/*
- * "$Id$"
- *
* Configuration routines for the CUPS scheduler.
*
- * Copyright 2007-2015 by Apple Inc.
+ * Copyright 2007-2016 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* These coded instructions, statements, and computer programs are the
#ifdef HAVE_GSSAPI
{ "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
#endif /* HAVE_GSSAPI */
-#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
+#ifdef HAVE_ONDEMAND
{ "IdleExitTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
-#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
+#endif /* HAVE_ONDEMAND */
{ "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
{ "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
{ "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
{ "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
{ "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
{ "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
+#ifdef HAVE_SSL
+ { "CreateSelfSignedCerts", &CreateSelfSignedCerts, CUPSD_VARTYPE_BOOLEAN },
+#endif /* HAVE_SSL */
{ "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
{ "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
{ "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
default_auth_type = CUPSD_AUTH_BASIC;
#ifdef HAVE_SSL
+ CreateSelfSignedCerts = TRUE;
DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
#endif /* HAVE_SSL */
DirtyCleanInterval = DEFAULT_KEEPALIVE;
DefaultLeaseDuration = 86400;
MaxLeaseDuration = 0;
-#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
+#ifdef HAVE_ONDEMAND
IdleExitTimeout = 60;
-#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
+#endif /* HAVE_ONDEMAND */
/*
* Setup environment variables...
cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
- cupsSetServerCredentials(ServerKeychain, ServerName, 1);
+ if (!CreateSelfSignedCerts)
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Self-signed TLS certificate generation is disabled.");
+ cupsSetServerCredentials(ServerKeychain, ServerName, CreateSelfSignedCerts);
#endif /* HAVE_SSL */
/*
if (lis)
{
-#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
+#ifdef HAVE_ONDEMAND
if (!lis->on_demand)
-#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
+#endif /* HAVE_ONDEMAND */
{
httpAddrString(&lis->address, temp, sizeof(temp));
cupsdLogMessage(CUPSD_LOG_WARN,
* Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
* Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
* upgrades do not introduce new security issues...
+ *
+ * CUPS STR #4659: Allow a lone <Limit All> policy.
*/
- if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
- op->op == IPP_ANY_OPERATION)
+ if (cupsArrayCount(pol->ops) > 1)
{
- if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Validate-Job using the Print-Job limit as a
- * template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Validate-Job using the Print-Job limit as a
+ * template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Validate-Job defined in policy %s "
- "- using Print-Job's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s - using Print-Job's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
+ cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Validate-Job defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
- * template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
+ * template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-Jobs defined in policy %s "
- "- using Pause-Printer's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s - using Pause-Printer's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
+ cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-Jobs defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
- * a template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
+ * a template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-My-Jobs defined in policy %s "
- "- using Send-Document's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s - using Send-Document's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
+ cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-My-Jobs defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Close-Job using the Send-Document limit as a
- * template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Close-Job using the Send-Document limit as a
+ * template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Close-Job defined in policy %s "
- "- using Send-Document's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s - using Send-Document's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
+ cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Close-Job defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for CUPS-Get-Document using the Send-Document
- * limit as a template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for CUPS-Get-Document using the Send-Document
+ * limit as a template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for CUPS-Get-Document defined in policy %s "
- "- using Send-Document's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s - using Send-Document's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
+ cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for CUPS-Get-Document defined in policy %s "
- "and no suitable template found.", pol->name);
}
/*
if (!pol->job_access)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No JobPrivateAccess defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateAccess defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->job_access), "@OWNER");
cupsdAddString(&(pol->job_access), "@SYSTEM");
}
if (!pol->job_attrs)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No JobPrivateValues defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateValues defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->job_attrs), "job-name");
cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
if (!pol->sub_access)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No SubscriptionPrivateAccess defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateAccess defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->sub_access), "@OWNER");
cupsdAddString(&(pol->sub_access), "@SYSTEM");
}
if (!pol->sub_attrs)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No SubscriptionPrivateValues defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateValues defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->sub_attrs), "notify-events");
cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
cupsdAddString(&(pol->sub_attrs), "notify-user-data");
}
}
-
-
-/*
- * End of "$Id$".
- */