsigned long SP8[64] = {
0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L,
0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L,
0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L,
0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L,
0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L,
0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L,
0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L,
0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L,
0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L,
0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L,
0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L,
0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L,
0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L,
0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L,
0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L,
0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L };
static void desfunc(block, keys)
register unsigned long *block, *keys;
{
register unsigned long fval, work, right, leftt;
register int round;
leftt = block[0];
right = block[1];
work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
right ^= work;
leftt ^= (work << 4);
work = ((leftt >> 16) ^ right) & 0x0000ffffL;
right ^= work;
leftt ^= (work << 16);
work = ((right >> 2) ^ leftt) & 0x33333333L;
leftt ^= work;
right ^= (work << 2);
work = ((right >> 8) ^ leftt) & 0x00ff00ffL;
leftt ^= work;
right ^= (work << 8);
right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL;
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL;
for( round = 0; round < 8; round++ ) {
work = (right << 28) | (right >> 4);
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = right ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
leftt ^= fval;
work = (leftt << 28) | (leftt >> 4);
work ^= *keys++;
fval = SP7[ work & 0x3fL];
fval |= SP5[(work >> 8) & 0x3fL];
fval |= SP3[(work >> 16) & 0x3fL];
fval |= SP1[(work >> 24) & 0x3fL];
work = leftt ^ *keys++;
fval |= SP8[ work & 0x3fL];
fval |= SP6[(work >> 8) & 0x3fL];
fval |= SP4[(work >> 16) & 0x3fL];
fval |= SP2[(work >> 24) & 0x3fL];
right ^= fval;
}
right = (right << 31) | (right >> 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = (leftt << 31) | (leftt >> 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
work = ((leftt >> 2) ^ right) & 0x33333333L;
right ^= work;
leftt ^= (work << 2);
work = ((right >> 16) ^ leftt) & 0x0000ffffL;
leftt ^= work;
right ^= (work << 16);
work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL;
leftt ^= work;
right ^= (work << 4);
*block++ = right;
*block = leftt;
return;
}
/* Validation sets:
*
* Single-length key, single-length plaintext -
* Key : 0123 4567 89ab cdef
* Plain : 0123 4567 89ab cde7
* Cipher : c957 4425 6a5e d31d
*
* Double-length key, single-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210
* Plain : 0123 4567 89ab cde7
* Cipher : 7f1d 0a77 826b 8aff
*
* Double-length key, double-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210
* Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff
* Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7
*
* Triple-length key, single-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567
* Plain : 0123 4567 89ab cde7
* Cipher : de0b 7c06 ae5e 0ed5
*
* Triple-length key, double-length plaintext -
* Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567
* Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff
* Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5
*
* d3des V5.0a rwo 9208.07 18:44 Graven Imagery
**********************************************************************/

51
nxviewer-passwd/libvncauth/d3des.h Normal file
View File

@@ -0,0 +1,51 @@
/*
* This is D3DES (V5.09) by Richard Outerbridge with the double and
* triple-length support removed for use in VNC.
*
* These changes are:
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/* d3des.h -
*
* Headers and defines for d3des.c
* Graven Imagery, 1992.
*
* Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge
* (GEnie : OUTER; CIS : [71755,204])
*/
#define EN0 0 /* MODE == encrypt */
#define DE1 1 /* MODE == decrypt */
extern void deskey(unsigned char *, int);
/* hexkey[8] MODE
* Sets the internal key register according to the hexadecimal
* key contained in the 8 bytes of hexkey, according to the DES,
* for encryption or decryption according to MODE.
*/
extern void usekey(unsigned long *);
/* cookedkey[32]
* Loads the internal key register with the data in cookedkey.
*/
extern void cpkey(unsigned long *);
/* cookedkey[32]
* Copies the contents of the internal key register into the storage
* located at &cookedkey[0].
*/
extern void des(unsigned char *, unsigned char *);
/* from[8] to[8]
* Encrypts/Decrypts (according to the key currently loaded in the
* internal key register) one block of eight bytes at address 'from'
* into the block at address 'to'. They can be the same.
*/
/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery
********************************************************************/

247
nxviewer-passwd/libvncauth/vncauth.c Normal file
View File

@@ -0,0 +1,247 @@
/*
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
/*
* vncauth.c - Functions for VNC password management and authentication.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <vncauth.h>
#include <d3des.h>
/*
* Make sure we call srandom() only once.
*/
static int s_srandom_called = 0;
/*
* We use a fixed key to store passwords, since we assume that our local
* file system is secure but nonetheless don't want to store passwords
* as plaintext.
*/
static unsigned char s_fixedkey[8] = {23,82,107,6,35,78,88,7};
/*
* Encrypt a password and store it in a file. Returns 0 if successful,
* 1 if the file could not be written.
*
* NOTE: This function is preserved only for compatibility with the original
* AT&T VNC software. Use vncEncryptAndStorePasswd2() instead.
*/
int
vncEncryptAndStorePasswd(char *passwd, char *fname)
{
return (vncEncryptAndStorePasswd2(passwd, NULL, fname) == 0);
}
/*
* Encrypt one or two passwords and store them in a file. Returns 1 if
* successful, 0 if the file could not be written (note that the original
* vncEncryptAndStorePasswd() function returns inverse values). The
* passwdViewOnly pointer may be NULL.
*
* NOTE: The file name of "-" denotes stdout.
*/
int
vncEncryptAndStorePasswd2(char *passwd, char *passwdViewOnly, char *fname)
{
FILE *fp;
int i, bytesToWrite, bytesWrote;
unsigned char encryptedPasswd[16] = {
0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0
};
if (strcmp(fname, "-") != 0) {
fp = fopen(fname, "w");
if (fp == NULL) {
return 0;
}
chmod(fname, S_IRUSR|S_IWUSR);
} else {
fp = stdout;
}
strncpy(encryptedPasswd, passwd, 8);
if (passwdViewOnly != NULL)
strncpy(encryptedPasswd + 8, passwdViewOnly, 8);
/* Do encryption in-place - this way we overwrite our copies of
plaintext passwords. */
deskey(s_fixedkey, EN0);
des(encryptedPasswd, encryptedPasswd);
if (passwdViewOnly != NULL)
des(encryptedPasswd + 8, encryptedPasswd + 8);
bytesToWrite = (passwdViewOnly == NULL) ? 8 : 16;
bytesWrote = fwrite(encryptedPasswd, 1, bytesToWrite, fp);
if (fp != stdout) {
fclose(fp);
}
return (bytesWrote == bytesToWrite);
}
/*
* Decrypt a password from a file. Returns a pointer to a newly allocated
* string containing the password or a null pointer if the password could
* not be retrieved for some reason.
*
* NOTE: This function is preserved only for compatibility with the original
* AT&T VNC software. Use vncDecryptPasswdFromFile2() instead.
*/
char *
vncDecryptPasswdFromFile(char *fname)
{
char *passwd;
passwd = malloc(9);
if (passwd != NULL) {
if (vncDecryptPasswdFromFile2(fname, passwd, NULL) == 0) {
free(passwd);
passwd = NULL;
}
}
return passwd;
}
/*
* Decrypt one or two passwords from a file. Returns the number of
* passwords read (1, 2, or 0 on error). On success, the passwords are
* written into buffers passwdFullControl[] and passwdViewOnly[] if
* they are not NULL. If the pointers to buffers are not NULL, then
* the buffers should be at least of 9 bytes length.
*/
int
vncDecryptPasswdFromFile2(char *fname,
char *passwdFullControl, char *passwdViewOnly)
{
FILE *fp;
int i, ch;
char passwd[16];
if (strcmp(fname, "-") != 0) {
if ((fp = fopen(fname,"r")) == NULL)
return 0; /* Could not open the file */
} else {
fp = stdin;
}
for (i = 0; i < 16; i++) {
ch = getc(fp);
if (ch == EOF)
break;
passwd[i] = ch;
}
if (fp != stdin)
fclose(fp);
if (i < 8)
return 0; /* Could not read eight bytes */
deskey(s_fixedkey, DE1);
/* Decoding first (full-control) password */
if (passwdFullControl != NULL) {
des(passwd, passwd);
memcpy(passwdFullControl, passwd, 8);
passwdFullControl[8] = '\0';
}
/* Decoding second (view-only) password if available */
if (i == 16 && passwdViewOnly != NULL) {
des(&passwd[8], &passwd[8]);
memcpy(passwdViewOnly, &passwd[8], 8);
passwdViewOnly[8] = '\0';
}
/* Destroying our copy of clear-text passwords */
memset(passwd, 0, 16);
return (i < 16) ? 1 : 2;
}
/*
* Generate CHALLENGESIZE random bytes for use in challenge-response
* authentication.
*/
void
vncRandomBytes(unsigned char *bytes)
{
int i;
unsigned int seed;
if (!s_srandom_called) {
seed = (unsigned int)time(0) ^ (unsigned int)getpid();
srandom(seed);
s_srandom_called = 1;
}
for (i = 0; i < CHALLENGESIZE; i++) {
bytes[i] = (unsigned char)(random() & 255);
}
}
/*
* Encrypt CHALLENGESIZE bytes in memory using a password.
*/
void
vncEncryptBytes(unsigned char *bytes, char *passwd)
{
unsigned char key[8];
int i;
/* key is simply password padded with nulls */
for (i = 0; i < 8; i++) {
if (i < strlen(passwd)) {
key[i] = passwd[i];
} else {
key[i] = 0;
}
}
deskey(key, EN0);
for (i = 0; i < CHALLENGESIZE; i += 8) {
des(bytes+i, bytes+i);
}
}

13
nxviewer-passwd/nxpasswd/Imakefile Normal file
View File

@@ -0,0 +1,13 @@
#ifdef SunArchitecture
EXTRA_DEFINES = -D__EXTENSIONS__
#endif
SRCS = vncpasswd.c
INCLUDES = -I../include
VNCAUTH_LIB = ../libvncauth/libvncauth.a
all:: nxpasswd
NormalProgramTarget(nxpasswd,vncpasswd.o,$(VNCAUTH_LIB),$(VNCAUTH_LIB),)
DependTarget()

87
nxviewer-passwd/nxpasswd/nxpasswd.man Normal file
View File

@@ -0,0 +1,87 @@
'\" t
.\" ** The above line should force tbl to be a preprocessor **
.\" Man page for X vncpasswd
.\"
.\" Copyright (C) 1998 Marcus.Brinkmann@ruhr-uni-bochum.de
.\" Copyright (C) 2000 Red Hat, Inc.
.\" Copyright (C) 2001-2003 Constantin Kaplinsky <const@ce.cctpu.edu.ru>
.\"
.\" You may distribute under the terms of the GNU General Public
.\" License as specified in the file LICENCE.TXT that comes with the
.\" TightVNC distribution.
.\"
.TH vncpasswd 1 "March 2003" "" "TightVNC"
.SH NAME
vncpasswd \- set passwords for VNC server
.SH SYNOPSIS
.B vncpasswd
.RI [\| file \|]
.br
.B vncpasswd
.IR \-t
.br
.B vncpasswd
.IR \-f
.br
.SH DESCRIPTION
The \fBvncpasswd\fR utility should be used to create and change
passwords for the TightVNC server authentication. \fBXvnc\fR uses such
passwords when started with the \fB\-rfbauth\fR command-line option
(or when started from the \fBvncserver\fR script).
\fBvncpasswd\fR allows to enter either one or two passwords. The first
password is the primary one, the second password can be used for
view-only authentication. \fBXvnc\fR will restrict mouse and keyboard
input from clients who authenticated with the view-only password. The
\fBvncpasswd\fR utility asks interactively if it should set the second
password.
The password file name defaults to \fB$HOME/.vnc/passwd\fR unless the
\fB\-t\fR command-line option was used (see the OPTIONS section
below). The \fB$HOME/.vnc/\fR directory will be created if it does not
exist.
Each password has to be longer than five characters (unless the
\fB\-f\fR command-line option was used, see its description below).
Only the first eight characters are significant. If the primary
password is too short, the program will abort. If the view-only
password is too short, then only the primary password will be saved.
Unless a file name was provided in the command-line explicitly, this
utility may perform certain sanity checks to prevent writing a
password file into some hazardous place.
If at least one password was saved successfully, \fBvncpasswd\fR will
exit with status code 0. Otherwise the returned status code will be
set to 1.
.br
.SH OPTIONS
.TP
\fB\-t\fR
Write passwords into \fB/tmp/$USER-vnc/passwd\fR, creating the
\fB/tmp/$USER-vnc/\fR directory if it does not exist, and checking the
permissions on that directory (the mode must be 700). This option can
help to improve security when your home partition may be shared via
network (e.g. when using NFS).
.TP
\fB\-f\fR
Filter mode. Read plain-text passwords from stdin, write encrypted
versions to stdout. One or two passwords (full-control and view-only)
can be supplied in the input stream, newline terminates a password.
Note that in the filter mode, short or even empty passwords will be
silently accepted.
.SH SEE ALSO
\fBvncserver\fR(1), \fBXvnc\fR(1), \fBvncviewer\fR(1),
\fBvncconnect\fR(1)
.SH AUTHORS
Original VNC was developed in AT&T Laboratories Cambridge. TightVNC
additions was implemented by Constantin Kaplinsky. Many other people
participated in development, testing and support.
\fBMan page authors:\fR
.br
Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>,
.br
Tim Waugh <twaugh@redhat.com>,
.br
Constantin Kaplinsky <const@ce.cctpu.edu.ru>

301
nxviewer-passwd/nxpasswd/vncpasswd.c Normal file
View File

@@ -0,0 +1,301 @@
/*
* Copyright (C) 2002-2003 Constantin Kaplinsky. All Rights Reserved.
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
/**************************************************************************/
/* */
/* Copyright (c) 2001,2006 NoMachine, http://www.nomachine.com. */
/* */
/* NXVIEWER, NX protocol compression and NX extensions to this software */
/* are copyright of NoMachine. Redistribution and use of the present */
/* software is allowed according to terms specified in the file LICENSE */
/* which comes in the source distribution. */
/* */
/* Check http://www.nomachine.com/licensing.html for applicability. */
/* */
/* NX and NoMachine are trademarks of Medialogic S.p.A. */
/* */
/* All rights reserved. */
/* */
/**************************************************************************/
/*
* vncpasswd: A standalone program which gets and verifies a password,
* encrypts it, and stores it to a file. Optionally, it does
* the same for a second (view-only) password. Always ignore
* anything after 8 characters, since this is what Solaris
* getpass() does anyway.
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "vncauth.h"
static void usage(char *argv[]);
static char *getenv_safe(char *name, size_t maxlen);
static void mkdir_and_check(char *dirname, int be_strict);
static int read_password(char *result);
static int ask_password(char *result);
int main(int argc, char *argv[])
{
int read_from_stdin = 0;
int make_directory = 0;
int check_strictly = 0;
char passwd1[9];
char passwd2[9];
char *passwd2_ptr;
char yesno[2];
char passwdDir[256];
char passwdFile[256];
if (argc == 1) {
sprintf(passwdDir, "%s/.vnc", getenv_safe("HOME", 240));
sprintf(passwdFile, "%s/passwd", passwdDir);
read_from_stdin = 0;
make_directory = 1;
check_strictly = 0;
} else if (argc == 2 || argc == 3) {
if (strcmp(argv[1], "-t") == 0) {
sprintf(passwdDir, "/tmp/%s-vnc", getenv_safe("USER", 32));
sprintf(passwdFile, "%s/passwd", passwdDir);
read_from_stdin = 0;
make_directory = 1;
check_strictly = 1;
} else if (strcmp(argv[1], "-f") == 0) {
strcpy(passwdFile, "-");
read_from_stdin = 1;
make_directory = 0;
check_strictly = 0;
} else {
if (strlen(argv[1]) > 255) {
fprintf(stderr, "Error: file name too long\n");
exit(1);
}
strcpy(passwdFile, argv[1]);
read_from_stdin = 1;
make_directory = 0;
check_strictly = 0;
}
} else {
usage(argv);
}
if (make_directory) {
fprintf(stderr, "Using password file %s\n", passwdFile);
mkdir_and_check(passwdDir, check_strictly);
}
passwd2_ptr = NULL;
if (read_from_stdin) {
/* Read one or two passwords from stdin */
if (!read_password(passwd1)) {
fprintf(stderr, "Could not read password\n");
exit(1);
}
if (read_password(passwd2)) {
passwd2_ptr = passwd2;
}
} else {
/* Ask the primary (full-control) password. */
if (!ask_password(passwd1)) {
exit(1);
}
/* Optionally, ask the second (view-only) password. */
/* FIXME: Is it correct to read from stdin here? */
fprintf(stderr, "Would you like to enter a view-only password (y/n)? ");
if (fgets(yesno, 2, stdin) != NULL && strchr("Yy", yesno[0]) != NULL) {
if (ask_password(passwd2)) {
passwd2_ptr = passwd2;
}
}
}
/* Actually write the passwords. */
if (!vncEncryptAndStorePasswd2(passwd1, passwd2_ptr, passwdFile)) {
memset(passwd1, 0, strlen(passwd1));
memset(passwd2, 0, strlen(passwd2));
fprintf(stderr, "Cannot write password file %s\n", passwdFile);
exit(1);
}
/* Zero the memory. */
memset(passwd1, 0, strlen(passwd1));
memset(passwd2, 0, strlen(passwd2));
return 0;
}
static void usage(char *argv[])
{
fprintf(stderr,
"Usage: %s [FILE]\n"
" %s -t\n",
argv[0], argv[0]);
exit(1);
}
static char *getenv_safe(char *name, size_t maxlen)
{
char *result;
result = getenv(name);
if (result == NULL) {
fprintf(stderr, "Error: no %s environment variable\n", name);
exit(1);
}
if (strlen(result) > maxlen) {
fprintf(stderr, "Error: %s environment variable string too long\n", name);
exit(1);
}
return result;
}
/*
* Check if the specified vnc directory exists, create it if
* necessary, and perform a number of sanity checks.
*/
static void mkdir_and_check(char *dirname, int be_strict)
{
struct stat stbuf;
if (lstat(dirname, &stbuf) != 0) {
if (errno != ENOENT) {
fprintf(stderr, "lstat() failed for %s: %s\n", dirname, strerror(errno));
exit(1);
}
fprintf(stderr, "VNC directory %s does not exist, creating.\n", dirname);
if (mkdir(dirname, S_IRWXU) == -1) {
fprintf(stderr, "Error creating directory %s: %s\n",
dirname, strerror(errno));
exit(1);
}
}
if (lstat(dirname, &stbuf) != 0) {
fprintf(stderr, "Error in lstat() for %s: %s\n", dirname, strerror(errno));
exit(1);
}
if (!S_ISDIR(stbuf.st_mode)) {
fprintf(stderr, "Error: %s is not a directory\n", dirname);
exit(1);
}
if (stbuf.st_uid != getuid()) {
fprintf(stderr, "Error: bad ownership on %s\n", dirname);
exit(1);
}
if (be_strict && ((S_IRWXG|S_IRWXO) & stbuf.st_mode)){
fprintf(stderr, "Error: bad access modes on %s\n", dirname);
exit(1);
}
}
/*
* Read a password from stdin. The password is terminated either by an
* end of line, or by the end of stdin data. Return 1 on success, 0 on
* error. On success, the password will be stored in the specified
* 9-byte buffer.
*/
static int read_password(char *result)
{
char passwd[256];
char *ptr;
/* Try to read the password. */
if (fgets(passwd, 256, stdin) == NULL)
return 0;
/* Remove the newline if present. */
ptr = strchr(passwd, '\n');
if (ptr != NULL)
*ptr = '\0';
/* Truncate if necessary. */
if (strlen(passwd) > 8) {
memset(passwd + 8, 0, strlen(passwd) - 8);
fprintf(stderr, "Warning: password truncated to the length of 8.\n");
}
/* Save the password and zero our copies. */
strcpy(result, passwd);
memset(passwd, 0, strlen(passwd));
return 1;
}
/*
* Ask a password, check its length and ask to confirm it once more.
* Return 1 on success, 0 on error. On success, the password will be
* stored in the specified 9-byte buffer.
*/
static int ask_password(char *result)
{
char *passwd;
char passwd_copy[9];
while (1) {
passwd = getpass("Password: ");
if (!passwd) {
fprintf(stderr, "Can't get password: not a tty?\n");
return 0;
}
if (strlen(passwd) < 5) {
fprintf(stderr, "Password too short\n");
return 0;
}
if (strlen(passwd) > 8) {
memset(passwd + 8, 0, strlen(passwd) - 8);
fprintf(stderr, "Warning: password truncated to the length of 8.\n");
}
strcpy(passwd_copy, passwd);
passwd = getpass("Verify: ");
if (strlen(passwd) > 8)
memset(passwd + 8, 0, strlen(passwd) - 8);
if (strcmp(passwd, passwd_copy) == 0)
break; /* success */
fprintf(stderr,"Passwords do not match. Please try again.\n\n");
}
/* Save the password and zero our copies. */
strcpy(result, passwd);
memset(passwd, 0, strlen(passwd));
memset(passwd_copy, 0, strlen(passwd_copy));
return 1;
}

301
nxviewer-passwd/nxpasswd/vncpasswd.c.NX.original Normal file
View File

@@ -0,0 +1,301 @@
/*
* Copyright (C) 2002-2003 Constantin Kaplinsky. All Rights Reserved.
* Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this software; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
/**************************************************************************/
/* */
/* Copyright (c) 2001,2006 NoMachine, http://www.nomachine.com. */
/* */
/* NXVIEWER, NX protocol compression and NX extensions to this software */
/* are copyright of NoMachine. Redistribution and use of the present */
/* software is allowed according to terms specified in the file LICENSE */
/* which comes in the source distribution. */
/* */
/* Check http://www.nomachine.com/licensing.html for applicability. */
/* */
/* NX and NoMachine are trademarks of Medialogic S.p.A. */
/* */
/* All rights reserved. */
/* */
/**************************************************************************/
/*
* vncpasswd: A standalone program which gets and verifies a password,
* encrypts it, and stores it to a file. Optionally, it does
* the same for a second (view-only) password. Always ignore
* anything after 8 characters, since this is what Solaris
* getpass() does anyway.
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "vncauth.h"
static void usage(char *argv[]);
static char *getenv_safe(char *name, size_t maxlen);
static void mkdir_and_check(char *dirname, int be_strict);
static int read_password(char *result);
static int ask_password(char *result);
int main(int argc, char *argv[])
{
int read_from_stdin = 0;
int make_directory = 0;
int check_strictly = 0;
char passwd1[9];
char passwd2[9];
char *passwd2_ptr;
char yesno[2];
char passwdDir[256];
char passwdFile[256];
if (argc == 1) {
sprintf(passwdDir, "%s/.vnc", getenv_safe("HOME", 240));
sprintf(passwdFile, "%s/passwd", passwdDir);
read_from_stdin = 0;
make_directory = 1;
check_strictly = 0;
} else if (argc == 2 || argc == 3) {
if (strcmp(argv[1], "-t") == 0) {
sprintf(passwdDir, "/tmp/%s-vnc", getenv_safe("USER", 32));
sprintf(passwdFile, "%s/passwd", passwdDir);
read_from_stdin = 0;
make_directory = 1;
check_strictly = 1;
} else if (strcmp(argv[1], "-f") == 0) {
strcpy(passwdFile, "-");
read_from_stdin = 1;
make_directory = 0;
check_strictly = 0;
} else {
if (strlen(argv[1]) > 255) {
fprintf(stderr, "Error: file name too long\n");
exit(1);
}
strcpy(passwdFile, argv[1]);
read_from_stdin = 1;
make_directory = 0;
check_strictly = 0;
}
} else {
usage(argv);
}
if (make_directory) {
fprintf(stderr, "Using password file %s\n", passwdFile);
mkdir_and_check(passwdDir, check_strictly);
}
passwd2_ptr = NULL;
if (read_from_stdin) {
/* Read one or two passwords from stdin */
if (!read_password(passwd1)) {
fprintf(stderr, "Could not read password\n");
exit(1);
}
if (read_password(passwd2)) {
passwd2_ptr = passwd2;
}
} else {
/* Ask the primary (full-control) password. */
if (!ask_password(passwd1)) {
exit(1);
}
/* Optionally, ask the second (view-only) password. */
/* FIXME: Is it correct to read from stdin here? */
fprintf(stderr, "Would you like to enter a view-only password (y/n)? ");
if (fgets(yesno, 2, stdin) != NULL && strchr("Yy", yesno[0]) != NULL) {
if (ask_password(passwd2)) {
passwd2_ptr = passwd2;
}
}
}
/* Actually write the passwords. */
if (!vncEncryptAndStorePasswd2(passwd1, passwd2_ptr, passwdFile)) {
memset(passwd1, 0, strlen(passwd1));
memset(passwd2, 0, strlen(passwd2));
fprintf(stderr, "Cannot write password file %s\n", passwdFile);
exit(1);
}
/* Zero the memory. */
memset(passwd1, 0, strlen(passwd1));
memset(passwd2, 0, strlen(passwd2));
return 0;
}
static void usage(char *argv[])
{
fprintf(stderr,
"Usage: %s [FILE]\n"
" %s -t\n",
argv[0], argv[0]);
exit(1);
}
static char *getenv_safe(char *name, size_t maxlen)
{
char *result;
result = getenv(name);
if (result == NULL) {
fprintf(stderr, "Error: no %s environment variable\n", name);
exit(1);
}
if (strlen(result) > maxlen) {
fprintf(stderr, "Error: %s environment variable string too long\n", name);
exit(1);
}
return result;
}
/*
* Check if the specified vnc directory exists, create it if
* necessary, and perform a number of sanity checks.
*/
static void mkdir_and_check(char *dirname, int be_strict)
{
struct stat stbuf;
if (lstat(dirname, &stbuf) != 0) {
if (errno != ENOENT) {
fprintf(stderr, "lstat() failed for %s: %s\n", dirname, strerror(errno));
exit(1);
}
fprintf(stderr, "VNC directory %s does not exist, creating.\n", dirname);
if (mkdir(dirname, S_IRWXU) == -1) {
fprintf(stderr, "Error creating directory %s: %s\n",
dirname, strerror(errno));
exit(1);
}
}
if (lstat(dirname, &stbuf) != 0) {
fprintf(stderr, "Error in lstat() for %s: %s\n", dirname, strerror(errno));
exit(1);
}
if (!S_ISDIR(stbuf.st_mode)) {
fprintf(stderr, "Error: %s is not a directory\n", dirname);
exit(1);
}
if (stbuf.st_uid != getuid()) {
fprintf(stderr, "Error: bad ownership on %s\n", dirname);
exit(1);
}
if (be_strict && ((S_IRWXG|S_IRWXO) & stbuf.st_mode)){
fprintf(stderr, "Error: bad access modes on %s\n", dirname);
exit(1);
}
}
/*
* Read a password from stdin. The password is terminated either by an
* end of line, or by the end of stdin data. Return 1 on success, 0 on
* error. On success, the password will be stored in the specified
* 9-byte buffer.
*/
static int read_password(char *result)
{
char passwd[256];
char *ptr;
/* Try to read the password. */
if (fgets(passwd, 256, stdin) == NULL)
return 0;
/* Remove the newline if present. */
ptr = strchr(passwd, '\n');
if (ptr != NULL)
*ptr = '\0';
/* Truncate if necessary. */
if (strlen(passwd) > 8) {
memset(passwd + 8, 0, strlen(passwd) - 8);
fprintf(stderr, "Warning: password truncated to the length of 8.\n");
}
/* Save the password and zero our copies. */
strcpy(result, passwd);
memset(passwd, 0, strlen(passwd));
return 1;
}
/*
* Ask a password, check its length and ask to confirm it once more.
* Return 1 on success, 0 on error. On success, the password will be
* stored in the specified 9-byte buffer.
*/
static int ask_password(char *result)
{
char *passwd;
char passwd_copy[9];
while (1) {
passwd = getpass("Password: ");
if (!passwd) {
fprintf(stderr, "Can't get password: not a tty?\n");
return 0;
}
if (strlen(passwd) < 5) {
fprintf(stderr, "Password too short\n");
return 0;
}
if (strlen(passwd) > 8) {
memset(passwd + 8, 0, strlen(passwd) - 8);
fprintf(stderr, "Warning: password truncated to the length of 8.\n");
}
strcpy(passwd_copy, passwd);
passwd = getpass("Verify: ");
if (strlen(passwd) > 8)
memset(passwd + 8, 0, strlen(passwd) - 8);
if (strcmp(passwd, passwd_copy) == 0)
break; /* success */
fprintf(stderr,"Passwords do not match. Please try again.\n\n");
}
/* Save the password and zero our copies. */
strcpy(result, passwd);
memset(passwd, 0, strlen(passwd));
memset(passwd_copy, 0, strlen(passwd_copy));
return 1;
}

Some files were not shown because too many files have changed in this diff Show More