* Copyright 2007-2017 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * missing or damaged, see the license at "http://www.cups.org/".
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
*/
/*
{ "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
{ "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
{ "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
+#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
+ { "DNSSDHostName", &DNSSDHostName, CUPSD_VARTYPE_STRING },
+#endif /* HAVE_DNSSD || HAVE_AVAHI */
{ "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
{ "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
{ "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
static int parse_aaa(cupsd_location_t *loc, char *line,
char *value, int linenum);
static int parse_fatal_errors(const char *s);
-static int parse_groups(const char *s);
+static int parse_groups(const char *s, int linenum);
static int parse_protocols(const char *s);
static int parse_variable(const char *filename, int linenum,
const char *line, const char *value,
cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
# endif /* HAVE_GNUTLS */
- _httpTLSSetOptions(0);
+ _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX);
#endif /* HAVE_SSL */
language = cupsLangDefault();
#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
cupsdSetString(&DNSSDSubTypes, "_cups,_print");
+ cupsdClearString(&DNSSDHostName);
#endif /* HAVE_DNSSD || HAVE_AVAHI */
cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
if (!ServerAlias)
ServerAlias = cupsArrayNew(NULL, NULL);
+ cupsdAddAlias(ServerAlias, ServerName);
cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
}
else
if (NumSystemGroups == 0)
{
- if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
+ if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS, 0))
{
/*
* Find the group associated with GID 0...
*/
static int /* O - 1 on success, 0 on failure */
-parse_groups(const char *s) /* I - Space-delimited groups */
+parse_groups(const char *s, /* I - Space-delimited groups */
+ int linenum) /* I - Line number in cups-files.conf */
{
int status; /* Return status */
char value[1024], /* Value string */
NumSystemGroups ++;
}
else
+ {
+ if (linenum)
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown SystemGroup \"%s\" on line %d of %s.", valstart, linenum, CupsFilesFile);
+ else
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown default SystemGroup \"%s\".", valstart);
+
status = 0;
+ }
endgrent();
else if (!_cups_strcasecmp(line, "SSLOptions"))
{
/*
- * SSLOptions [AllowRC4] [AllowSSL3] [None]
+ * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyCBC] [DenyTLS1.0] [None]
*/
- int options = 0; /* SSL/TLS options */
+ int options = _HTTP_TLS_NONE,/* SSL/TLS options */
+ min_version = _HTTP_TLS_1_0,
+ max_version = _HTTP_TLS_MAX;
if (value)
{
* Compare...
*/
- if (!_cups_strcasecmp(start, "AllowRC4"))
+ if (!_cups_strcasecmp(start, "AllowRC4"))
options |= _HTTP_TLS_ALLOW_RC4;
- else if (!_cups_strcasecmp(start, "AllowSSL3"))
- options |= _HTTP_TLS_ALLOW_SSL3;
- else if (!_cups_strcasecmp(start, "None"))
- options = 0;
+ else if (!_cups_strcasecmp(start, "AllowSSL3"))
+ min_version = _HTTP_TLS_SSL3;
+ else if (!_cups_strcasecmp(start, "AllowDH"))
+ options |= _HTTP_TLS_ALLOW_DH;
+ else if (!_cups_strcasecmp(start, "DenyCBC"))
+ options |= _HTTP_TLS_DENY_CBC;
+ else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
+ min_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
+ max_version = _HTTP_TLS_1_0;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
+ max_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
+ max_version = _HTTP_TLS_1_2;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
+ max_version = _HTTP_TLS_1_3;
+ else if (!_cups_strcasecmp(start, "MinTLS1.0"))
+ min_version = _HTTP_TLS_1_0;
+ else if (!_cups_strcasecmp(start, "MinTLS1.1"))
+ min_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MinTLS1.2"))
+ min_version = _HTTP_TLS_1_2;
+ else if (!_cups_strcasecmp(start, "MinTLS1.3"))
+ min_version = _HTTP_TLS_1_3;
+ else if (!_cups_strcasecmp(start, "None"))
+ options = _HTTP_TLS_NONE;
else if (_cups_strcasecmp(start, "NoEmptyFragments"))
cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
}
}
- _httpTLSSetOptions(options);
+ _httpTLSSetOptions(options, min_version, max_version);
}
#endif /* HAVE_SSL */
else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
plat.sysname, plat.release, plat.machine);
else if (!_cups_strcasecmp(value, "None"))
- cupsdClearString(&ServerHeader);
+ cupsdSetString(&ServerHeader, "");
else
cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.",
value, linenum, ConfigurationFile);
* SystemGroup (admin) group(s)...
*/
- if (!parse_groups(value))
+ if (!parse_groups(value, linenum))
{
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unknown SystemGroup \"%s\" on line %d of %s.", value,
- linenum, CupsFilesFile);
if (FatalErrors & CUPSD_FATAL_CONFIG)
return (0);
}