/*
- * "$Id: cert.c 6649 2007-07-11 21:46:42Z mike $"
+ * "$Id: cert.c 12034 2014-07-16 19:37:34Z msweet $"
*
- * Authentication certificate routines for the Common UNIX
- * Printing System (CUPS).
+ * Authentication certificate routines for the CUPS scheduler.
*
- * Copyright 2007 by Apple Inc.
- * Copyright 1997-2006 by Easy Software Products.
+ * Copyright 2007-2014 by Apple Inc.
+ * Copyright 1997-2006 by Easy Software Products.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
- *
- * Contents:
- *
- * cupsdAddCert() - Add a certificate.
- * cupsdDeleteCert() - Delete a single certificate.
- * cupsdDeleteAllCerts() - Delete all certificates...
- * cupsdFindCert() - Find a certificate.
- * cupsdInitCerts() - Initialize the certificate "system" and root
- * certificate.
+ * These coded instructions, statements, and computer programs are the
+ * property of Apple Inc. and are protected by Federal copyright
+ * law. Distribution and use rights are outlined in the file "LICENSE.txt"
+ * which should have been included with this file. If this file is
+ * file is missing or damaged, see the license at "http://www.cups.org/".
*/
/*
void
cupsdAddCert(int pid, /* I - Process ID */
- const char *username) /* I - Username */
+ const char *username, /* I - Username */
+ int type) /* I - AuthType for username */
{
int i; /* Looping var */
cupsd_cert_t *cert; /* Current certificate */
/* Hex constants... */
- cupsdLogMessage(CUPSD_LOG_DEBUG2,
- "cupsdAddCert: adding certificate for pid %d", pid);
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAddCert: Adding certificate for PID %d", pid);
/*
* Allocate memory for the certificate...
* Fill in the certificate information...
*/
- cert->pid = pid;
+ cert->pid = pid;
+ cert->type = type;
strlcpy(cert->username, username, sizeof(cert->username));
for (i = 0; i < 32; i ++)
- cert->certificate[i] = hex[random() & 15];
+ cert->certificate[i] = hex[CUPS_RAND() & 15];
/*
* Save the certificate to a file readable only by the User and Group
if ((fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0400)) < 0)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
- "cupsdAddCert: Unable to create certificate file %s - %s",
+ "Unable to create certificate file %s - %s",
filename, strerror(errno));
free(cert);
return;
* groups can access it...
*/
+ int j; /* Looping var */
+
# ifdef HAVE_MBR_UID_TO_UUID
/*
* On MacOS X, ACLs use UUIDs instead of GIDs...
* Add each group ID to the ACL...
*/
+ for (j = 0; j < i; j ++)
+ if (SystemGroupIDs[j] == SystemGroupIDs[i])
+ break;
+
+ if (j < i)
+ continue; /* Skip duplicate groups */
+
acl_create_entry(&acl, &entry);
acl_get_permset(entry, &permset);
acl_add_perm(permset, ACL_READ_DATA);
acl_set_qualifier(entry, &group);
acl_set_permset(entry, permset);
}
+
# else
/*
* POSIX ACLs need permissions for owner, group, other, and mask
* Add each group ID to the ACL...
*/
+ for (j = 0; j < i; j ++)
+ if (SystemGroupIDs[j] == SystemGroupIDs[i])
+ break;
+
+ if (j < i)
+ continue; /* Skip duplicate groups */
+
acl_create_entry(&acl, &entry);
acl_get_permset(entry, &permset);
acl_add_perm(permset, ACL_READ);
{
char *text, *textptr; /* Temporary string */
-
cupsdLogMessage(CUPSD_LOG_ERROR, "ACL did not validate: %s",
strerror(errno));
text = acl_to_text(acl, NULL);
*textptr = ',';
cupsdLogMessage(CUPSD_LOG_ERROR, "ACL: %s", text);
- free(text);
+ acl_free(text);
}
# endif /* HAVE_MBR_UID_TO_UUID */
*/
cupsdLogMessage(CUPSD_LOG_DEBUG2,
- "cupsdDeleteCert: removing certificate for pid %d", pid);
+ "cupsdDeleteCert: Removing certificate for PID %d", pid);
DEBUG_printf(("DELETE pid=%d, username=%s, cert=%s\n", cert->pid,
cert->username, cert->certificate));
snprintf(filename, sizeof(filename), "%s/certs/%d", StateDir, pid);
if (unlink(filename))
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "cupsdDeleteCert: Unable to remove %s!\n", filename);
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to remove %s!", filename);
return;
}
snprintf(filename, sizeof(filename), "%s/certs/%d", StateDir, cert->pid);
if (unlink(filename))
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "cupsdDeleteAllCerts: Unable to remove %s!\n", filename);
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to remove %s!", filename);
/*
* Free memory...
* 'cupsdFindCert()' - Find a certificate.
*/
-const char * /* O - Matching username or NULL */
+cupsd_cert_t * /* O - Matching certificate or NULL */
cupsdFindCert(const char *certificate) /* I - Certificate */
{
cupsd_cert_t *cert; /* Current certificate */
- DEBUG_printf(("cupsdFindCert(certificate=%s)\n", certificate));
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert(certificate=%s)",
+ certificate);
for (cert = Certs; cert != NULL; cert = cert->next)
- if (!strcasecmp(certificate, cert->certificate))
+ if (!_cups_strcasecmp(certificate, cert->certificate))
{
- DEBUG_printf((" returning %s...\n", cert->username));
- return (cert->username);
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert: Returning %s...",
+ cert->username);
+ return (cert);
}
- DEBUG_puts(" certificate not found!");
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert: Certificate not found!");
return (NULL);
}
void
cupsdInitCerts(void)
{
+#ifndef HAVE_ARC4RANDOM
cups_file_t *fp; /* /dev/random file */
- unsigned seed; /* Seed for random number generator */
- struct timeval tod; /* Time of day */
/*
if ((fp = cupsFileOpen("/dev/urandom", "rb")) == NULL)
{
+ struct timeval tod; /* Time of day */
+
/*
* Get the time in usecs and use it as the initial seed...
*/
gettimeofday(&tod, NULL);
- seed = (unsigned)(tod.tv_sec + tod.tv_usec);
+ CUPS_SRAND((unsigned)(tod.tv_sec + tod.tv_usec));
}
else
{
+ unsigned seed; /* Seed for random number generator */
+
/*
* Read 4 random characters from the random device and use
* them as the seed...
*/
- seed = cupsFileGetChar(fp);
- seed = (seed << 8) | cupsFileGetChar(fp);
- seed = (seed << 8) | cupsFileGetChar(fp);
- seed = (seed << 8) | cupsFileGetChar(fp);
+ seed = (unsigned)cupsFileGetChar(fp);
+ seed = (seed << 8) | (unsigned)cupsFileGetChar(fp);
+ seed = (seed << 8) | (unsigned)cupsFileGetChar(fp);
+ CUPS_SRAND((seed << 8) | (unsigned)cupsFileGetChar(fp));
cupsFileClose(fp);
}
-
- srandom(seed);
+#endif /* !HAVE_ARC4RANDOM */
/*
* Create a root certificate and return...
*/
if (!RunUser)
- cupsdAddCert(0, "root");
+ cupsdAddCert(0, "root", cupsdDefaultAuthType());
}
/*
- * End of "$Id: cert.c 6649 2007-07-11 21:46:42Z mike $".
+ * End of "$Id: cert.c 12034 2014-07-16 19:37:34Z msweet $".
*/