Samstag, März 15, 2008

 

Release: FreeNX 0.7.2 "Priscilla Edition"

Hi, my dear users and developers,

It is release time again!

And I am proud to present you today the FreeNX 0.7.2 "Priscilla Edition".

And as you can see here:

http://docs.google.com/Doc?docid=dfnr3gx_38xgzqggm

it is all green here. *happy*

It is literally to the point two months late, but the waiting allowed me to
implement lots of those last minute Feature Requests.

For those being impatient, download it and try it out:

http://prdownload.berlios.de/freenx/freenx-server-0.7.2.tar.gz

There have been some changes, which first of all is already viewable via
the name:

freenx was renamed to freenx-server as with qtnx and nxcl library we now
also have a freenx-client, which is at the moment waiting in the debian NEW
queue!

I am really proud of that. Okay, back to the freenx release:

The seonnd thing is that freenx no longer only contains bash scripts, but
also sources for some binaries and libraries, which enhance functionality.

As that made building more complicated I finally added a Makefile, with
which FreeNX can even be installed!

- So if the NoMachine GPL components are installed in for example
/usr/NX, one would have to do:

$ cd freenx-server-0.7.2
$ patch -p0 < gentoo-nomachine.diff
$ make
$ sudo make install
$ sudo /usr/NX/bin/nxsetup --install

The binaries include nxpasswd and nxserver-helper.

The lib is nxredir, which was imported from freenx-utils.

Now lets check, what makes those binaries so special.

* nxpasswd was imported / forked from the last known revision of nxviewer.

It already was the last time a necessary component to run vncviewer and
most vncpasswd versions do not supply what is needed, so I decided to
include it in the tar ball.

* nxserver-helper:

Now that is one hell of a program. ;-)

I finally made the slave mode usable. This dramatically reduces session
login times and makes single sign on possible (with for example one time
pad keywords).

I am using the slave mode since I made it usable and it works really fine
for me, however I think that still a bit more testing is needed, before I
make it the default.

So if I get lots of reports like: "That new slave mode is so wonderfully",
there are high chances that it is the default the next time.

What this slave mode also makes possible (even though it is not yet
included in this release) is a suid nx wrapper imported from FreeNX
Redesign.

This means a login is possible via ssh to the user without loosing any
advantages of the nx user. (almost, loadbalancing would be more difficult
at the moment)

I already tested it and it works out of the box, however I would like to
only introduce it in a release once we have a working client. (qtnx is a
good possibility for that. Did I say I am proud of it, already?)

I once had made a nxssh wrapper, which gets the password from nxclient by
faking the first part of the protocol, then connecting as the user. With
that wrapper it is then as easy as:

ssh user@host /usr/NX/bin/nxserver-suid

to get to the NX> 103 successfully logged in prompt.

Apropos redesign. I think you all are eager to know what the status is.

The status is that 2 Google employees, Stephen Shirley and Al Riddoch have
done some nice work on the redesign already and its working! If anyone is
brave enough, it can be found in trunk/freenx-redesign.

Okay, lets continue.

* nxredir library

This is a small library, which I already basically programmed in 2005, but
now completed.

It is necessary for the new nxsmb frontend to work with both SBM port 139
and CIFS ort 445 style forwarding and to also allow connecting to samba
shares via konqueror smb://127.0.0.1/.

nxredir is now the default!

That means once samba sharing is enabled, all smb* programs can be used
normally.

This also finally solves all printing related problems without having to
patch sambas smbprint.

nxredir basically forwards all connections to 127.0.0.1:139 or
127.0.0.1:445 to some other port based on the NXSAMBA_PORT environment
variable.

Now we come to all the bug fixes:

- Fixed the display of local sessions to display only
when session type is VNC.
- Fixed the issue that commercial NXClient was called with 0 parameters
and such the "Connection Wizard" came up.
- Added catching of exception after failed nscd command.
- Fixed helpers (desktop, viewer) to honour the
AGENT_EXTRA_OPTIONS_{RDP,RFB} parameters set in node.conf.
- Fixed: Invoke curl with --proxy "" for automatic download of ppd files.
- Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
- Fixed: nxserver --send and nxserver --broadcast not working with load balancing.
- Fixed: mport is not always written (Gentoo)
- Fixed: nscd is run even if the daemon is not running (Gentoo)
- Fixed: nxserver might fail if $USER is not set
- Fixed a small bug in nxserver when password has spaces at the end or
beginning
- Fixed round-robin mode of load balancing.
- Fixed paths for some binaries, which get patched

Okay, so lots of bugs fixed.

A really big thanks goes out to Gentoo, whose patches I applied.

Now we come to the feature requests that have been done:

* Added freenx-server startup script. You can make a symlink to
/etc/init.d/ to have it start automatically.

Well this item was a wish to automatically cleanup the failed sessions
after a reboot for example and to make the permissions right of
/tmp/.X11-unix even if no Xserver is installed.

Distributors are asked to include this script to $PATH_BIN and add a
symlink to /etc/init.d/. It is not automatically installed by the Makefile
as each distribution has different ways to update the links to /etc/rc*.d/.

And it is optional even though it is generally recommended to install.

* Added nxsetup --test to test the configuration and connection to
localhost nxserver.

This item means it is now even easier to test if the ssh setup is okay.

Once installed and it stopped working, you only had the possibility to
reinstall and hope that it would work then again.

Now you can always test if the connection is still working generally.

This will hopefully make user support easier. Thanks to all contributors,
who do help on IRC or via Mail if someone needs help!

There have been also some more cases added, why sshd might fail to login.

* Set ENABLE_USESSION="1" option by default - its hard to find and those
who know can shut it off anyway. Added automatic adding of user nx to group
utmp.

This was a patch by the Gentoo portage and I found it nice. So nx sessions
will be in "$ w" command by default now.

And together with the slave mode you'll also only have one login per user
login.

* Added support for 3.1.0 and later backends. Made 2.0.0 backend the
default and added a fallback to 1.5.0 via the same detection mechanism.

Now this is one thing I should have already done a long time ago.

Now once a new NX libs version came out we always had to update
nxloadconfig to select the new backend even though only the version number
had been changed.

Now the 1.5.0 backend can be selected by those who still want to use it and
the default is 2.0.0, 2.1.0, 3.0.0 and 3.1.0 style.

* Suppress of pulldown menu (option in nomachine config)

FreeNX also now has the same option to suppress the pulldown menu in
rootless mode.

ENABLE_PULLDOWN_MENU="0" helps in the case where the pulldown menu is not
wanted.

* Do not show running sessions, when ENABLE_RESUME_RUNNING_SESSIONS="0"

It is now possible to select, which kind of sessions are resumable. All
sessions or only those that are suspended.

* Start a process in an already running session or start a new one
(rootless)

This option is not yet completely finished, however it already works even
though the client is returning an error.

If you set ENABLE_ADVANCED_SESSION_CONTROL="1" and then use "add <name>" as
session name, i.e. "add myhomeserver" you can start an application in an
already running rootless session.

Note: You can't resume this session via this way, if its not suspended
first.

I wrote an email explaining this feature to the list, which also explains a
possible usage scenario involving perl to reset auto-reconnect session to
true and usage of --plugin of nxclient.

This wish was granted for Berharnd Donaubauer.

* Add processor affinity option

FreeNX can now optionally use the TASKSET program to run all nx related
processes on one or two special cores.

The trick is that nxloadconfig is re-balancing the current shell and as
each FreeNX program depends on nxloadconfig, this means that all nx related
processes are put to the configured core.

This wish was granted for Gregory Carter. Have fun with it!

* Add nxacl component to see if session is allowed to start and to modify
any parameters necessary.

I like this one a lot. This was an implemented proposal for the redesign,
but it fits into FreeNX as well.

The idea is that nxserver is giving all information and parameters about
the session to nxacl via the first commandline argument.

nxacl can then do:

- allow a session: exit 0
- deny a session: exit 1

and:

- change all parameters, by echo'ing them out.

The sample nxacl.sample in FreeNX 0.7.2 looks like:

# ...
# Example 0: All allowed

allow_all()
{
# Parameters unchanged
echo "$CMDLINE"

# Session allowed
exit 0
}

# Example 1: Allow only unix-kde sessions, deny others

allow_unix_kde()
{
type=$(getparam type)
if [ "$type" != "unix-kde" ]
then
echo "Only sessions with type unix-kde are allowed."
exit 1
fi

allow_all
}

# Example 3: Allow only unix-kde sessions, change type always to unix-kde
# and virtualdesktop=1, rootless=0

allow_unix_kde_2()
{
changeparam type unix-kde
changeparam virtualdesktop 1
changeparam rootless 0

allow_all
}

#
# You can make as complex samples as you want, if you have one, I would be
# very interested!
# Fabian
#
# Send it to: FreeNX-kNX@kde.org.
#

# default action
allow_all

I did love the policies you can set in NoMachine nxserver, but I wanted to
make it easy and flexible in the same way.

With this script each administrator can set as complex policies as needed,
but he is also so flexible that he can give access for example only to
USERs belonging to group kde or users or myusers or remoteusers or
whatever.

Perhaps someone wants to program a conversion from --ruleadd (like in !M
server) to nxacl shell script ;-)?

Patches are welcome.

It is working great!

Here comes the full ChangeLog:

14.03.2008 FreeNX 0.7.2 "Priscilla Edition"
* Opened the 0.7.2 development.
* Fixed the display of local sessions to display only
when session type is VNC.
(fabianx@bat.berlios.de)
* Fixed the issue that commercial NXClient was called with 0 parameters
and such the "Connection Wizard" came up.
(fabianx@bat.berlios.de)
* Added freenx-server startup script. You can make a symlink to
/etc/init.d/ to have it start automatically.
(fabianx@bat.berlios.de)
* Added catching of exception after failed nscd command.
(fabianx@bat.berlios.de)
* Invoke curl with --proxy "" for automatic download of ppd files.
(Wolfgang Schweer <schweer@cityweb.de>)
* Reorganized nxsetup to have a function for parsing command line
options.
(fabianx@bat.berlios.de)
* Added nxsetup --test to test the configuration and connection to
localhost nxserver.
(fabianx@bat.berlios.de)
* Added -o ConnectTimeout 3 to nxnode-login for test-nx case.
(cedric briner <work@infomaniak.ch>)
* Added more examples for "failed ssh connection to localhost" cases.
(cedric briner <work@infomaniak.ch>, fabianx@bat.berlios.de)
* Fixed helpers (desktop, viewer) to honour the AGENT_EXTRA_OPTIONS_{RDP,RFB}
parameters set in node.conf.
(fabianx@bat.berlios.de)
* Fixed the default value for ENABLE_CLIPBOARD="both" instead of ' = '.
(fabianx@bat.berlios.de)
* Fixed parsing of SMB port and added a fallback if mport file is empty.
(Patch from Gentoo Portage)
* Run nscd only when nscd.pid is present.
(Patch from Gentoo Portage)
* Fixed possible bug in nxserver when $USER is not set.
(Patch from Gentoo Portage)
* Set ENABLE_USESSION="1" option by default - its hard to find and those who know can
shut it off anyway. Added automatic adding of user nx to group utmp.
(Patch by Gentoo Portage)
* Added support for 3.1.0 and later backends. Made 2.0.0 backend the
default and added a fallback to 1.5.0 via the same detection mechanism.
(fabianx@bat.berlios.de)
* Added the configuration key ENABLE_PULLDOWN_MENU to be able to
disable the pulldown menu for rootless sessions.
(fabianx@bat.berlios.de)
* Fixed a small bug in nxserver when password has spaces at the end or
beginning.
(Dimitar Paskov)
* Fixed round-robin mode of load balancing.
(fabianx@bat.berlios.de)
* Added check for /tmp/.X11-unix/X*.
(Yves-Gael Cheny <yves-gael.cheny at tranquil-it-systems.fr>)
* Fixed --send|--broadcast for load balancing case.
Note: ssh is used, so you need to either insert your root ssh password
for the nodes again and again, use a public key + agent or use host keys.
(fabianx@bat.berlios.de)
* Added possibility to use the new nxsmb backend. This enables us to support
CIFS and SMB printing at the same time - without recompiling samba -
via the nxredir preload library.
(fabianx@bat.berlios.de)
* Added usage of nxredir library to forward port 139,445 to the
client side forwarded SMB port.
(fabianx@bat.berlios.de)
* Made the slave mode finally functional. With that slave mode it is
possible to do a single sign on instead of the multiple logins used
before. It is also possible to use a suid wrapper to login as user.
With single sign on session startup is a lot faster. This is true
especially if there are many printers and files to be shared.
(fabianx@bat.berlios.de)
* Added detection of backend version and added this output
to version string.
(fabianx@bat.berlios.de)
* Added foomatic-ppdfile to the retested values.
(fabianx@bat.berlios.de)
* Added possibility to balance all nx services to different cores
using taskset. Use for example USE_PROCESSOR_TASKSET="3,4" to
balance all services to processor cores 3 and 4.
This wish was granted for Gregory Carter.
(fabianx@bat.berlios.de)
* Added initial code to add an application to an already running
rootless session.
Set ENABLE_ADVANCED_SESSION_CONTROL="1" and use session name
like "add <sessionname>". Unfortunately the client returns an
error, but the application is started anyway.
The wish was granted for Bernhard Donaubauer.
(fabianx@bat.berlios.de)
* Added option to disable the showing of running sessions.
Set ENABLE_SHOW_RUNNING_SESSIONS="0" if you want that behaviour.
(fabianx@bat.berlios.de)
* Updated documentation in INSTALL file.
(fabianx@bat.berlios.de)
* Added nxviewer-passwd to distribution. It is a fork of the
tightvnc vncpasswd part, which is necessary for FreeNX to work
with standard vncviewer.
(fabianx@bat.berlios.de)
* Added a Makefile so FreeNX can be build and installed via.
$ make
$ # edit nxloadconfig to point where it should install to
$ make install
Hereby FreeNX is installed to where nxloadconfig points and
static paths in nxredir and nxsmb are adjusted accordingly.
So if you want it to be in /usr/NX/ be sure to apply
gentoo-nomachine.diff first or edit nxloadconfig manually.
(fabianx@bat.berlios.de)
* Added nxacl.sample component. If you copy nxacl.sample to
$PATH_BIN/nxacl you can make as complex acl scenarios as you
want. You have complete control over all data and can deny
any session.
(fabianx@bat.berlios.de)

Have Fun!

We'll see if we do the next release like planned in 1 month or in 3 months
from now.

Best Wishes and may you have a very nice day / night / morning / evening / afternoon / ...,

Fabian

PS: These are exciting times :-).

# posted by Fabianx @ 21:30 0 comments

Sonntag, März 02, 2008

 

FreeNX session administrator


Стяжкін Максим has created a simple session administrator for FreeNX:



I find this quite cool.

Here is the original message:
Hi to everybody.
I have created the simple graphic program. It helps to manage with users
sessions logined on FreeNX server. In its window the program shows the
list of active users at the present moment and helps to end or suspend
selected or all the sessions,send a message to selected or all the users
using the functionality of nxserver.
Source codes and gathered for SUSE rpm packages are available in my
repository -
http://download.opensuse.org/repositories/home:/maxt_t/

Hope that my program will be useful. Thanks!
Thank you very much, this is really neat!

# posted by Fabianx @ 14:08 0 comments
 

FreeNX 0.7.2 Roadmap

Bugs

Features


Fr 14. Mär 22:31:50 CET 2008 -> Ready to release!

Wishes


See this updated live:

http://docs.google.com/Doc?id=dfnr3gx_38xgzqggm

Regards,

Fabian


# posted by Fabianx @ 10:19 0 comments

This page is powered by Blogger. Isn't yours?