/*
- * "$Id$"
- *
* Administration utility API definitions for CUPS.
*
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2016 by Apple Inc.
* Copyright 2001-2007 by Easy Software Products.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
- *
- * This file is subject to the Apple OS-Developed Software exception.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
*/
/*
*/
#include "cups-private.h"
+#include "ppd.h"
#include "adminutil.h"
#include <fcntl.h>
#include <sys/stat.h>
FILE *logfile);
static http_status_t get_cupsd_conf(http_t *http, _cups_globals_t *cg,
time_t last_update, char *name,
- int namelen, int *remote);
+ size_t namelen, int *remote);
static void invalidate_cupsd_cache(_cups_globals_t *cg);
static void write_option(cups_file_t *dstfp, int order,
const char *name, const char *text,
* The returned settings should be freed with cupsFreeOptions() when
* you are done with them.
*
- * @since CUPS 1.3/OS X 10.5@
+ * @since CUPS 1.3/macOS 10.5@
*/
int /* O - 1 on success, 0 on failure */
/*
* 'cupsAdminSetServerSettings()' - Set settings on the server.
*
- * @since CUPS 1.3/OS X 10.5@
+ * @since CUPS 1.3/macOS 10.5@
*/
int /* O - 1 on success, 0 on failure */
in_cancel_job, /* In a cancel-job section? */
in_admin_location, /* In the /admin location? */
in_conf_location, /* In the /admin/conf location? */
+ in_log_location, /* In the /admin/log location? */
in_root_location; /* In the / location? */
const char *val; /* Setting value */
int share_printers, /* Share local printers */
wrote_loglevel, /* Wrote the LogLevel line? */
wrote_admin_location, /* Wrote the /admin location? */
wrote_conf_location, /* Wrote the /admin/conf location? */
+ wrote_log_location, /* Wrote the /admin/log location? */
wrote_root_location; /* Wrote the / location? */
int indent; /* Indentation */
int cupsd_num_settings; /* New number of settings */
int old_share_printers, /* Share local printers */
old_remote_admin, /* Remote administration allowed? */
+ old_remote_any, /* Remote access from anywhere? */
old_user_cancel_any, /* Cancel-job policy set? */
old_debug_logging; /* LogLevel debug set? */
cups_option_t *cupsd_settings, /* New settings */
if ((val = cupsGetOption(CUPS_SERVER_REMOTE_ANY, cupsd_num_settings,
cupsd_settings)) != NULL)
- remote_any = atoi(val);
+ old_remote_any = atoi(val);
else
- remote_any = 0;
+ old_remote_any = 0;
DEBUG_printf(("1cupsAdminSetServerSettings: old remote_any=%d",
- remote_any));
+ old_remote_any));
if ((val = cupsGetOption(CUPS_SERVER_SHARE_PRINTERS, cupsd_num_settings,
cupsd_settings)) != NULL)
DEBUG_printf(("1cupsAdminSetServerSettings: debug_logging=%d",
debug_logging));
- if ((val = cupsGetOption(CUPS_SERVER_REMOTE_ANY, num_settings,
- settings)) != NULL)
+ if ((val = cupsGetOption(CUPS_SERVER_REMOTE_ANY, num_settings, settings)) != NULL)
+ {
remote_any = atoi(val);
- DEBUG_printf(("1cupsAdminSetServerSettings: remote_any=%d",
- remote_any));
+ if (remote_any == old_remote_any)
+ {
+ /*
+ * No change to this setting...
+ */
+
+ remote_any = -1;
+ }
+ }
+ else
+ remote_any = -1;
+
+ DEBUG_printf(("1cupsAdminSetServerSettings: remote_any=%d", remote_any));
if ((val = cupsGetOption(CUPS_SERVER_REMOTE_ADMIN, num_settings,
settings)) != NULL)
in_conf_location = 0;
in_default_policy = 0;
in_location = 0;
+ in_log_location = 0;
in_policy = 0;
in_root_location = 0;
linenum = 0;
wrote_admin_location = 0;
wrote_browsing = 0;
wrote_conf_location = 0;
+ wrote_log_location = 0;
wrote_loglevel = 0;
wrote_policy = 0;
wrote_port_listen = 0;
while (cupsFileGetConf(cupsd, line, sizeof(line), &value, &linenum))
{
if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")) &&
- (remote_admin >= 0 || remote_any > 0 || share_printers >= 0))
+ (remote_admin >= 0 || remote_any >= 0 || share_printers >= 0))
{
if (!wrote_port_listen)
{
indent += 2;
if (!strcmp(value, "/admin"))
in_admin_location = 1;
- if (!strcmp(value, "/admin/conf"))
+ else if (!strcmp(value, "/admin/conf"))
in_conf_location = 1;
+ else if (!strcmp(value, "/admin/log"))
+ in_log_location = 1;
else if (!strcmp(value, "/"))
in_root_location = 1;
cupsFilePrintf(temp, " Allow %s\n",
remote_any > 0 ? "all" : "@LOCAL");
}
+ else if (in_log_location && remote_admin >= 0)
+ {
+ wrote_log_location = 1;
+
+ if (remote_admin)
+ cupsFilePuts(temp, " # Allow remote access to the log "
+ "files...\n");
+ else
+ cupsFilePuts(temp, " # Restrict access to the log "
+ "files...\n");
+
+ cupsFilePuts(temp, " Order allow,deny\n");
+
+ if (remote_admin)
+ cupsFilePrintf(temp, " Allow %s\n",
+ remote_any > 0 ? "all" : "@LOCAL");
+ }
else if (in_root_location &&
- (remote_admin >= 0 || remote_any > 0 || share_printers >= 0))
+ (remote_admin >= 0 || remote_any >= 0 || share_printers >= 0))
{
wrote_root_location = 1;
in_admin_location = 0;
in_conf_location = 0;
+ in_log_location = 0;
in_root_location = 0;
cupsFilePuts(temp, "</Location>\n");
in_cancel_job = 0;
}
else if ((((in_admin_location || in_conf_location || in_root_location) &&
- (remote_admin >= 0 || remote_any > 0)) ||
+ (remote_admin >= 0 || remote_any >= 0)) ||
(in_root_location && share_printers >= 0)) &&
(!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny") ||
!_cups_strcasecmp(line, "Order")))
}
if (!wrote_port_listen &&
- (remote_admin >= 0 || remote_any > 0 || share_printers >= 0))
+ (remote_admin >= 0 || remote_any >= 0 || share_printers >= 0))
{
if (remote_admin > 0 || remote_any > 0 || share_printers > 0)
{
}
if (!wrote_root_location &&
- (remote_admin >= 0 || remote_any > 0 || share_printers >= 0))
+ (remote_admin >= 0 || remote_any >= 0 || share_printers >= 0))
{
if (remote_admin > 0 && share_printers > 0)
cupsFilePuts(temp,
cupsFilePuts(temp, "</Location>\n");
}
+ if (!wrote_log_location && remote_admin >= 0)
+ {
+ if (remote_admin)
+ cupsFilePuts(temp,
+ "# Allow remote access to the log files...\n");
+ else
+ cupsFilePuts(temp, "# Restrict access to the log files...\n");
+
+ cupsFilePuts(temp, "<Location /admin/log>\n"
+ " AuthType Default\n"
+ " Require user @SYSTEM\n"
+ " Order allow,deny\n");
+
+ if (remote_admin)
+ cupsFilePrintf(temp, " Allow %s\n", remote_any > 0 ? "all" : "@LOCAL");
+
+ cupsFilePuts(temp, "</Location>\n");
+ }
+
if (!wrote_policy && user_cancel_any >= 0)
{
cupsFilePuts(temp, "<Policy default>\n"
old_remote_admin ? "1" : "0",
cupsd_num_settings, &cupsd_settings);
- cupsd_num_settings = cupsAddOption(CUPS_SERVER_REMOTE_ANY,
- remote_any ? "1" : "0",
- cupsd_num_settings, &cupsd_settings);
+ if (remote_any >= 0)
+ cupsd_num_settings = cupsAddOption(CUPS_SERVER_REMOTE_ANY,
+ remote_any ? "1" : "0",
+ cupsd_num_settings, &cupsd_settings);
+ else
+ cupsd_num_settings = cupsAddOption(CUPS_SERVER_REMOTE_ANY,
+ old_remote_any ? "1" : "0",
+ cupsd_num_settings, &cupsd_settings);
if (share_printers >= 0)
cupsd_num_settings = cupsAddOption(CUPS_SERVER_SHARE_PRINTERS,
_cups_globals_t *cg, /* I - Global data */
time_t last_update, /* I - Last update time for file */
char *name, /* I - Filename buffer */
- int namesize, /* I - Size of filename buffer */
+ size_t namesize, /* I - Size of filename buffer */
int *remote) /* O - Remote file? */
{
int fd; /* Temporary file descriptor */
* Read cupsd.conf via a HTTP GET request...
*/
- if ((fd = cupsTempFd(name, namesize)) < 0)
+ if ((fd = cupsTempFd(name, (int)namesize)) < 0)
{
*name = '\0';
cupsFilePrintf(dstfp, "*JCLCloseUI: *%s\n\n", name);
}
-
-
-/*
- * End of "$Id$".
- */