X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=scheduler%2Fauth.c;h=171dccb052290c757dc4b159be69b3f197865280;hb=4a78452e736a2fc3b0dcf7f5c45232b2db203167;hp=fa8ddc44c545228d193fd2cf7ce567d92bcf5094;hpb=d2ff46225c2e8f62e3cf8580c81c9c2e3c45ce12;p=thirdparty%2Fcups.git diff --git a/scheduler/auth.c b/scheduler/auth.c index fa8ddc44c..171dccb05 100644 --- a/scheduler/auth.c +++ b/scheduler/auth.c @@ -3,7 +3,7 @@ * * Authorization routines for the CUPS scheduler. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2015 by Apple Inc. * Copyright 1997-2007 by Easy Software Products, all rights reserved. * * This file contains Kerberos support code, copyright 2006 by @@ -111,12 +111,7 @@ cupsdAddIPMask( cupsd_authmask_t temp; /* New host/domain mask */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdAddIPMask(masks=%p(%p), address=%x:%x:%x:%x, " - "netmask=%x:%x:%x:%x)", - masks, *masks, - address[0], address[1], address[2], address[3], - netmask[0], netmask[1], netmask[2], netmask[3]); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddIPMask(masks=%p(%p), address=%x:%x:%x:%x, netmask=%x:%x:%x:%x)", masks, *masks, address[0], address[1], address[2], address[3], netmask[0], netmask[1], netmask[2], netmask[3]); temp.type = CUPSD_AUTH_IP; memcpy(temp.mask.ip.address, address, sizeof(temp.mask.ip.address)); @@ -156,8 +151,7 @@ cupsdAddLocation(cupsd_location_t *loc) /* I - Location to add */ { cupsArrayAdd(Locations, loc); - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddLocation: Added location \"%s\"", - loc->location ? loc->location : "(null)"); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddLocation: Added location \"%s\"", loc->location ? loc->location : "(null)"); } } @@ -170,8 +164,7 @@ void cupsdAddName(cupsd_location_t *loc, /* I - Location to add to */ char *name) /* I - Name to add */ { - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddName(loc=%p, name=\"%s\")", - loc, name); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddName(loc=%p, name=\"%s\")", loc, name); if (!loc->names) loc->names = cupsArrayNew3(NULL, NULL, NULL, 0, @@ -201,9 +194,7 @@ cupsdAddNameMask(cups_array_t **masks, /* IO - Masks array (created as needed) * *ifptr; /* Pointer to end of name */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdAddNameMask(masks=%p(%p), name=\"%s\")", - masks, *masks, name); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddNameMask(masks=%p(%p), name=\"%s\")", masks, *masks, name); if (!_cups_strcasecmp(name, "@LOCAL")) { @@ -290,10 +281,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ con->best = cupsdFindBest(con->uri, httpGetState(con->http)); con->type = CUPSD_AUTH_NONE; - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "[Client %d] con->uri=\"%s\", con->best=%p(%s)", - con->number, con->uri, con->best, - con->best ? con->best->location : ""); + cupsdLogClient(con, CUPSD_LOG_DEBUG2, "con->uri=\"%s\", con->best=%p(%s)", con->uri, con->best, con->best ? con->best->location : ""); if (con->best && con->best->type != CUPSD_AUTH_NONE) { @@ -311,9 +299,6 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ authorization = httpGetField(con->http, HTTP_FIELD_AUTHORIZATION); - cupsdLogMessage(CUPSD_LOG_DEBUG2, "[Client %d] Authorization=\"%s\"", - con->number, authorization); - username[0] = '\0'; password[0] = '\0'; @@ -335,9 +320,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ * No authorization data provided, return early... */ - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] No authentication data provided.", - con->number); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "No authentication data provided."); return; } #ifdef HAVE_AUTHORIZATION_H @@ -363,18 +346,13 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (authlen != kAuthorizationExternalFormLength) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] External Authorization reference size is " - "incorrect.", con->number); + cupsdLogClient(con, CUPSD_LOG_ERROR, "External Authorization reference size is incorrect."); return; } if ((status = AuthorizationCreateFromExternalForm((AuthorizationExternalForm *)authdata, &con->authref)) != 0) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] AuthorizationCreateFromExternalForm " - "returned %d (%s)", con->number, (int)status, - cssmErrorString(status)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "AuthorizationCreateFromExternalForm returned %d (%s)", (int)status, cssmErrorString(status)); return; } @@ -388,9 +366,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ { strlcpy(username, authinfo->items[0].value, sizeof(username)); - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] Authorized as \"%s\" using AuthRef", - con->number, username); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Authorized as \"%s\" using AuthRef.", username); } AuthorizationFreeItemSet(authinfo); @@ -410,26 +386,19 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (getsockopt(httpGetFd(con->http), 0, LOCAL_PEERCRED, &peercred, &peersize)) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Unable to get peer credentials - %s", - con->number, strerror(errno)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to get peer credentials - %s", strerror(errno)); return; } if ((pwd = getpwuid(CUPSD_UCRED_UID(peercred))) == NULL) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Unable to find UID %d for peer " - "credentials.", con->number, - (int)CUPSD_UCRED_UID(peercred)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to find UID %d for peer credentials.", (int)CUPSD_UCRED_UID(peercred)); return; } strlcpy(username, pwd->pw_name, sizeof(username)); - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] Authorized as \"%s\" using " - "AuthRef + PeerCred", con->number, username); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Authorized as \"%s\" using AuthRef + PeerCred.", username); } con->type = CUPSD_AUTH_BASIC; @@ -474,18 +443,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (no_peer) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] PeerCred authentication not allowed for " - "resource per AUTHKEY policy.", con->number); + cupsdLogClient(con, CUPSD_LOG_ERROR, "PeerCred authentication not allowed for resource per AUTHKEY policy."); return; } #endif /* HAVE_AUTHORIZATION_H */ if ((pwd = getpwnam(authorization + 9)) == NULL) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] User \"%s\" does not exist.", con->number, - authorization + 9); + cupsdLogClient(con, CUPSD_LOG_ERROR, "User \"%s\" does not exist.", authorization + 9); return; } @@ -497,27 +462,18 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (getsockopt(httpGetFd(con->http), SOL_SOCKET, SO_PEERCRED, &peercred, &peersize)) # endif /* __APPLE__ */ { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Unable to get peer credentials - %s", - con->number, strerror(errno)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to get peer credentials - %s", strerror(errno)); return; } if (pwd->pw_uid != CUPSD_UCRED_UID(peercred)) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Invalid peer credentials for \"%s\" - got " - "%d, expected %d!", con->number, authorization + 9, - CUPSD_UCRED_UID(peercred), pwd->pw_uid); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Invalid peer credentials for \"%s\" - got %d, expected %d.", authorization + 9, CUPSD_UCRED_UID(peercred), pwd->pw_uid); # ifdef HAVE_SYS_UCRED_H - cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] cr_version=%d", - con->number, peercred.cr_version); - cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] cr_uid=%d", - con->number, peercred.cr_uid); - cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] cr_ngroups=%d", - con->number, peercred.cr_ngroups); - cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] cr_groups[0]=%d", - con->number, peercred.cr_groups[0]); + cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cr_version=%d", peercred.cr_version); + cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cr_uid=%d", peercred.cr_uid); + cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cr_ngroups=%d", peercred.cr_ngroups); + cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cr_groups[0]=%d", peercred.cr_groups[0]); # endif /* HAVE_SYS_UCRED_H */ return; } @@ -528,9 +484,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ con->gss_uid = CUPSD_UCRED_UID(peercred); # endif /* HAVE_GSSAPI */ - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] Authorized as %s using PeerCred", con->number, - username); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Authorized as %s using PeerCred.", username); con->type = CUPSD_AUTH_BASIC; } @@ -548,18 +502,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if ((localuser = cupsdFindCert(authorization)) == NULL) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Local authentication certificate not found.", - con->number); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Local authentication certificate not found."); return; } strlcpy(username, localuser->username, sizeof(username)); con->type = localuser->type; - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] Authorized as %s using Local", con->number, - username); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Authorized as %s using Local.", username); } else if (!strncmp(authorization, "Basic", 5)) { @@ -583,8 +533,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if ((ptr = strchr(username, ':')) == NULL) { - cupsdLogMessage(CUPSD_LOG_ERROR, "[Client %d] Missing Basic password.", - con->number); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Missing Basic password."); return; } @@ -596,8 +545,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ * Username must not be empty... */ - cupsdLogMessage(CUPSD_LOG_ERROR, "[Client %d] Empty Basic username.", - con->number); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Empty Basic username."); return; } @@ -607,8 +555,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ * Password must not be empty... */ - cupsdLogMessage(CUPSD_LOG_ERROR, "[Client %d] Empty Basic password.", - con->number); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Empty Basic password."); return; } @@ -650,9 +597,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ pamerr = pam_start("cups", username, &pamdata, &pamh); if (pamerr != PAM_SUCCESS) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] pam_start() returned %d (%s)", - con->number, pamerr, pam_strerror(pamh, pamerr)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "pam_start() returned %d (%s)", pamerr, pam_strerror(pamh, pamerr)); return; } @@ -660,28 +605,20 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ # ifdef PAM_RHOST pamerr = pam_set_item(pamh, PAM_RHOST, con->http->hostname); if (pamerr != PAM_SUCCESS) - cupsdLogMessage(CUPSD_LOG_WARN, - "[Client %d] pam_set_item(PAM_RHOST) " - "returned %d (%s)", con->number, pamerr, - pam_strerror(pamh, pamerr)); + cupsdLogClient(con, CUPSD_LOG_WARN, "pam_set_item(PAM_RHOST) returned %d (%s)", pamerr, pam_strerror(pamh, pamerr)); # endif /* PAM_RHOST */ # ifdef PAM_TTY pamerr = pam_set_item(pamh, PAM_TTY, "cups"); if (pamerr != PAM_SUCCESS) - cupsdLogMessage(CUPSD_LOG_WARN, - "[Client %d] pam_set_item(PAM_TTY) " - "returned %d (%s)!", con->number, pamerr, - pam_strerror(pamh, pamerr)); + cupsdLogClient(con, CUPSD_LOG_WARN, "pam_set_item(PAM_TTY) returned %d (%s)", pamerr, pam_strerror(pamh, pamerr)); # endif /* PAM_TTY */ # endif /* HAVE_PAM_SET_ITEM */ pamerr = pam_authenticate(pamh, PAM_SILENT); if (pamerr != PAM_SUCCESS) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] pam_authenticate() returned %d (%s)", - con->number, pamerr, pam_strerror(pamh, pamerr)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "pam_authenticate() returned %d (%s)", pamerr, pam_strerror(pamh, pamerr)); pam_end(pamh, 0); return; } @@ -689,18 +626,13 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ # ifdef HAVE_PAM_SETCRED pamerr = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); if (pamerr != PAM_SUCCESS) - cupsdLogMessage(CUPSD_LOG_WARN, - "[Client %d] pam_setcred() returned %d (%s)", - con->number, pamerr, - pam_strerror(pamh, pamerr)); + cupsdLogClient(con, CUPSD_LOG_WARN, "pam_setcred() returned %d (%s)", pamerr, pam_strerror(pamh, pamerr)); # endif /* HAVE_PAM_SETCRED */ pamerr = pam_acct_mgmt(pamh, PAM_SILENT); if (pamerr != PAM_SUCCESS) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] pam_acct_mgmt() returned %d (%s)", - con->number, pamerr, pam_strerror(pamh, pamerr)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "pam_acct_mgmt() returned %d (%s)", pamerr, pam_strerror(pamh, pamerr)); pam_end(pamh, 0); return; } @@ -728,9 +660,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ * No such user... */ - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Unknown username \"%s\".", - con->number, username); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Unknown username \"%s\".", username); return; } @@ -744,9 +674,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ * Don't allow blank passwords! */ - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Username \"%s\" has no shadow " - "password.", con->number, username); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Username \"%s\" has no shadow password.", username); return; } @@ -759,9 +687,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ * Don't allow blank passwords! */ - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Username \"%s\" has no password.", - con->number, username); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Username \"%s\" has no password.", username); return; } @@ -772,10 +698,6 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ pass = cups_crypt(password, pw->pw_passwd); - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "[Client %d] pw_passwd=\"%s\", crypt=\"%s\"", - con->number, pw->pw_passwd, pass); - if (!pass || strcmp(pw->pw_passwd, pass)) { # ifdef HAVE_SHADOW_H @@ -783,33 +705,23 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ { pass = cups_crypt(password, spw->sp_pwdp); - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "[Client %d] sp_pwdp=\"%s\", crypt=\"%s\"", - con->number, spw->sp_pwdp, pass); - if (pass == NULL || strcmp(spw->sp_pwdp, pass)) { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Authentication failed for user " - "\"%s\".", con->number, username); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Authentication failed for user \"%s\".", username); return; } } else # endif /* HAVE_SHADOW_H */ { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Authentication failed for user " - "\"%s\".", con->number, username); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Authentication failed for user \"%s\".", username); return; } } #endif /* HAVE_LIBPAM */ } - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] Authorized as %s using Basic", - con->number, username); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Authorized as \"%s\" using Basic.", username); break; } @@ -837,10 +749,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (&gss_init_sec_context == NULL) { - cupsdLogMessage(CUPSD_LOG_WARN, - "[Client %d] GSSAPI/Kerberos authentication failed " - "because the Kerberos framework is not present.", - con->number); + cupsdLogClient(con, CUPSD_LOG_WARN, "GSSAPI/Kerberos authentication failed because the Kerberos framework is not present."); return; } # endif /* __APPLE__ */ @@ -855,9 +764,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (!*authorization) { - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "[Client %d] No authentication data specified.", - con->number); + cupsdLogClient(con, CUPSD_LOG_DEBUG2, "No authentication data specified."); return; } @@ -894,9 +801,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (GSS_ERROR(major_status)) { - cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status, - "[Client %d] Error accepting GSSAPI security context", - con->number); + cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status, "[Client %d] Error accepting GSSAPI security context.", con->number); if (context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER); @@ -910,8 +815,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ */ if (major_status == GSS_S_CONTINUE_NEEDED) - cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status, - "[Client %d] Credentials not complete", con->number); + cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status, "[Client %d] Credentials not complete.", con->number); else if (major_status == GSS_S_COMPLETE) { major_status = gss_display_name(&minor_status, client_name, @@ -919,8 +823,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (GSS_ERROR(major_status)) { - cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status, - "[Client %d] Error getting username", con->number); + cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status, "[Client %d] Error getting username.", con->number); gss_release_name(&minor_status, &client_name); gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER); return; @@ -928,9 +831,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ strlcpy(username, output_token.value, sizeof(username)); - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] Authorized as %s using Negotiate", - con->number, username); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Authorized as \"%s\" using Negotiate.", username); gss_release_name(&minor_status, &client_name); gss_release_buffer(&minor_status, &output_token); @@ -960,15 +861,11 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ &peersize)) # endif /* __APPLE__ */ { - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Unable to get peer credentials - %s", - con->number, strerror(errno)); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to get peer credentials - %s", strerror(errno)); } else { - cupsdLogMessage(CUPSD_LOG_DEBUG, - "[Client %d] Using credentials for UID %d.", - con->number, CUPSD_UCRED_UID(peercred)); + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Using credentials for UID %d.", CUPSD_UCRED_UID(peercred)); con->gss_uid = CUPSD_UCRED_UID(peercred); } } @@ -983,9 +880,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ if (sscanf(authorization, "%255s", scheme) != 1) strlcpy(scheme, "UNKNOWN", sizeof(scheme)); - cupsdLogMessage(CUPSD_LOG_ERROR, - "[Client %d] Bad authentication data \"%s ...\"", - con->number, scheme); + cupsdLogClient(con, CUPSD_LOG_ERROR, "Bad authentication data \"%s ...\".", scheme); return; } @@ -1261,9 +1156,7 @@ cupsdCheckGroup( #endif /* HAVE_MBR_UID_TO_UUID */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdCheckGroup(username=\"%s\", user=%p, groupname=\"%s\")", - username, user, groupname); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckGroup(username=\"%s\", user=%p, groupname=\"%s\")", username, user, groupname); /* * Validate input... @@ -1492,6 +1385,12 @@ cupsdFindBest(const char *path, /* I - Resource path */ strlcpy(uri, path, sizeof(uri)); + if ((uriptr = strchr(uri, '?')) != NULL) + *uriptr = '\0'; /* Drop trailing query string */ + + if ((uriptr = uri + strlen(uri) - 1) > uri && *uriptr == '/') + *uriptr = '\0'; /* Remove trailing '/' */ + if (!strncmp(uri, "/printers/", 10) || !strncmp(uri, "/classes/", 9)) { @@ -1505,12 +1404,6 @@ cupsdFindBest(const char *path, /* I - Resource path */ *uriptr = '\0'; } - if ((uriptr = strchr(uri, '?')) != NULL) - *uriptr = '\0'; /* Drop trailing query string */ - - if ((uriptr = uri + strlen(uri) - 1) > uri && *uriptr == '/') - *uriptr = '\0'; /* Remove trailing '/' */ - /* * Loop through the list of locations to find a match... */ @@ -1519,7 +1412,7 @@ cupsdFindBest(const char *path, /* I - Resource path */ best = NULL; bestlen = 0; - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindBest: uri = \"%s\", limit=%x...", uri, limit); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindBest: uri=\"%s\", limit=%x...", uri, limit); for (loc = (cupsd_location_t *)cupsArrayFirst(Locations); @@ -1564,8 +1457,7 @@ cupsdFindBest(const char *path, /* I - Resource path */ * Return the match, if any... */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindBest: best = %s", - best ? best->location : "NONE"); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindBest: best=%s", best ? best->location : "NONE"); return (best); } @@ -1640,13 +1532,9 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ }; - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdIsAuthorized: con->uri=\"%s\", con->best=%p(%s)", - con->uri, con->best, con->best ? con->best->location ? - con->best->location : "(null)" : ""); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: con->uri=\"%s\", con->best=%p(%s)", con->uri, con->best, con->best ? con->best->location ? con->best->location : "(null)" : ""); if (owner) - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdIsAuthorized: owner=\"%s\"", owner); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: owner=\"%s\"", owner); /* * If there is no "best" authentication rule for this request, then @@ -1669,15 +1557,10 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ if ((type = best->type) == CUPSD_AUTH_DEFAULT) type = cupsdDefaultAuthType(); - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdIsAuthorized: level=CUPSD_AUTH_%s, type=%s, " - "satisfy=CUPSD_AUTH_SATISFY_%s, num_names=%d", - levels[best->level], types[type], - best->satisfy ? "ANY" : "ALL", cupsArrayCount(best->names)); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: level=CUPSD_AUTH_%s, type=%s, satisfy=CUPSD_AUTH_SATISFY_%s, num_names=%d", levels[best->level], types[type], best->satisfy ? "ANY" : "ALL", cupsArrayCount(best->names)); if (best->limit == CUPSD_AUTH_LIMIT_IPP) - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: op=%x(%s)", - best->op, ippOpString(best->op)); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: op=%x(%s)", best->op, ippOpString(best->op)); /* * Check host/ip-based accesses... @@ -1716,8 +1599,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ auth = cupsdCheckAccess(address, hostname, hostlen, best) ? CUPSD_AUTH_ALLOW : CUPSD_AUTH_DENY; - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: auth=CUPSD_AUTH_%s...", - auth ? "DENY" : "ALLOW"); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: auth=CUPSD_AUTH_%s...", auth ? "DENY" : "ALLOW"); if (auth == CUPSD_AUTH_DENY && best->satisfy == CUPSD_AUTH_SATISFY_ALL) return (HTTP_FORBIDDEN); @@ -1857,8 +1739,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ * allowed... */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdIsAuthorized: Checking user membership..."); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: Checking user membership..."); #ifdef HAVE_AUTHORIZATION_H /* @@ -1911,8 +1792,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ * Check to see if this user is in any of the named groups... */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdIsAuthorized: Checking group membership..."); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: Checking group membership..."); /* * Check to see if this user is in any of the named groups... @@ -1922,9 +1802,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ name; name = (char *)cupsArrayNext(best->names)) { - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdIsAuthorized: Checking group \"%s\" membership...", - name); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: Checking group \"%s\" membership...", name); if (!_cups_strcasecmp(name, "@SYSTEM")) { @@ -1940,8 +1818,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ * The user isn't part of the specified group, so deny access... */ - cupsdLogMessage(CUPSD_LOG_DEBUG, - "cupsdIsAuthorized: User not in group(s)!"); + cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdIsAuthorized: User not in group(s)."); return (con->username[0] ? HTTP_FORBIDDEN : HTTP_UNAUTHORIZED); } @@ -2031,9 +1908,7 @@ check_authref(cupsd_client_t *con, /* I - Connection */ return (0); } - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "AuthorizationCopyRights(\"%s\") succeeded!", - authright.name); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "AuthorizationCopyRights(\"%s\") succeeded.", authright.name); return (1); }