SVN commit 454795 by pfeifle: This patch adds support for secure and encrypted file sharing in NX-type Terminal Servers for KDE sessions by using a modified fish:// KIO slave. File sharing happens between local NX Client and the remote NX Server without the need to have Samba installed. The patch extends the "fish://(...)" KIO slave so that it may also be run simply as "nxfish:/". If run as "nxfish:/" from Konqueror (or the Mini CLI) of the remote session, the file listing window will contain every file or subdirectory that is contained in ${HOME}/NX-Shares (default; may be configured to use a different resource). To make nxfish work, create a directory named "${HOME}/NX-Shares" on your NX Client. Then put into that directory all the files you want to see and share in the remote NX session. You can also put files or new directories into the nxfish:/ window and then find them created in your local NX client's ${HOME}/NX-Shares directory. The beauty of nxfish is this: it also follows symlinks. This means: you just need to create symbolic links inside the "${HOME}/NX-Share" directory, and their target files will appear in the remote NX session just as if they were there directly. The security of nxfish is outlined by these facts: a) each NX user's nxfish:/ KIO slave is of course only pointing to his own ${HOME}/NX-Shares resource; b) it is not possible to "climb up" into ${HOME} from the shared resource; c) user authentication is completely transparent (no need to type a password) and guaranteed by FreeNX; d) the "executable" bit of the files (or symlinks) is ignored by nxfish; e) if nxfish follows a symlink pointing to a directory, it is not possible in the target directory to "climb" up; f) if the symlink however points to "/", you can of course walk around the complete file system tree of your NX client. NOTE: nxfish:/ will only work if the remote NX server supports this feature. Support for nxfish:/ will appear in FreeNX-0.5 (not yet released); the authors hope its functionality will also be included into the NoMachine NX server. If you are interested to use this feature with FreeNX-0.4.x, ask on the FreeNX-kNX@kde.org mailing list for manual installation instructions. nxfish:/ was developed by Fabian Franz. Waldo Bastian reviewed the code. I am just the messenger. Cheers, Kurt M +1 -1 Makefile.am M +17 -3 fish.cpp A nxfish.protocol --- branches/KDE/3.5/kdebase/kioslave/fish/Makefile.am #454794:454795 @@ -12,7 +12,7 @@ DISTCLEANFILES = fishcode.h -kdelnk_DATA = fish.protocol +kdelnk_DATA = fish.protocol nxfish.protocol kdelnkdir = $(kde_servicesdir) METASOURCES = AUTO --- branches/KDE/3.5/kdebase/kioslave/fish/fish.cpp #454794:454795 @@ -110,6 +110,8 @@ // disabled: currently not needed. Didn't work reliably. // static int isOpenSSH = 0; +static int isNXFish = 0; + #define E(x) ((const char*)remoteEncoding()->encode(x).data()) using namespace KIO; @@ -146,6 +148,11 @@ ; sigaction(SIGCHLD,&act,NULL); + if (qstrcmp(argv[1],"nxfish")==0) { + // Set NXFish - Mode + isNXFish=1; + } + fishProtocol slave(argv[2], argv[3]); slave.dispatchLoop(); @@ -244,7 +251,10 @@ if (sshPath == NULL) { // disabled: currently not needed. Didn't work reliably. // isOpenSSH = !system("ssh -V 2>&1 | grep OpenSSH > /dev/null"); - sshPath = strdup(QFile::encodeName(KStandardDirs::findExe("ssh"))); + if (isNXFish) + sshPath = strdup(QFile::encodeName(KStandardDirs::findExe("nxfish"))); + else + sshPath = strdup(QFile::encodeName(KStandardDirs::findExe("ssh"))); } if (suPath == NULL) { suPath = strdup(QFile::encodeName(KStandardDirs::findExe("su"))); @@ -297,7 +307,7 @@ void fishProtocol::openConnection() { if (childPid) return; - if (connectionHost.isEmpty()) + if (connectionHost.isEmpty() && !isNXFish) { error( KIO::ERR_UNKNOWN_HOST, QString::null ); return; @@ -640,7 +650,11 @@ void fishProtocol::setHost(const QString & host, int port, const QString & u, const QString & pass){ QString user(u); - local = (host == "localhost" && port == 0); + if (isNXFish) + local = 0; + else + local = (host == "localhost" && port == 0); + if (port <= 0) port = 0; if (user.isEmpty()) user = getenv("LOGNAME");