# endif /* !_CUPS_NO_DEPRECATED */
} http_status_t;
+typedef enum http_trust_e /**** Level of trust for credentials @since CUPS 2.0@ */
+{
+ HTTP_TRUST_OK = 0, /* Credentials are OK/trusted */
+ HTTP_TRUST_INVALID, /* Credentials are invalid */
+ HTTP_TRUST_CHANGED, /* Credentials have changed */
+ HTTP_TRUST_EXPIRED, /* Credentials are expired */
+ HTTP_TRUST_RENEWED, /* Credentials have been renewed */
+ HTTP_TRUST_UNKNOWN, /* Credentials are unknown/new */
+} http_trust_t;
+
typedef enum http_uri_status_e /**** URI separation status @since CUPS 1.2@ ****/
{
HTTP_URI_STATUS_OVERFLOW = -8, /* URI buffer for httpAssembleURI is too small */
extern int httpAddrClose(http_addr_t *addr, int fd) _CUPS_API_2_0;
extern int httpAddrFamily(http_addr_t *addr) _CUPS_API_2_0;
extern int httpCompareCredentials(cups_array_t *cred1, cups_array_t *cred2) _CUPS_API_2_0;
-extern int httpCredentialsAreTrusted(cups_array_t *credentials, const char *common_name) _CUPS_API_2_0;
+extern int httpCredentialsAreValidForName(cups_array_t *credentials, const char *common_name);
extern time_t httpCredentialsGetExpiration(cups_array_t *credentials) _CUPS_API_2_0;
-extern int httpCredentialsIsValidName(cups_array_t *credentials, const char *common_name);
+extern http_trust_t httpCredentialsGetTrust(cups_array_t *credentials, const char *common_name) _CUPS_API_2_0;
extern size_t httpCredentialsString(cups_array_t *credentials, char *buffer, size_t bufsize) _CUPS_API_2_0;
extern http_field_t httpFieldValue(const char *name) _CUPS_API_2_0;
extern time_t httpGetActivity(http_t *http) _CUPS_API_2_0;
{
cups_array_t *creds;
char info[1024];
-
+ static const char *trusts[] = { "OK", "Invalid", "Changed", "Expired", "Renewed", "Unknown" };
if (!httpCopyCredentials(http, &creds))
{
- int trusted = httpCredentialsAreTrusted(creds, hostname);
+ http_trust_t trust = httpCredentialsGetTrust(creds, hostname);
httpCredentialsString(creds, info, sizeof(info));
- printf("AreTrusted: %d\n", trusted);
+ printf("Trust: %s\n", trusts[trust]);
printf("Expiration: %s\n", httpGetDateString(httpCredentialsGetExpiration(creds)));
- printf("IsValidName: %d\n", httpCredentialsIsValidName(creds, hostname));
+ printf("IsValidName: %d\n", httpCredentialsAreValidForName(creds, hostname));
printf("String: \"%s\"\n", info);
- if (!trusted)
+ if (trust != HTTP_TRUST_OK)
{
printf("SaveCredentials: %d\n", httpSaveCredentials(NULL, creds, hostname));
- printf("New AreTrusted: %d\n", httpCredentialsAreTrusted(creds, hostname));
+ trust = httpCredentialsGetTrust(creds, hostname);
+ printf("New Trust: %s\n", trusts[trust]);
}
httpFreeCredentials(creds);
/*
- * 'httpCredentialsAreTrusted()' - Return whether the credentials are trusted.
+ * 'httpCredentialsAreValidForName()' - Return whether the credentials are valid for the given name.
*
* @since CUPS 2.0@
*/
-int /* O - 1 if trusted, 0 if not/unknown */
-httpCredentialsAreTrusted(
+int /* O - 1 if valid, 0 otherwise */
+httpCredentialsAreValidForName(
+ cups_array_t *credentials, /* I - Credentials */
+ const char *common_name) /* I - Name to check */
+{
+ SecCertificateRef secCert; /* Certificate reference */
+ CFStringRef cfcert_name = NULL;
+ /* Certificate's common name (CF string) */
+ char cert_name[256]; /* Certificate's common name (C string) */
+ int valid = 1; /* Valid name? */
+
+
+ if ((secCert = http_cdsa_create_credential((http_credential_t *)cupsArrayFirst(credentials))) == NULL)
+ return (0);
+
+ /*
+ * Compare the common names...
+ */
+
+ if ((cfcert_name = SecCertificateCopySubjectSummary(secCert)) == NULL)
+ {
+ /*
+ * Can't get common name, cannot be valid...
+ */
+
+ valid = 0;
+ }
+ else if (CFStringGetCString(cfcert_name, cert_name, sizeof(cert_name), kCFStringEncodingUTF8) &&
+ _cups_strcasecmp(common_name, cert_name))
+ {
+ /*
+ * Not an exact match for the common name, check for wildcard certs...
+ */
+
+ const char *domain = strchr(common_name, '.');
+ /* Domain in common name */
+
+ if (strncmp(cert_name, "*.", 2) || !domain || _cups_strcasecmp(domain, cert_name + 1))
+ {
+ /*
+ * Not a wildcard match.
+ */
+
+ /* TODO: Check subject alternate names */
+ valid = 0;
+ }
+ }
+
+ if (cfcert_name)
+ CFRelease(cfcert_name);
+
+ CFRelease(secCert);
+
+ return (valid);
+}
+
+
+/*
+ * 'httpCredentialsGetTrust()' - Return the trust of credentials.
+ *
+ * @since CUPS 2.0@
+ */
+
+http_trust_t /* O - Level of trust */
+httpCredentialsGetTrust(
cups_array_t *credentials, /* I - Credentials */
const char *common_name) /* I - Common name for trust lookup */
{
SecCertificateRef secCert; /* Certificate reference */
- int trusted = 1; /* Trusted? */
- int save = 0; /* Save credentials? */
+ http_trust_t trust = HTTP_TRUST_OK;
+ /* Trusted? */
cups_array_t *tcreds = NULL; /* Trusted credentials */
_cups_globals_t *cg = _cupsGlobals();
/* Per-thread globals */
if (!common_name)
- return (0);
+ return (HTTP_TRUST_UNKNOWN);
if ((secCert = http_cdsa_create_credential((http_credential_t *)cupsArrayFirst(credentials))) == NULL)
- return (0);
+ return (HTTP_TRUST_UNKNOWN);
/*
* Look this common name up in the default keychains...
*/
if (httpCredentialsGetExpiration(credentials) <= httpCredentialsGetExpiration(tcreds) ||
- !httpCredentialsIsValidName(credentials, common_name))
+ !httpCredentialsAreValidForName(credentials, common_name))
{
/*
* Either the new credentials are not newly issued, or the common name
* does not match the issued certificate...
*/
- trusted = 0;
+ trust = HTTP_TRUST_INVALID;
}
- else
+ else if (httpCredentialsGetExpiration(tcreds) < time(NULL))
{
/*
- * Flag that we should save the new credentials...
+ * Save the renewed credentials...
*/
- save = 1;
+ trust = HTTP_TRUST_RENEWED;
+
+ httpSaveCredentials(NULL, credentials, common_name);
}
}
httpFreeCredentials(tcreds);
}
- else if (!httpCredentialsIsValidName(credentials, common_name))
- trusted = 0;
- else
- save = 1;
+ else if (!httpCredentialsAreValidForName(credentials, common_name))
+ trust = HTTP_TRUST_INVALID;
if (!cg->expired_certs && !SecCertificateIsValid(secCert, CFAbsoluteTimeGetCurrent()))
- trusted = 0;
+ trust = HTTP_TRUST_EXPIRED;
else if (!cg->any_root && cupsArrayCount(credentials) == 1)
- trusted = 0;
-
- if (trusted && save)
- httpSaveCredentials(NULL, credentials, common_name);
+ trust = HTTP_TRUST_INVALID;
CFRelease(secCert);
- return (trusted);
+ return (trust);
}
}
-/*
- * 'httpCredentialsIsValidName()' - Return whether the credentials are valid for the given name.
- *
- * @since CUPS 2.0@
- */
-
-int /* O - 1 if valid, 0 otherwise */
-httpCredentialsIsValidName(
- cups_array_t *credentials, /* I - Credentials */
- const char *common_name) /* I - Name to check */
-{
- SecCertificateRef secCert; /* Certificate reference */
- CFStringRef cfcert_name = NULL;
- /* Certificate's common name (CF string) */
- char cert_name[256]; /* Certificate's common name (C string) */
- int valid = 1; /* Valid name? */
-
-
- if ((secCert = http_cdsa_create_credential((http_credential_t *)cupsArrayFirst(credentials))) == NULL)
- return (0);
-
- /*
- * Compare the common names...
- */
-
- if ((cfcert_name = SecCertificateCopySubjectSummary(secCert)) == NULL)
- {
- /*
- * Can't get common name, cannot be valid...
- */
-
- valid = 0;
- }
- else if (CFStringGetCString(cfcert_name, cert_name, sizeof(cert_name), kCFStringEncodingUTF8) &&
- _cups_strcasecmp(common_name, cert_name))
- {
- /*
- * Not an exact match for the common name, check for wildcard certs...
- */
-
- const char *domain = strchr(common_name, '.');
- /* Domain in common name */
-
- if (strncmp(cert_name, "*.", 2) || !domain || _cups_strcasecmp(domain, cert_name + 1))
- {
- /*
- * Not a wildcard match.
- */
-
- /* TODO: Check subject alternate names */
- valid = 0;
- }
- }
-
- if (cfcert_name)
- CFRelease(cfcert_name);
-
- CFRelease(secCert);
-
- return (valid);
-}
-
-
/*
* 'httpCredentialsString()' - Return a string representing the credentials.
*
(void)path;
(void)credentials;
(void)common_name;
+ (void)alt_name;
return (-1);
#endif /* HAVE_SECKEYCHAINOPEN */
SecKeychainRef keychain = NULL;/* Keychain reference */
SecIdentitySearchRef search = NULL; /* Search reference */
SecCertificateRef cert = NULL; /* Certificate */
- CFStringRef cfcommon_name = NULL;
- /* Server name */
CFMutableDictionaryRef attrs = NULL; /* Attributes for add */
CFArrayRef list = NULL; /* Keychain list */
if (!credentials)
goto cleanup;
+ if (!httpCredentialsAreValidForName(credentials, common_name))
+ {
+ DEBUG_puts("1httpSaveCredentials: Common name does not match.");
+ return (-1);
+ }
+
if ((cert = http_cdsa_create_credential((http_credential_t *)cupsArrayFirst(credentials))) == NULL)
{
DEBUG_puts("1httpSaveCredentials: Unable to create certificate.");
goto cleanup;
}
- if ((cfcommon_name = CFStringCreateWithCString(kCFAllocatorDefault, common_name, kCFStringEncodingUTF8)) == NULL)
- {
- DEBUG_puts("1httpSaveCredentials: Unable to create common name string.");
- goto cleanup;
- }
-
if ((attrs = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)) == NULL)
{
DEBUG_puts("1httpSaveCredentials: Unable to create dictionary.");
}
CFDictionaryAddValue(attrs, kSecClass, kSecClassCertificate);
- CFDictionaryAddValue(attrs, kSecAttrLabel, cfcommon_name);
- CFDictionaryAddValue(attrs, kSecAttrSubject, cfcommon_name);
CFDictionaryAddValue(attrs, kSecValueRef, cert);
CFDictionaryAddValue(attrs, kSecMatchSearchList, list);
/* Note: SecItemAdd consumes "attrs"... */
- if ((err = SecItemAdd(attrs, NULL)) == noErr)
- ret = 0;
-
+ err = SecItemAdd(attrs, NULL);
DEBUG_printf(("1httpSaveCredentials: SecItemAdd returned %d.", (int)err));
cleanup :
- if (cfcommon_name)
- CFRelease(cfcommon_name);
if (list)
CFRelease(list);
if (keychain)
<body>
<h1 class="title">client.conf(5)</h1>
<h2 class="title"><a name="NAME">Name</a></h2>
-client.conf - client configuration file for cups (deprecated)
+client.conf - client configuration file for cups
<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
-The <b>client.conf</b> file configures the CUPS client and is normally located in the <i>/etc/cups</i> and/or <i>~/.cups</i> directories.
-Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
-<p><b>Note:</b> Starting with OS X 10.7, this file is only used by command-line and X11 applications.
-The <b>ServerName</b> directive is not supported on OS X at all.
-<h3><a name="DIRECTIVES">Directives</a></h3>
-The following directives are understood by the client. Consult the online help for detailed descriptions:
+The <i>client.conf</i> file configures the CUPS client and is
+normally located in the <i>/etc/cups</i> or <i>~/.cups</i>
+directory. Each line in the file can be a configuration
+directive, a blank line, or a comment. Comment lines start with
+the # character.
+<h2 class="title"><a name="DIRECTIVES">Directives</a></h2>
+The following directives are understood by the client. Consult the
+on-line help for detailed descriptions:
<dl class="man">
-<dt><b>AllowAnyRoot Y</b>
-<dd style="margin-left: 5.0em"><dt><b>AllowAnyRoot N</b>
-<dd style="margin-left: 5.0em">Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
-The default is "Y".
-<dt><b>AllowExpiredCerts Y</b>
-<dd style="margin-left: 5.0em"><dt><b>AllowExpiredCerts N</b>
-<dd style="margin-left: 5.0em">Specifies whether to allow TLS with expired certificates.
-The default is "Y".
-<dt><b>Encryption IfRequested</b>
-<dd style="margin-left: 5.0em"><dt><b>Encryption Never</b>
-<dd style="margin-left: 5.0em"><dt><b>Encryption Required</b>
-<dd style="margin-left: 5.0em">Specifies the level of encryption that should be used.
-<dt><b>GSSServiceName </b><i>name</i>
-<dd style="margin-left: 5.0em">Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp".
-CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http".
-<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]
-<dd style="margin-left: 5.0em"><dt><b>ServerName </b><i>/domain/socket</i>
-<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to the server.
-<b>Note: This directive it not supported on OS X 10.7 or later.</b>
-<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
-<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-<dt><b>User </b><i>name</i>
-<dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
+<dt>Encryption IfRequested
+<dd style="margin-left: 5.0em"><dt>Encryption Never
+<dd style="margin-left: 5.0em"><dt>Encryption Required
+<dd style="margin-left: 5.0em"><br>
+Specifies the level of encryption that is required for a particular
+location.
+<dt>GSSServiceName name
+<dd style="margin-left: 5.0em">Specifies the Kerberos service name that is used for authentication, typically
+"host", "http", or "ipp". CUPS adds the remote hostname
+("name@server.example.com") for you. The default name is
+"http".
+<dt>ServerName hostname-or-ip-address[:port]
+<dd style="margin-left: 5.0em"><dt>ServerName /domain/socket
+<dd style="margin-left: 5.0em"><br>
+Specifies the address and optionally the port to use when connecting to the
+server. <b>Note: Not supported on OS X 10.7 or later.</b>
+<dt>ServerName hostname-or-ip-address[:port]/version=1.1
+<dd style="margin-left: 5.0em"><br>
+Specifies the address and optionally the port to use when connecting to a
+server running CUPS 1.3.12 and earlier. <b>Note: Not supported on OS X 10.7 or
+later.</b>
+<dt>User name
+<dd style="margin-left: 5.0em"><br>
+Specifies the default user name to use for requests.
</dl>
-<h2 class="title"><a name="NOTES">Notes</a></h2>
-The <b>client.conf</b> file is deprecated and will no longer be supported in a future version of CUPS.
<h2 class="title"><a name="SEE_ALSO">See Also</a></h2>
-<a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
-CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
+<a href="http://localhost:631/help">http://localhost:631/help</a>
<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
-Copyright © 2007-2014 by Apple Inc.
+Copyright 2007-2013 by Apple Inc.
</body>
</html>
<h2 class="title"><a name="NAME">Name</a></h2>
cups-files.conf - file and directory configuration file for cups
<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
-The <b>cups-files.conf</b> file configures the files and directories used by the CUPS scheduler,
-<a href="man-cupsd.html?TOPIC=Man+Pages"><b>cupsd</b>(8).</a>
-It is normally located in the <i>/etc/cups</i> directory.
-<p>Each line in the file can be a configuration directive, a blank line, or a comment.
-Comment lines start with the # character.
-<h3><a name="DIRECTIVES">Directives</a></h3>
-The following directives are understood by
-<a href="man-cupsd.html?TOPIC=Man+Pages"><b>cupsd</b>(8):</a>
+The <i>cups-files.conf</i> file configures the files and directories used by the
+CUPS scheduler, <i>cupsd(8)</i>. It is normally located in the
+<i>/etc/cups</i> directory.
+<p>Each line in the file can be a configuration directive, a blank line,
+or a comment. Comment lines start with the # character.
+<h2 class="title"><a name="DIRECTIVES">Directives</a></h2>
+The following directives are understood by <i>cupsd(8)</i>. Consult the
+on-line help for detailed descriptions:
<dl class="man">
-<dt><b>AccessLog </b><i>filename</i>
-<dd style="margin-left: 5.0em"><dt><b>AccessLog </b>[ <i>filename</i> ]
-<dd style="margin-left: 5.0em"><dt><b>AccessLog syslog</b>
-<dd style="margin-left: 5.0em">Defines the access log filename.
-The value "syslog" causes log entries to be sent to the system log daemon.
-Specifying a blank filename disables access log generation.
-The server name may be included in filenames using the string "%s", for example:
-<pre class="man">
-
- AccessLog /var/log/cups/%s-access_log
-
-</pre>
-<dt><b>ConfigFilePerm </b><i>mode</i>
-<dd style="margin-left: 5.0em">Specifies the permissions for all configuration files that the scheduler writes.
-The default is 0644 on OS X and 0640 on all other operating systems.
-<b>Note:</b> The permissions for the printers.conf file are currently masked to only allow access from the scheduler user (typically root).
-This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system.
-There is no way to disable this security feature.
-<dt><b>DataDir </b><i>path</i>
-<dd style="margin-left: 5.0em">Specifies the directory where data files can be found. The default is usually <i>/usr/share/cups</i>.
-<dt><b>DocumentRoot </b><i>directory</i>
-<dd style="margin-left: 5.0em">Specifies the root directory for the CUPS web interface content. The default is usually <i>/usr/share/doc/cups</i>.
-<dt><b>ErrorLog </b>[ <i>filename</i> ]
-<dd style="margin-left: 5.0em"><dt><b>ErrorLog syslog</b>
-<dd style="margin-left: 5.0em">Defines the error log filename.
-The value "syslog" causes log entries to be sent to the system log daemon.
-Specifying a blank filename disables error log generation.
-The server name may be included in filenames using the string "%s", for example:
-<pre class="man">
-
- ErrorLog /var/log/cups/%s-error_log
-
-</pre>
-<dt><b>FatalErrors none</b>
-<dd style="margin-left: 5.0em"><dt><b>FatalErrors all </b><i>-kind </i>[ <i>... -kind </i>]
-<dd style="margin-left: 5.0em"><dt><b>FatalErrors </b><i>kind </i>[ <i>... kind </i>]
-<dd style="margin-left: 5.0em">Specifies which errors are fatal, causing the scheduler to exit.
-The default setting is "config".
-The <i>kind</i> strings are:
-<div style="margin-left: 0.0em;">
-<dl class="man">
-<dt><b>none</b>
-<dd style="margin-left: 5.0em">No errors are fatal.
-<dt><b>all</b>
-<dd style="margin-left: 5.0em">All of the errors below are fatal.
-<dt><b>browse</b>
-<dd style="margin-left: 5.0em">Browsing initialization errors are fatal, for example failed connections to the DNS-SD daemon.
-<dt><b>config</b>
-<dd style="margin-left: 5.0em">Configuration file syntax errors are fatal.
-<dt><b>listen</b>
-<dd style="margin-left: 5.0em">Listen or Port errors are fatal, except for IPv6 failures on the loopback or "any" addresses.
-<dt><b>log</b>
-<dd style="margin-left: 5.0em">Log file creation or write errors are fatal.
-<dt><b>permissions</b>
-<dd style="margin-left: 5.0em">Bad startup file permissions are fatal, for example shared TLS certificate and key files with world-read permissions.
-</div>
-<dt><b>FileDevice Yes</b>
-<dd style="margin-left: 5.0em"><dt><b>FileDevice No</b>
-<dd style="margin-left: 5.0em">Specifies whether the file pseudo-device can be used for new printer queues.
-The URI "file:///dev/null" is always allowed.
-<dt><b>FontPath </b><i>directory</i>[:<i>...</i>:<i>directory</i>]
-<dd style="margin-left: 5.0em">Specifies the search path for fonts.
-<b>This directive is deprecated and will no longer be supported in a future release of CUPS.</b>
-<dt><b>Group </b><i>group-name-or-number</i>
-<dd style="margin-left: 5.0em">Specifies the group name or ID that will be used when executing external programs.
-The default group is operating system specific but is usually <i>lp</i> or <i>nobody</i>.
-<dt><b>LogFilePerm </b><i>mode</i>
-<dd style="margin-left: 5.0em">Specifies the permissions of all log files that the scheduler writes. The default is 0644.
-<dt><b>PageLog </b>[ <i>filename</i> ]
-<dd style="margin-left: 5.0em"><dt><b>PageLog syslog</b>
-<dd style="margin-left: 5.0em">Defines the page log filename.
-The value "syslog" causes log entries to be sent to the system log daemon.
-Specifying a blank filename disables page log generation.
-The server name may be included in filenames using the string "%s", for example:
-<pre class="man">
-
- PageLog /var/log/cups/%s-page_log
-
-</pre>
-<dt><b>Printcap </b>[ <i>filename</i> ]
-<dd style="margin-left: 5.0em">Defines the printcap filename that the scheduler automatically updates with the current list of available printers, which is sometimes used by legacy applications.
-Specifying a blank filename disables printcap generation.
-<b>This directive is deprecated and will no longer be supported in a future release of CUPS.</b>
-<dt><b>RemoteRoot </b><i>username</i>
-<dd style="margin-left: 5.0em">Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user.
-<dt><b>RequestRoot </b><i>directory</i>
-<dd style="margin-left: 5.0em">Specifies the directory that contains print jobs and other HTTP request data.
-<dt><b>Sandboxing off</b>
-<dd style="margin-left: 5.0em"><dt><b>Sandboxing relaxed</b>
-<dd style="margin-left: 5.0em"><dt><b>Sandboxing strict</b>
-<dd style="margin-left: 5.0em">Specifies the level of security sandboxing that is applied to print filters, backends, and other child processes of the scheduler.
-The default is "strict".
-This directive is currently only used on OS X.
-<dt><b>ServerBin </b><i>directory</i>
-<dd style="margin-left: 5.0em">Specifies the directory containing the backends, CGI programs, filters, helper programs, notifiers, and port monitors.
-<dt><b>ServerKeychain </b><i>path</i>
-<dd style="margin-left: 5.0em">Specifies the location of TLS certificates and private keys.
-<dt><b>ServerRoot </b><i>directory</i>
-<dd style="margin-left: 5.0em">Specifies the directory containing the server configuration files.
-<dt><b>SyncOnClose Yes</b>
-<dd style="margin-left: 5.0em"><dt><b>SyncOnClose No</b>
-<dd style="margin-left: 5.0em">Specifies whether the scheduler calls
-<b>fsync</b>(2)
-after writing configuration or state files. The default is No.
-<dt><b>SystemGroup </b><i>group-name </i>[ <i>... group-name</i> ]
-<dd style="margin-left: 5.0em">Specifies the group(s) to use for <i>@SYSTEM</i> group authentication.
-<dt><b>TempDir </b><i>directory</i>
-<dd style="margin-left: 5.0em">Specifies the directory where temporary files are stored.
-<dt><b>User </b><i>username</i>
-<dd style="margin-left: 5.0em">Specifies the user name or ID that is used when running external programs.
+<dt>AccessLog filename
+<dd style="margin-left: 5.0em"><dt>AccessLog syslog
+<dd style="margin-left: 5.0em"><br>
+Defines the access log filename.
+<dt>ConfigFilePerm mode
+<dd style="margin-left: 5.0em"><br>
+Specifies the permissions for all configuration files that the scheduler
+writes.
+<dt>DataDir path
+<dd style="margin-left: 5.0em"><br>
+Specified the directory where data files can be found.
+<dt>DocumentRoot directory
+<dd style="margin-left: 5.0em"><br>
+Specifies the root directory for the internal web server documents.
+<dt>ErrorLog filename
+<dd style="margin-left: 5.0em"><dt>ErrorLog syslog
+<dd style="margin-left: 5.0em"><br>
+Specifies the error log filename.
+<dt>FatalErrors none
+<dd style="margin-left: 5.0em"><dt>FatalErrors all -kind [... -kind]
+<dd style="margin-left: 5.0em"><dt>FatalErrors kind [... kind]
+<dd style="margin-left: 5.0em"><br>
+Specifies which errors are fatal, causing the scheduler to exit. "Kind" is
+"browse", "config", "listen", "log", or "permissions".
+<dt>FileDevice Yes
+<dd style="margin-left: 5.0em"><dt>FileDevice No
+<dd style="margin-left: 5.0em"><br>
+Specifies whether the file pseudo-device can be used for new
+printer queues.
+<dt>FontPath directory[:directory:...]
+<dd style="margin-left: 5.0em"><br>
+Specifies the search path for fonts.
+<dt>Group group-name-or-number
+<dd style="margin-left: 5.0em"><br>
+Specifies the group name or ID that will be used when executing
+external programs.
+<dt>LogFilePerm mode
+<dd style="margin-left: 5.0em"><br>
+Specifies the permissions for all log files that the scheduler writes.
+<dt>PageLog filename
+<dd style="margin-left: 5.0em"><dt>PageLog syslog
+<dd style="margin-left: 5.0em"><br>
+Specifies the page log filename.
+<dt>Printcap
+<dd style="margin-left: 5.0em"><dt>Printcap filename
+<dd style="margin-left: 5.0em"><br>
+Specifies the filename for a printcap file that is updated
+automatically with a list of available printers (needed for
+legacy applications); specifying Printcap with no filename
+disables printcap generation.
+<dt>RemoteRoot user-name
+<dd style="margin-left: 5.0em"><br>
+Specifies the username that is associated with unauthenticated root
+accesses.
+<dt>RequestRoot directory
+<dd style="margin-left: 5.0em"><br>
+Specifies the directory to store print jobs and other HTTP request
+data.
+<dt>Sandboxing off
+<dd style="margin-left: 5.0em"><dt>Sandboxing relaxed
+<dd style="margin-left: 5.0em"><dt>Sandboxing strict
+<dd style="margin-left: 5.0em">Specifies the level of security sandboxing that is applied to print filters, backends, and other child processes of the scheduler. The default is "strict". (OS X only)
+<dt>ServerBin directory
+<dd style="margin-left: 5.0em"><br>
+Specifies the directory where backends, CGIs, daemons, and filters may
+be found.
+<dt>ServerKeychain path
+<dd style="margin-left: 5.0em"><br>
+Specifies the location of TLS certificates and private keys.
+<dt>ServerRoot directory
+<dd style="margin-left: 5.0em"><br>
+Specifies the directory where the server configuration files can be found.
+<dt>SyncOnClose Yes
+<dd style="margin-left: 5.0em"><dt>SyncOnClose No
+<dd style="margin-left: 5.0em">Specifies whether the scheduler calls <i>fsync(2)</i> after writing configuration
+or state files. The default is No.
+<dt>SystemGroup group-name [group-name ...]
+<dd style="margin-left: 5.0em"><br>
+Specifies the group(s) to use for System class authentication.
+<dt>TempDir directory
+<dd style="margin-left: 5.0em"><br>
+Specifies the directory where temporary files are stored.
+<dt>User user-name
+<dd style="margin-left: 5.0em"><br>
+Specifies the user name or ID that is used when running external programs.
</dl>
<h2 class="title"><a name="SEE_ALSO">See Also</a></h2>
-<a href="man-classes.conf.html?TOPIC=Man+Pages"><b>classes.conf</b>(5),</a>
-<a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
-<a href="man-cupsd.html?TOPIC=Man+Pages"><b>cupsd</b>(8),</a>
-<a href="man-cupsd.conf.html?TOPIC=Man+Pages"><b>cupsd.conf</b>(5),</a>
-<a href="man-mime.convs.html?TOPIC=Man+Pages"><b>mime.convs</b>(5),</a>
-<a href="man-mime.types.html?TOPIC=Man+Pages"><b>mime.types</b>(5),</a>
-<a href="man-printers.conf.html?TOPIC=Man+Pages"><b>printers.conf</b>(5),</a>
-<a href="man-subscriptions.conf.html?TOPIC=Man+Pages"><b>subscriptions.conf</b>(5),</a>
-CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
+<i>classes.conf(5)</i>, <i>cupsd(8)</i>, <i>cupsd.conf(5)</i>, <i>mime.convs(5)</i>,
+<i>mime.types(5)</i>, <i>printers.conf(5)</i>,
+<i>subscriptions.conf(5)</i>,
+<br>
+<a href="http://localhost:631/help">http://localhost:631/help</a>
<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
-Copyright © 2007-2014 by Apple Inc.
+Copyright 2007-2014 by Apple Inc.
</body>
</html>
<i>cupsd.conf</i>
file configures the CUPS scheduler,
<a href="man-cupsd.html?TOPIC=Man+Pages"><b>cupsd</b>(8).</a>
-It is normally located in the
-<i>/etc/cups</i>
-directory. <b>Note:</b> File, directory, and user configuration directives that used to be allowed in the <i>cupsd.conf</i> file are now stored in the <i>cups-files.conf(5)</i> instead in order to prevent certain types of privilege escalation attacks.
+It is normally located in the <i>/etc/cups</i> directory. <b>Note:</b> File, directory, and user configuration directives that used to be allowed in the <i>cupsd.conf</i> file are now stored in the <i>cups-files.conf(5)</i> instead in order to prevent certain types of privilege escalation attacks.
<p>Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. The configuration directives are intentionally similar to those used by the popular Apache web server software and are described below.
<h2 class="title"><a name="TOP_LEVEL_DIRECTIVES">Top-level Directives</a></h2>
The following directives are understood by
cupsd - cups scheduler
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>cupsd</b>
-[
-<b>-c</b>
+[ -c
<i>config-file</i>
-] [
-<b>-f</b>
-] [
-<b>-F</b>
-] [
-<b>-h</b>
-] [
-<b>-l</b>
-] [
-<b>-t</b>
-]
+] [ -f ] [ -F ] [ -h ] [ -l ] [ -t ]
<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
<b>cupsd</b>
is the scheduler for CUPS. It implements a printing system based upon the Internet Printing Protocol, version 2.1. If no options are specified on the command-line then the default configuration file
will be used.
<h2 class="title"><a name="OPTIONS">Options</a></h2>
<dl class="man">
-<dt><b>-c</b><i> config-file</i>
+<dt>-c config-file
<dd style="margin-left: 5.0em">Uses the named configuration file.
-<dt><b>-f</b>
+<dt>-f
<dd style="margin-left: 5.0em">Run
<b>cupsd</b>
in the foreground; the default is to run in the background as a "daemon".
-<dt><b>-F</b>
+<dt>-F
<dd style="margin-left: 5.0em">Run
<b>cupsd</b>
in the foreground but detach the process from the controlling terminal and current directory. This is useful for running
-<b>cupsd</b>
-from
-<b>init</b>(8).
-<dt><b>-h</b>
+<b>cupsd</b>from<b>init</b>(8).
+<dt>-h
<dd style="margin-left: 5.0em">Shows the program usage.
-<dt><b>-l</b>
+<dt>-l
<dd style="margin-left: 5.0em">This option is passed to
<b>cupsd</b>
when it is run from
-<b>launchd</b>(8)
-or
-<b>systemd</b>(8).
-<dt><b>-t</b>
+<b>launchd</b>(8).
+<dt>-t
<dd style="margin-left: 5.0em">Test the configuration file for syntax errors.
</dl>
-<h2 class="title"><a name="FILES">Files</a></h2>
-<pre class="man">
-<i>/etc/cups/classes.conf</i>
-<i>/etc/cups/cups-files.conf</i>
-<i>/etc/cups/cupsd.conf</i>
-<i>/usr/share/cups/mime/mime.convs</i>
-<i>/usr/share/cups/mime/mime.types</i>
-<i>/etc/cups/printers.conf</i>
-</pre>
-<h2 class="title"><a name="CONFORMING_TO">Conforming To</a></h2>
-<b>cupsd</b>
-implements all of the required IPP/2.1 attributes and operations. It also implements several CUPS-specific administrative operations.
-<h2 class="title"><a name="EXAMPLES">Examples</a></h2>
-Run
-<b>cupsd</b>
-in the background with the default configuration file:
-<pre class="man">
-
- cupsd
-
-</pre>
-Test a configuration file called
-<i>test.conf</i>:
-<pre class="man">
-
- cupsd -t -c test.conf
-
-</pre>
-Run
+<h2 class="title"><a name="COMPATIBILITY">Compatibility</a></h2>
<b>cupsd</b>
-in the foreground with a test configuration file called
-<i>test.conf</i>:
-<pre class="man">
-
- cupsd -f -c test.conf
-
-</pre>
+implements all of the required IPP/2.1 attributes and operations. It also implements several CUPS-specific administration operations.
<h2 class="title"><a name="SEE_ALSO">See Also</a></h2>
-<a href="man-backend.html?TOPIC=Man+Pages"><b>backend</b>(7),</a>
-<a href="man-classes.conf.html?TOPIC=Man+Pages"><b>classes.conf</b>(5),</a>
-<a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
-<b>cups-deviced</b>(8),
-<b>cups-driverd</b>(8),
-<a href="man-cups-lpd.html?TOPIC=Man+Pages"><b>cups-lpd</b>(8),</a>
-<a href="man-cupsd.conf.html?TOPIC=Man+Pages"><b>cupsd.conf</b>(5),</a>
-<a href="man-filter.html?TOPIC=Man+Pages"><b>filter</b>(7),</a>
-<b>launchd</b>(8),
-<a href="man-mime.convs.html?TOPIC=Man+Pages"><b>mime.convs</b>(5),</a>
-<a href="man-mime.types.html?TOPIC=Man+Pages"><b>mime.types</b>(5),</a>
-<a href="man-printers.conf.html?TOPIC=Man+Pages"><b>printers.conf</b>(5),</a>
-<b>systemd</b>(8),
-CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
+<a href="man-backend.html?TOPIC=Man+Pages"><b>backend</b>(7),</a><a href="man-classes.conf.html?TOPIC=Man+Pages"><b>classes.conf</b>(5),</a><b>cups-deviced</b>(8),<b>cups-driverd</b>(8),<a href="man-cups-lpd.html?TOPIC=Man+Pages"><b>cups-lpd</b>(8),</a><a href="man-cupsd.conf.html?TOPIC=Man+Pages"><b>cupsd.conf</b>(5),</a><a href="man-filter.html?TOPIC=Man+Pages"><b>filter</b>(7),</a><b>launchd</b>(8),<a href="man-mime.convs.html?TOPIC=Man+Pages"><b>mime.convs</b>(5),</a><a href="man-mime.types.html?TOPIC=Man+Pages"><b>mime.types</b>(5),</a><a href="man-printers.conf.html?TOPIC=Man+Pages"><b>printers.conf</b>(5),</a>
+<a href="http://localhost:631/help">http://localhost:631/help</a>
<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
Copyright © 2007-2014 by Apple Inc.
728FB7EE15361642005426E1 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E8136B64B000836530 /* SystemConfiguration.framework */; };
728FB7F11536167A005426E1 /* libiconv.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7EF1536167A005426E1 /* libiconv.dylib */; };
728FB7F21536167A005426E1 /* libresolv.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7F01536167A005426E1 /* libresolv.dylib */; };
+ 72BFD5FB191AF0A30005DA37 /* libcups_static.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 72A4332F155844CF002E172D /* libcups_static.a */; };
+ 72BFD5FC191AF0A30005DA37 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E5136B64AF00836530 /* CoreFoundation.framework */; };
+ 72BFD5FD191AF0A30005DA37 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E6136B64B000836530 /* Kerberos.framework */; };
+ 72BFD5FE191AF0A30005DA37 /* libiconv.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7EF1536167A005426E1 /* libiconv.dylib */; };
+ 72BFD5FF191AF0A30005DA37 /* libresolv.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7F01536167A005426E1 /* libresolv.dylib */; };
+ 72BFD600191AF0A30005DA37 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7EC1536161C005426E1 /* libz.dylib */; };
+ 72BFD601191AF0A30005DA37 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E7136B64B000836530 /* Security.framework */; };
+ 72BFD602191AF1270005DA37 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E5136B64AF00836530 /* CoreFoundation.framework */; };
+ 72BFD603191AF1270005DA37 /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72D53A2915B49110003F877F /* GSS.framework */; };
+ 72BFD604191AF1270005DA37 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E6136B64B000836530 /* Kerberos.framework */; };
+ 72BFD605191AF1270005DA37 /* libiconv.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7EF1536167A005426E1 /* libiconv.dylib */; };
+ 72BFD606191AF1270005DA37 /* libresolv.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7F01536167A005426E1 /* libresolv.dylib */; };
+ 72BFD607191AF1270005DA37 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 728FB7EC1536161C005426E1 /* libz.dylib */; };
+ 72BFD608191AF1270005DA37 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E7136B64B000836530 /* Security.framework */; };
+ 72BFD609191AF14C0005DA37 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E8136B64B000836530 /* SystemConfiguration.framework */; };
72C16CB9137B195D007E4BF4 /* file.c in Sources */ = {isa = PBXBuildFile; fileRef = 72C16CB8137B195D007E4BF4 /* file.c */; };
72CEF95618A966E000FA9B81 /* libcups.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 72220EAE1333047D00FCA411 /* libcups.dylib */; };
72CF95E318A13543000FCAE4 /* dest-job.c in Sources */ = {isa = PBXBuildFile; fileRef = 72CF95E018A13543000FCAE4 /* dest-job.c */; };
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
+ 72BFD609191AF14C0005DA37 /* SystemConfiguration.framework in Frameworks */,
+ 72BFD602191AF1270005DA37 /* CoreFoundation.framework in Frameworks */,
+ 72BFD603191AF1270005DA37 /* GSS.framework in Frameworks */,
+ 72BFD604191AF1270005DA37 /* Kerberos.framework in Frameworks */,
+ 72BFD605191AF1270005DA37 /* libiconv.dylib in Frameworks */,
+ 72BFD606191AF1270005DA37 /* libresolv.dylib in Frameworks */,
+ 72BFD607191AF1270005DA37 /* libz.dylib in Frameworks */,
+ 72BFD608191AF1270005DA37 /* Security.framework in Frameworks */,
);
runOnlyForDeploymentPostprocessing = 0;
};
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
+ 72BFD5FB191AF0A30005DA37 /* libcups_static.a in Frameworks */,
+ 72BFD5FC191AF0A30005DA37 /* CoreFoundation.framework in Frameworks */,
+ 72BFD5FD191AF0A30005DA37 /* Kerberos.framework in Frameworks */,
+ 72BFD5FE191AF0A30005DA37 /* libiconv.dylib in Frameworks */,
+ 72BFD5FF191AF0A30005DA37 /* libresolv.dylib in Frameworks */,
+ 72BFD600191AF0A30005DA37 /* libz.dylib in Frameworks */,
+ 72BFD601191AF0A30005DA37 /* Security.framework in Frameworks */,
);
runOnlyForDeploymentPostprocessing = 0;
};
projects / thirdparty / cups.git / commitdiff
