New upstream version 2.1.3

conf/acls/README

@@ -0,0 +1,32 @@
+# nxacl.app v1.1 Copyleft by dimbor at unixforum.org <i@dimbor.ru>
+# Freenx parse ACL-files in NX_ACL_DIR and search user/group permissions
+# for given cmdstr. ACL filenames are usernames, groupnames and "all".
+# Permissions search order: user - group - all. ACL contain one or more
+# strings of regexp-patterns. See examples at existing ACL. Format:
+#
+# # some comment-string
+# [!]CmdTpl [%%% [[!][@@]OnceAppTpl] %%% Prog|"Msg"]
+#
+# ! - not equal == invert rule
+# %%% - fields delimiter
+# CmdTpl - startsession command template
+# OnceAppTpl - if it not found/found (""/"!") in process-list of user do'nt start session
+# @@ - search in process-list of all users (ps ax)
+# Prog - string for nxdialog or other x-binary to execute instead session-app
+# if "OnceAppTpl" condition is FALSE
+#
+# Attention!!! Spec-symbols (like ".","$","^") must be escaped twice vs once
+# ('\\.' vs '\.'), sorry.
+#
+# In acl file for any user0 may be addded special CmdTpl named '@shadow@'.
+# Format:
+#
+# @shadow@ %%% user1[,user2[,user3...]]
+#
+# It means that user0 have permissions to shadow connect to sessions running
+# of the users listed in the second field.
+#
+# user may be described as [#]user[!]
+# where '#' means view only mode, '!' - don't ask user for authorization
+#
+# In the list of users is also allowed keyword 'all'

conf/acls/all

@@ -0,0 +1,17 @@
+# ACL for all users, that not mentioned in others ACLS
+
+# Uncomment string below to set communism for them
+#.*
+
+# Uncomment below to send them your original message only (bad example)
+#.* %%% !.* %%% "Get out, imbecile!"
+# the same
+#.* %%% %%% "Get out, imbecile!"
+
+# Uncomment below to start very specialy app instead of given (good example ;)
+#.* %%% !.* %%% /usr/games/kpat
+
+# Uncomment below if your'e contempt is limited to running standart
+# warning app. (WARN_APP from nxacl script.)
+# But this is a useless act, because it's installed by default. ;)
+#.* %%% !.*

conf/acls/dim

@@ -0,0 +1,7 @@
+# ACL for user named <filename>
+
+# start KDE-session only once, else warn.
+startkde %%% !startkde %%% "You can have only one KDE-session!"
+
+# start KDE-session only once, else start your script
+#startkde %%% !startkde %%% /usr/bin/super-puper-start-with-control KDE

conf/acls/odmin

@@ -0,0 +1,8 @@
+# ACL for user named <filename>
+
+# Admin is like a Got. Well, almost...
+.*
+
+# Admin have permissions to shadow connect to sessions of all users
+# without authorization
+@shadow@ %%% all!

conf/acls/sveta

@@ -0,0 +1,8 @@
+# ACL for user named <filename>
+
+# could start app 1c.sh if "Alliance" present in own parameters
+1c8\\.sh.*Alliance
+
+# user have permissions to shadow connect to sessions of dim and all users
+# to all except dim - in view mode only
+@shadow@ %%% dim,#all

conf/acls/users

@@ -0,0 +1,3 @@
+# ACL for group named <filename>
+
+1c8\\.sh %%% !1cv8 %%% "You can only run one 1C app at a time."

conf/conf.d/00-general.conf

@@ -0,0 +1,12 @@
+#########################################################################
+# General FreeNX directives
+#########################################################################
+
+# The host name which is used by NX server. It's should be used if it's
+# different than the default hostname (as returned by `hostname`)
+#SERVER_NAME="$(hostname)"
+
+# The node ip which is used by NX Node in unecnrypted session mode.
+# Set it if you want to use a specific external ip or the autodetection
+# is not working.
+#EXTERNAL_PROXY_IP=""

conf/conf.d/01-auth.conf

@@ -0,0 +1,25 @@
+#########################################################################
+# Authentication / Security directives
+#########################################################################
+
+# If enabled forces the user to use encryption. This will bail out
+# if the user does not have encryption enabled.
+#ENABLE_FORCE_ENCRYPTION=0
+
+# Refuse the NX client connection if SSHD does not export the
+# SSH_CONNECTION and SSH_CLIENT variables in the environment
+# passed to the NX server.
+# 1: Will check the remote IP and will not accept the
+#    connection if it can't be determined.
+# 0: Will accept the connection even if the remote IP
+#    is not provided.
+#SSHD_CHECK_IP=0
+
+# If ENABLE_LOG_FAILED_LOGINS=1 then failed login attempts are logged to the
+# system auth.log.
+#
+# This is useful in combination with tools like fail2ban.
+#
+# The default is to log failed login attemps via syslog (3).
+#
+#ENABLE_LOG_FAILED_LOGINS=1

conf/conf.d/02-restriction.conf

@@ -0,0 +1,109 @@
+#########################################################################
+# Restriction directives
+#########################################################################
+
+# The base display number from which sessions are started.
+#DISPLAY_BASE=2000
+
+# The maximum number of contemporary sessions that can be run on FreeNX
+#SESSION_LIMIT=200
+
+# The maximum number of contemporary sessions that a single user can run
+# on FreeNX.
+#SESSION_USER_LIMIT=20
+
+# The number of displays reserved for sessions, it has to be greater or equal
+# to the maximum number of contemporary sessions that a server can run.
+#DISPLAY_LIMIT=200
+
+
+# User for which sessions should be persistent. Either the keyword "all" or a
+# comma-separated list of usernames or groups in the @groupname syntax.
+#ENABLE_PERSISTENT_SESSION="all"
+
+# Users and groups for whom persistent sessions should be disabled.
+# Especially useful if ENABLE_PERSISTENT_SESSION="all"
+#DISABLE_PERSISTENT_SESSION=""
+
+# General nx shadowing
+# If ENABLE_SESSION_SHADOWING=1 nxserver will store in db shadow
+# cookies
+#ENABLE_SESSION_SHADOWING=1
+
+#
+# When using NX 3.0 shadowing, this enables asking the user whether
+# he authorizes another user to shadow his session
+#
+# 0: No authorization request will be presented,
+#    and the session will be shadowed as if the user had approved.
+# 1: (default) Ask for authorization
+#
+#ENABLE_SESSION_SHADOWING_AUTHORIZATION=1
+
+# Allow session shadowing in interactive mode:
+#
+# 1: The shadowing user can interact with the shadowed session.
+#
+# 0: The shadowed session is view-only. No interaction with the
+#    shadowed session is possible.
+#
+#ENABLE_INTERACTIVE_SESSION_SHADOWING=1
+
+#
+# Enable or disable clipboard:
+#
+# client:  The content copied on the client can be pasted inside the
+#            NX session.
+#
+# server: The content copied inside the NX session can be pasted
+#             on the client.
+#
+# both:    The copy&paste operations are allowed both between the
+#             client and the NX session and vice-versa.
+#
+# none:   The copy&paste operations between the client and the NX
+#            session are never allowed.
+#
+#ENABLE_CLIPBOARD="both"
+
+
+#
+# Enable or disable the pulldown dialog, which provides a graphical
+# way to suspend or terminate the rootless session:
+#
+# 1: Enabled. The pulldown menu is shown when the mouse pointer
+#     moves near the middle of the top boundary of a window and
+#     allows the user to suspend or terminate the session by means
+#     of an icon-click.
+#
+# 0: Disabled. The ctrl+alt+T key combination has to be issued
+#     to get the dialog for suspending or terminating the session.
+#
+#ENABLE_PULLDOWN_MENU=1
+
+# If you set ENABLE_ADVANCED_SESSION_CONTROL=1 you can start a new application
+# in an already running rootless session by using "add <rest of name>" as
+# session name.
+#
+# Note: The client will return a message on that.
+#
+#ENABLE_ADVANCED_SESSION_CONTROL=0
+
+# If you set ENABLE_SHOW_RUNNING_SESSIONS=0 then nxserver will only show
+# suspended sessions and you will not be able to resume or terminate a running
+# session.
+# dimbor: for autoreconnect must set to 0
+#
+#ENABLE_SHOW_RUNNING_SESSIONS=0
+
+# If value of this option not empty (valid dir) "run-acl" system is switch on:
+# On session start (node_find_application) called acl check process.
+# ACL-files in NX_ACL_DIR describes user/group permissions for given cmdstr.
+# ACL filenames are usernames, groupnames and "all". Permissions search order:
+# user - group - all. See $NX_ETC_DIR/acls/README for detail
+# After change of NX_ACL_DIR running 'nxsetup --mkdb' is required
+# Example: NX_ACL_DIR="/etc/nxserver/acls"
+#NX_ACL_DIR=""
+
+# Default acl warning message.
+#NX_ACL_WARN="Access denied!"

conf/conf.d/03-logging.conf

@@ -0,0 +1,24 @@
+#########################################################################
+# Logging directives
+#########################################################################
+
+# This directives controls the verbosity of the server-wide log.
+# 0/1: No Logging/Logging
+#NX_LOG_LEVEL=0
+
+# Before turning logging on, please make sure that NX_LOGFILE is
+# writeable for the "nx" user
+#NX_LOGFILE=/var/log/nxserver.log
+
+# This directive controls if the temporary session directory
+# ($HOME/.nx/C-<hostname>-<display>-<session_id>) should be kept after a
+# session has ended. A successfully terminated session will be saved as
+# T-C-<hostname>-<display>-<session_id> while a failed session will be saved
+# as F-C-<hostname>-<display>-<session_id>.
+# The default is to cleanup the directories.
+#SESSION_LOG_CLEAN=1
+
+# Amount of seconds nxserver is to keep session history. The default of 2592000
+# is equivalent to 30 days. If this is 0 no session history will be kept
+# and a negative value denotes infinity.
+#SESSION_HISTORY=2592000

conf/conf.d/04-balancing.conf

@@ -0,0 +1,31 @@
+
+# LOAD BALANCING
+# ==============
+#
+# To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
+# make:
+#
+#   - either sure that all incoming connections are sent to the master
+#     server by using forwarding directives on the "slave" servers.
+#
+#   - or share the session database space via NFS between the servers.
+#     (not recommended at the moment as race conditions for DISPLAYs can
+#      occur)
+#
+#LOAD_BALANCE_SERVERS=""
+
+# The following load_balance_algorithms are available at the moment:
+#
+# "load", "round-robin", "random"
+#
+# For "load" you need a script called nxcheckload in PATH_BIN.
+#
+# A sample script, which you can change to your needs it shipped with
+# FreeNX under the name nxcheckload.sample.
+#LOAD_BALANCE_ALGORITHM="random"
+
+# By setting ENABLE_LOADBALANCE=1 you can let users choose their
+# preferred host, while being forwarded to another server. Of course
+# this is just a preference. The loadbalancing algorithm can completely
+# choose to ignore the users choice.
+#ENABLE_LOAD_BALANCE_PREFERENCE=0

conf/conf.d/05-sound.conf

@@ -0,0 +1 @@
+# is empty

conf/conf.d/06-path.conf

@@ -0,0 +1,116 @@
+#########################################################################
+# Path directives
+#########################################################################
+
+# Add the nx libraries to LD_LIBRARY_PATH before starting nx agents.
+# WARNING: This will NOT (and should not) affect applications. ONLY Disable
+# this if the nx libraries are in a standard system path (such as /usr/lib)!
+#SET_LD_LIBRARY_PATH=0
+
+# The command binary for the default window manager. If set it is run when a
+# 'unix-custom' session is requested by the NX Client and an application
+# to run is specified. It defaults to empty (ie no WM is run).
+# If KILL_DEFAULT_X_WM is set the WM is terminated after the started
+# application finishes. Else FreeNX will wait for the WM to complete.
+#DEFAULT_X_WM=""
+#KILL_DEFAULT_X_WM=1
+
+# When a 'unix-default' session is requested by the client the user's X startup
+# script will be run if pressent and executable, otherwise the default X
+# session will be run.
+# Depending on distribution USER_X_STARTUP_SCRIPT might be .Xclients, .xinitrc
+# and .Xsession
+# Depending on distribution DEFAULT_X_SESSION might be /etc/X11/xdm/Xsession,
+# /etc/X11/Sessions/Xsession or /etc/X11/xinit/xinitrc
+#USER_X_STARTUP_SCRIPT=.Xclients
+#DEFAULT_X_SESSION=/etc/X11/Xsession
+#COMMAND_GDM_X_SESSION="/etc/X11/gdm/Xsession custom"
+
+# When the session is started some distros execute some scripts to get the
+# environment ready. Set 1 if you want DEFAULT_X_SESSION to be called before
+# executing the session.
+#BOOTSTRAP_X_SESSION=0
+
+# The key that contains the name of the script that starts a KDE session.
+# It's run when a 'unix-kde' session is requested by the client.
+# Default is "startkde"
+#COMMAND_START_KDE=startkde
+
+# The key that contains the name of the script that starts a gnome session.
+# It's run when a 'unix-gnome' session is requested by the client.
+# Default is "gnome-session"
+#COMMAND_START_GNOME=gnome-session
+
+# The key that contains the name of the script that starts a CDE session.
+# It's run when a 'unix-cde' session is requested by the client.
+#COMMAND_START_CDE=cdwm
+
+#COMMAND_NXAGENT=nxagent
+
+# The key that contains the name of the complete path of command name
+# 'xterm'. It is run when a unix "xterm" session is requested by the
+# client.
+#COMMAND_XTERM=xterm
+
+# The key that contains the name of the complete path of command name
+# 'xauth'.
+#COMMAND_XAUTH=xauth
+
+# The key that contains the name of the complete path of command name
+# 'sudo'.
+#COMMAND_SUDO=sudo
+
+# The key that contains the name of the complete path of command name
+# 'mount'.
+#COMMAND_MOUNT_LIST=mount
+
+# The key that contains the name of the complete path of command name
+# 'mount.cifs'.
+#COMMAND_SMBMOUNT=mount.cifs
+
+# The key that contains the name of the complete path of command name
+# 'umount.cifs'.
+#COMMAND_SMBUMOUNT=umount
+
+# The key that contains the name of the complete path of the 'netcat' command.
+#COMMAND_NETCAT=netcat
+
+# The key that contains the name of the complete path of the 'ssh' and
+# 'ssh-keygen' command.
+#COMMAND_SSH=ssh
+
+#COMMAND_SSH_KEYGEN=ssh-keygen
+
+# The tool to generate md5sums with
+#COMMAND_MD5SUM=md5sum
+
+# The key that contains the name of the complete path of the 'rdesktop' command.
+#COMMAND_RDESKTOP=rdesktop
+
+# The key that contains the name of the complete path of the 'vncviewer' command.
+#COMMAND_VNCVIEWER=vncviewer
+
+#COMMAND_NXCHECKLOAD="nxcheckload"
+
+# The key that contains the name of the complete path of the 'vncpasswd' command.
+# By default the builtin nxpasswd is used.
+#COMMAND_VNCPASSWD=nxpasswd
+
+#COMMAND_SESSREG=sessreg
+
+# Command for cp converting
+#COMMAND_ICONV=iconv
+
+# Commands for hiding/unhiding passwords
+#COMMAND_HIDE=base64
+#COMMAND_UNHIDE="base64 -d"
+
+# Command to get process list
+#COMMAND_PS=ps
+
+# Commands to pulseaudio control
+#COMMAND_PA=pulseaudio
+#COMMAND_PACTL=pactl
+
+# Application to display X message.
+#COMMAND_XMSG="nxdialog --dialog ok --caption 'freenx server' --message"

conf/conf.d/07-misc.conf

@@ -0,0 +1,42 @@
+#########################################################################
+# Misc directives
+#########################################################################
+
+# When set to 1 this will automatically resume started sessions
+#ENABLE_AUTORECONNECT=1
+
+# When set to 1 exports NXUSERIP / NXSESSIONID in nxnode
+#EXPORT_USERIP=1
+#EXPORT_SESSIONID=1
+
+# This can be set to any executable, which is started after session startup
+# like: $NODE_AUTOSTART {start|restore}
+#NODE_AUTOSTART=""
+
+# When set to 1 will start nxagent in rootless mode.
+#ENABLE_ROOTLESS_MODE=1
+
+# If enabled writes entries via the COMMAND_SESSREG program
+# into utmp/wtmp/lastlog database.
+# Note: You have to make sure that you add the nx user to the
+#       utmp or tty group or how its called on your system
+#       before this directive works.
+#ENABLE_USESSION=1
+
+# Extra options to vncviewer command. Default are for tigervnc-viewer
+#EXTRA_OPTIONS_RFB="-Shared"
+
+# Extra options to rdesktop command. Default are for xfreerdp
+#EXTRA_OPTIONS_RDP="/cert-ignore /kbd:0x00000409 /home-drive +clipboard"
+
+# Time to sleep before calling terminate nxagent
+#NODE_APP_WAIT_TIMEOUT=3
+
+# Force terminate session if NODE_APP_WAIT_TIMEOUT ends
+#ENABLE_ROOTLESS_TERMINATE_SESSION=0
+
+# In case ENABLE_ROOTLESS_TERMINATE_SESSION=1 if starting apps found
+# in APP_WAIT_MAP then appropriate processes will be controlled of.
+# Further nxnode will wait for them completion after main app finished.
+# Format: "app_name1:sname1[,sname2...][;app_name2:sname3[,sname4...][;...]]"
+#APP_WAIT_MAP=""

conf/conf.d/08-bash.conf

@@ -0,0 +1,11 @@
+# If SOURCE_SYS_PROFILE is not empty and readable FreeNX will source
+# it before application startup as we are kind of a login shell.
+# default: /etc/profile
+#SOURCE_SYS_PROFILE="/etc/profile"
+
+# If SOURCE_BASH_USER_PROFILE is not empty and readable FreeNX will source
+# it before application startup as we are kind of a login shell.
+# Please use absolute path or short file name.
+# default: .profile
+#SOURCE_USER_PROFILE=".profile"
+

conf/conf.d/09-cups.conf

@@ -0,0 +1,26 @@
+# System CUPS with sudo is used.
+# put drivers to /etc/nxserver/ppd dir (more info in
+# http://unixforum.org/index.php?showforum=89)
+
+# Our own CUPS ppd dir
+#NX_PPD_DIR=$NX_ETC_DIR/ppd
+
+# Commands to CUPS control
+
+#COMMAND_LPINFO=lpinfo
+
+#COMMAND_LPSTAT=lpstat
+
+#COMMAND_LPADMIN="lpadmin"
+
+#COMMAND_PPDCAT=/usr/lib/cups/daemon/cups-driverd
+
+#CUPS_DEFAULT_SOCK=/var/run/cups/cups.sock
+
+# for check cups backends only
+
+#CUPS_BACKEND=/usr/lib/cups/backend
+
+#CUPS_IPP_BACKEND=$CUPS_BACKEND/ipp
+
+#CUPS_NXSMB_BACKEND=$CUPS_BACKEND/nxsmb

conf/conf.d/10-samba.conf

@@ -0,0 +1,16 @@
+# FreeNX with ENABLE_SAMBA_PRELOAD=1 will automatically setup
+# port 445 and 139 and forward them to the used samba port.
+#
+# This enables samba browsing to the local subnet in for example
+# konqueror.
+#
+#ENABLE_SAMBA_PRELOAD=0
+
+# Additional mount options for mount command (mount.cifs)
+#SMB_MOUNT_OPTIONS="vers=2.1,iocharset=utf8,file_mode=0660,dir_mode=0770"
+
+# How to inteprete international symbols in win-client resource-names.
+# Contains none,one or more charsets pairs - arguments "[from]>[to]" of iconv command.
+# if none, it's equivalent of system charset,
+# eg ">cp1252 cp1251>" == "latin1>cp1252 cp1251>UTF-8"
+#WIN_CP_CONVERT_CHAIN=""

conf/conf.d/11-nxagent.conf

@@ -0,0 +1,10 @@
+#AGENT_EXTRA_OPTIONS_X="-nolisten tcp -dpi 96"
+
+# The number of seconds we wait for the nxagent to start before
+# deciding startup has failed
+#AGENT_STARTUP_TIMEOUT=15
+
+# The font server the agent will use. If set to "" no font server is used.
+# For this to do any good, the client has to have the same font server set
+# in /etc/X11/XF86Config
+#AGENT_FONT_SERVER=""

conf/conf.d/12-nxproxy.conf

@@ -0,0 +1,10 @@
+# Disable or enable use of 'tcp nodelay' on proxy. Old versions of Linux
+# kernels have problems using this option on sockets that will cause a loss
+# of TCP connections. This option is not set by default to allow clients to
+# specify whether to enable or disable TCP nodelay. Setting this option to
+# the value of 0 NX proxy avoids using 'tcp nodelay' but it will cause a
+# loss of interaction in sessions.
+#PROXY_TCP_NODELAY=""
+
+# Extra options to nxproxy. See !M documentation for useful parameters.
+#PROXY_EXTRA_OPTIONS=""

conf/conf.d/50-numlockx.conf

@@ -0,0 +1,8 @@
+# Binary filename provides numlockx
+#NUMLOCKX=numlockx
+
+# numlockx run strategy. valid value are:
+#	'on' -- run 'numlockx on' at session startup
+#	'off' -- run 'numlockx off' at session startup
+#	'system' -- default. don't run numlockx
+#NUMLOCK_METHOD="system"

conf/node.conf

@@ -0,0 +1 @@
+# See /etc/nxserver/node.conf.d/*.conf