From c41769ffd04ad45bb2c95691ad3999674896a2ed Mon Sep 17 00:00:00 2001
From: msweet
Date: Mon, 26 Nov 2012 19:37:04 +0000
Subject: [PATCH] Merge changes from CUPS 1.7svn-r10710.
git-svn-id: svn+ssh://src.apple.com/svn/cups/easysw/current@4040 a1ca3aef-8c08-0410-bb20-df032aa958be
---
CHANGES-1.6.txt | 3 +
CHANGES-IPPTOOL.txt | 4 +-
IPPTOOL.txt | 2 +-
backend/ipp.c | 14 +-
conf/Makefile | 2 +-
conf/cups-files.conf.in | 98 ++++
conf/cupsd.conf.in | 4 -
config-scripts/cups-defaults.m4 | 2 +
config-scripts/cups-ssl.m4 | 11 +
configure.in | 2 +
cups/http-addr.c | 7 -
cups/http-private.h | 5 -
cups/http.c | 73 ++-
cups/versioning.h | 4 +-
doc/Makefile | 2 +-
doc/help/man-ipptoolfile.html | 12 +
doc/help/ref-cups-files-conf.html.in | 531 +++++++++++++++++++
doc/help/ref-cupsd-conf.html.in | 324 ------------
man/Makefile | 1 +
man/cups-files.conf.man.in | 146 ++++++
man/cupsd.conf.man.in | 143 +----
man/ipptoolfile.man | 11 +-
packaging/cups.list.in | 2 +
packaging/cups.spec.in | 1 +
scheduler/client.c | 38 +-
scheduler/conf.c | 744 ++++++++++++++++-----------
scheduler/conf.h | 4 +-
scheduler/main.c | 53 +-
test/ipptool.c | 65 ++-
test/run-stp-tests.sh | 44 +-
30 files changed, 1488 insertions(+), 864 deletions(-)
create mode 100644 conf/cups-files.conf.in
create mode 100644 doc/help/ref-cups-files-conf.html.in
create mode 100644 man/cups-files.conf.man.in
diff --git a/CHANGES-1.6.txt b/CHANGES-1.6.txt
index e5e87ae88..5ace73229 100644
--- a/CHANGES-1.6.txt
+++ b/CHANGES-1.6.txt
@@ -4,6 +4,9 @@ CHANGES-1.6.txt
CHANGES IN CUPS V1.6.2
- Documentation fixes
+ - Security: All file, directory, user, and group settings are now stored
+ in a separate cups-files.conf configuration file that cannot be set
+ through the CUPS web interface or APIs (STR #4223)
- The SNMP backend now tries to work around broken printers that use a
newline to separate key/value pairs.
- The IPP backend did not send a cancel request to printers when a job
diff --git a/CHANGES-IPPTOOL.txt b/CHANGES-IPPTOOL.txt
index 9c4a8038a..a0b9176da 100644
--- a/CHANGES-IPPTOOL.txt
+++ b/CHANGES-IPPTOOL.txt
@@ -1,4 +1,4 @@
-CHANGES-IPPTOOL.txt - 2012-09-15
+CHANGES-IPPTOOL.txt - 2012-11-16
--------------------------------
This file provides a list of changes to the ipptool binary distribution posted
@@ -10,6 +10,8 @@ on cups.org.
- ipptool did not support octetString values.
- Fixed REPEAT-MATCH for STATUS and EXPECT - was incorrectly erroring
out.
+ - ipptool did not support compressing documents in Print-Job or
+ Send-Document requests.
2012-02-28
diff --git a/IPPTOOL.txt b/IPPTOOL.txt
index 1d1fce704..5aa027f1e 100644
--- a/IPPTOOL.txt
+++ b/IPPTOOL.txt
@@ -1,4 +1,4 @@
-IPPTOOL.txt - 2012-02-06
+IPPTOOL.txt - 2012-11-16
------------------------
See the file CHANGES-IPPTOOL.txt for a list of changes to this software.
diff --git a/backend/ipp.c b/backend/ipp.c
index 180586e05..d3dd8de9c 100644
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -1500,6 +1500,9 @@ main(int argc, /* I - Number of command-line args */
http_status = cupsSendRequest(http, request, resource, length);
if (http_status == HTTP_CONTINUE && request->state == IPP_DATA)
{
+ if (compression && strcmp(compression, "none"))
+ httpSetField(http, HTTP_FIELD_CONTENT_ENCODING, compression);
+
if (num_files == 1)
{
if ((fd = open(files[0], O_RDONLY)) < 0)
@@ -1537,7 +1540,8 @@ main(int argc, /* I - Number of command-line args */
{
fprintf(stderr, "DEBUG: Read %d bytes...\n", (int)bytes);
- if (cupsWriteRequestData(http, buffer, bytes) != HTTP_CONTINUE)
+ if ((http_status = cupsWriteRequestData(http, buffer, bytes))
+ != HTTP_CONTINUE)
break;
}
else if (bytes == 0 || (errno != EINTR && errno != EAGAIN))
@@ -1545,6 +1549,10 @@ main(int argc, /* I - Number of command-line args */
}
}
+ if (http_status == HTTP_ERROR)
+ fprintf(stderr, "DEBUG: Error writing document data for "
+ "Print-Job: %s\n", strerror(httpError(http)));
+
if (num_files == 1)
close(fd);
}
@@ -1737,6 +1745,10 @@ main(int argc, /* I - Number of command-line args */
close(fd);
}
+ if (http_status == HTTP_ERROR)
+ fprintf(stderr, "DEBUG: Error writing document data for "
+ "Send-Document: %s\n", strerror(httpError(http)));
+
ippDelete(cupsGetResponse(http, resource));
ippDelete(request);
diff --git a/conf/Makefile b/conf/Makefile
index 5114174f1..a68a58b16 100644
--- a/conf/Makefile
+++ b/conf/Makefile
@@ -19,7 +19,7 @@ include ../Makedefs
# Config files...
#
-KEEP = cupsd.conf snmp.conf
+KEEP = cups-files.conf cupsd.conf snmp.conf
REPLACE = mime.convs mime.types
diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in
new file mode 100644
index 000000000..8c3a1b58c
--- /dev/null
+++ b/conf/cups-files.conf.in
@@ -0,0 +1,98 @@
+#
+# "$Id$"
+#
+# Sample file/directory/user/group configuration file for the CUPS scheduler.
+# See "man cups-files.conf" for a complete description of this file.
+#
+
+# List of events that are considered fatal errors for the scheduler...
+#FatalErrors @CUPS_FATAL_ERRORS@
+
+# Default user and group for filters/backends/helper programs; this cannot be
+# any user or group that resolves to ID 0 for security reasons...
+#User @CUPS_USER@
+#Group @CUPS_GROUP@
+
+# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
+SystemGroup @CUPS_SYSTEM_GROUPS@
+@CUPS_SYSTEM_AUTHKEY@
+
+# User that is substituted for unauthenticated (remote) root accesses...
+#RemoteRoot remroot
+
+# Do we allow file: device URIs other than to /dev/null?
+#FileDevice No
+
+# Permissions for configuration and log files...
+#ConfigFilePerm @CUPS_CONFIG_FILE_PERM@
+#LogFilePerm @CUPS_LOG_FILE_PERM@
+
+# Location of the file logging all access to the scheduler; may be the name
+# "syslog". If not an absolute path, the value of ServerRoot is used as the
+# root directory. Also see the "AccessLogLevel" directive in cupsd.conf.
+AccessLog @CUPS_LOGDIR@/access_log
+
+# Location of cache files used by the scheduler...
+#CacheDir @CUPS_CACHEDIR@
+
+# Location of data files used by the scheduler...
+#DataDir @CUPS_DATADIR@
+
+# Location of the static web content served by the scheduler...
+#DocRoot @CUPS_DOCROOT@
+
+# Location of the file logging all messages produced by the scheduler and any
+# helper programs; may be the name "syslog". If not an absolute path, the value
+# of ServerRoot is used as the root directory. Also see the "LogLevel"
+# directive in cupsd.conf.
+ErrorLog @CUPS_LOGDIR@/error_log
+
+# Location of fonts used by older print filters...
+#FontPath @CUPS_FONTPATH@
+
+# Location of LPD configuration
+#LPDConfigFile @CUPS_DEFAULT_LPD_CONFIG_FILE@
+
+# Location of the file logging all pages printed by the scheduler and any
+# helper programs; may be the name "syslog". If not an absolute path, the value
+# of ServerRoot is used as the root directory. Also see the "PageLogFormat"
+# directive in cupsd.conf.
+PageLog @CUPS_LOGDIR@/page_log
+
+# Location of the file listing all of the local printers...
+#Printcap @CUPS_DEFAULT_PRINTCAP@
+
+# Format of the Printcap file...
+#PrintcapFormat bsd
+#PrintcapFormat plist
+#PrintcapFormat solaris
+
+# Location of all spool files...
+#RequestRoot @CUPS_REQUESTS@
+
+# Location of helper programs...
+#ServerBin @CUPS_SERVERBIN@
+
+# SSL/TLS certificate for the scheduler...
+#ServerCertificate @CUPS_SERVERCERT@
+
+# SSL/TLS private key for the scheduler...
+#ServerKey @CUPS_SERVERKEY@
+
+# Location of other configuration files...
+#ServerRoot @CUPS_SERVERROOT@
+
+# Location of Samba configuration file...
+#SMBConfigFile @CUPS_DEFAULT_SMB_CONFIG_FILE@
+
+# Location of scheduler state files...
+#StateDir @CUPS_STATEDIR@
+
+# Location of scheduler/helper temporary files. This directory is emptied on
+# scheduler startup and cannot be one of the standard (public) temporary
+# directory locations for security reasons...
+#TempDir @CUPS_REQUESTS@/tmp
+
+#
+# End of "$Id$".
+#
diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
index 8a1e86f25..5ae2c9f02 100644
--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
@@ -9,10 +9,6 @@
# for troubleshooting...
LogLevel @CUPS_LOG_LEVEL@
-# Administrator user group...
-SystemGroup @CUPS_SYSTEM_GROUPS@
-@CUPS_SYSTEM_AUTHKEY@
-
# Only listen for connections from the local machine.
Listen localhost:@DEFAULT_IPP_PORT@
@CUPS_LISTEN_DOMAINSOCKET@
diff --git a/config-scripts/cups-defaults.m4 b/config-scripts/cups-defaults.m4
index d236a344a..173cfeac8 100644
--- a/config-scripts/cups-defaults.m4
+++ b/config-scripts/cups-defaults.m4
@@ -305,6 +305,7 @@ else
fi
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_LPD_CONFIG_FILE, "$CUPS_DEFAULT_LPD_CONFIG_FILE")
+AC_SUBST(CUPS_DEFAULT_LPD_CONFIG_FILE)
dnl Default SMB config file...
AC_ARG_WITH(smbconfigfile, [ --with-smbconfigfile set default SMBConfigFile URI],
@@ -326,6 +327,7 @@ else
fi
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_SMB_CONFIG_FILE, "$CUPS_DEFAULT_SMB_CONFIG_FILE")
+AC_SUBST(CUPS_DEFAULT_SMB_CONFIG_FILE)
dnl Default MaxCopies value...
AC_ARG_WITH(max-copies, [ --with-max-copies set default max copies value, default=9999 ],
diff --git a/config-scripts/cups-ssl.m4 b/config-scripts/cups-ssl.m4
index 0bf9e00c7..03f7530a3 100644
--- a/config-scripts/cups-ssl.m4
+++ b/config-scripts/cups-ssl.m4
@@ -27,6 +27,8 @@ AC_ARG_WITH(openssl-includes, [ --with-openssl-includes set directory for OpenS
SSLFLAGS=""
SSLLIBS=""
have_ssl=0
+CUPS_SERVERCERT=""
+CUPS_SERVERKEY=""
if test x$enable_ssl != xno; then
dnl Look for CDSA...
@@ -36,6 +38,7 @@ if test x$enable_ssl != xno; then
have_ssl=1
AC_DEFINE(HAVE_SSL)
AC_DEFINE(HAVE_CDSASSL)
+ CUPS_SERVERCERT="/Library/Keychains/System.keychain"
dnl Check for the various security headers...
AC_CHECK_HEADER(Security/SecureTransportPriv.h,
@@ -106,6 +109,9 @@ if test x$enable_ssl != xno; then
fi
if test $have_ssl = 1; then
+ CUPS_SERVERCERT="ssl/server.crt"
+ CUPS_SERVERKEY="ssl/server.key"
+
if $PKGCONFIG --exists gcrypt; then
SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
@@ -148,6 +154,9 @@ if test x$enable_ssl != xno; then
done
if test "x${SSLLIBS}" != "x"; then
+ CUPS_SERVERCERT="ssl/server.crt"
+ CUPS_SERVERKEY="ssl/server.key"
+
LIBS="$SAVELIBS $SSLLIBS"
AC_CHECK_FUNCS(SSL_set_tlsext_host_name)
fi
@@ -165,6 +174,8 @@ elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes -o x$enable_openssl = x
AC_MSG_ERROR([Unable to enable SSL support.])
fi
+AC_SUBST(CUPS_SERVERCERT)
+AC_SUBST(CUPS_SERVERKEY)
AC_SUBST(IPPALIASES)
AC_SUBST(SSLFLAGS)
AC_SUBST(SSLLIBS)
diff --git a/configure.in b/configure.in
index e7c8cd00f..e575f68dd 100644
--- a/configure.in
+++ b/configure.in
@@ -60,6 +60,7 @@ AC_SUBST(INSTALL_LANGUAGES)
AC_SUBST(UNINSTALL_LANGUAGES)
AC_OUTPUT(Makedefs
+ conf/cups-files.conf
conf/cupsd.conf
conf/mime.convs
conf/pam.std
@@ -73,6 +74,7 @@ AC_OUTPUT(Makedefs
man/client.conf.man
man/cups-deviced.man
man/cups-driverd.man
+ man/cups-files.conf.man
man/cups-lpd.man
man/cups-snmp.man
man/cupsaddsmb.man
diff --git a/cups/http-addr.c b/cups/http-addr.c
index 9cb9bee30..3e050e705 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -382,13 +382,6 @@ httpAddrPort(http_addr_t *addr) /* I - Address */
return (ippPort());
}
-int /* O - Port number */
-_httpAddrPort(http_addr_t *addr) /* I - Address */
-{
- /* TODO: Remove in CUPS 1.8 */
- return (httpAddrPort(addr));
-}
-
/*
* '_httpAddrSetPort()' - Set the port number associated with an address.
diff --git a/cups/http-private.h b/cups/http-private.h
index d6cbeaf83..12ae6ddb9 100644
--- a/cups/http-private.h
+++ b/cups/http-private.h
@@ -403,9 +403,6 @@ extern void _cups_freeifaddrs(struct ifaddrs *addrs);
*/
#define _httpAddrFamily(addrp) (addrp)->addr.sa_family
-extern int _httpAddrPort(http_addr_t *addr)
- _CUPS_DEPRECATED_MSG("Use httpAddrPort "
- "instead.");
extern void _httpAddrSetPort(http_addr_t *addr, int port);
extern char *_httpAssembleUUID(const char *server, int port,
const char *name, int number,
@@ -422,8 +419,6 @@ extern void _httpDisconnect(http_t *http);
extern char *_httpEncodeURI(char *dst, const char *src,
size_t dstsize);
extern void _httpFreeCredentials(http_tls_credentials_t credentials);
-extern ssize_t _httpPeek(http_t *http, char *buffer, size_t length)
- _CUPS_DEPRECATED_MSG("Use httpPeek instead.");
extern const char *_httpResolveURI(const char *uri, char *resolved_uri,
size_t resolved_size, int options,
int (*cb)(void *context),
diff --git a/cups/http.c b/cups/http.c
index a547c47af..d5099b272 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -996,6 +996,11 @@ httpFlush(http_t *http) /* I - Connection to server */
* Didn't get the data back, so close the current connection.
*/
+#ifdef HAVE_LIBZ
+ if (http->coding)
+ http_content_coding_finish(http);
+#endif /* HAVE_LIBZ */
+
DEBUG_puts("1httpFlush: Setting state to HTTP_STATE_WAITING and closing.");
http->state = HTTP_STATE_WAITING;
@@ -1955,6 +1960,11 @@ httpPeek(http_t *http, /* I - Connection to server */
if (http->data_encoding == HTTP_ENCODING_CHUNKED)
httpGets(len, sizeof(len), http);
+#ifdef HAVE_LIBZ
+ if (http->coding)
+ http_content_coding_finish(http);
+#endif /* HAVE_LIBZ */
+
if (http->state == HTTP_STATE_POST_RECV)
http->state ++;
else
@@ -2101,15 +2111,6 @@ httpPeek(http_t *http, /* I - Connection to server */
return (bytes);
}
-ssize_t /* O - Number of bytes copied */
-_httpPeek(http_t *http, /* I - Connection to server */
- char *buffer, /* I - Buffer for data */
- size_t length) /* I - Maximum number of bytes */
-{
- /* TODO: Remove in CUPS 1.8 */
- return (httpPeek(http, buffer, length));
-}
-
/*
* 'httpPost()' - Send a POST request to the server.
@@ -2226,20 +2227,33 @@ httpRead2(http_t *http, /* I - Connection to server */
if (http->data_encoding == HTTP_ENCODING_CHUNKED &&
http->data_remaining <= 0)
{
- DEBUG_puts("2httpRead2: Getting chunk length...");
-
- if (httpGets(len, sizeof(len), http) == NULL)
+ if (!httpGets(len, sizeof(len), http))
{
- DEBUG_puts("1httpRead2: Could not get length!");
+ DEBUG_puts("1httpRead2: Could not get chunk length.");
return (0);
}
+ if (!len[0])
+ {
+ DEBUG_puts("1httpRead2: Blank chunk length, trying again...");
+ if (!httpGets(len, sizeof(len), http))
+ {
+ DEBUG_puts("1httpRead2: Could not get chunk length.");
+ return (0);
+ }
+ }
+
http->data_remaining = strtoll(len, NULL, 16);
+
if (http->data_remaining < 0)
{
- DEBUG_puts("1httpRead2: Negative chunk length!");
+ DEBUG_printf(("1httpRead2: Negative chunk length \"%s\" (" CUPS_LLFMT ")",
+ len, CUPS_LLCAST http->data_remaining));
return (0);
}
+
+ DEBUG_printf(("2httpRead2: Got chunk length \"%s\" (" CUPS_LLFMT ")", len,
+ CUPS_LLCAST http->data_remaining));
}
DEBUG_printf(("2httpRead2: data_remaining=" CUPS_LLFMT ", used=%d",
@@ -2553,10 +2567,13 @@ httpRead2(http_t *http, /* I - Connection to server */
return (0);
}
- if (http->data_remaining == 0)
+ if (http->data_remaining <= 0)
{
if (http->data_encoding == HTTP_ENCODING_CHUNKED)
+ {
+ DEBUG_puts("1httpRead2: Reading trailing line for chunk.");
httpGets(len, sizeof(len), http);
+ }
else
{
#ifdef HAVE_LIBZ
@@ -3388,17 +3405,17 @@ _httpUpdate(http_t *http, /* I - Connection to server */
switch (http->state)
{
- case HTTP_GET :
- case HTTP_POST :
+ case HTTP_STATE_GET :
+ case HTTP_STATE_POST :
case HTTP_STATE_POST_RECV :
- case HTTP_PUT :
+ case HTTP_STATE_PUT :
http->state ++;
DEBUG_printf(("1_httpUpdate: Set state to %s.",
http_states[http->state + 1]));
- case HTTP_POST_SEND :
- case HTTP_HEAD :
+ case HTTP_STATE_POST_SEND :
+ case HTTP_STATE_HEAD :
break;
default :
@@ -3861,8 +3878,6 @@ httpWrite2(http_t *http, /* I - Connection to server */
* data, go idle...
*/
- DEBUG_puts("2httpWrite2: Changing states.");
-
if (http->wused)
{
if (httpFlushWrite(http) < 0)
@@ -3886,12 +3901,17 @@ httpWrite2(http_t *http, /* I - Connection to server */
}
if (http->state == HTTP_STATE_POST_RECV)
+ {
+#ifdef HAVE_LIBZ
+ if (http->coding)
+ http_content_coding_finish(http);
+#endif /* HAVE_LIBZ */
+
http->state ++;
- else
- http->state = HTTP_STATE_WAITING;
- DEBUG_printf(("2httpWrite2: New state is %s.",
- http_states[http->state + 1]));
+ DEBUG_printf(("2httpWrite2: Changed state to %s.",
+ http_states[http->state + 1]));
+ }
}
DEBUG_printf(("1httpWrite2: Returning " CUPS_LLFMT ".", CUPS_LLCAST bytes));
@@ -4905,6 +4925,7 @@ http_set_length(http_t *http) /* I - Connection */
{
if (http->mode == _HTTP_MODE_SERVER &&
http->state != HTTP_STATE_GET_SEND &&
+ http->state != HTTP_STATE_PUT &&
http->state != HTTP_STATE_POST &&
http->state != HTTP_STATE_POST_SEND)
{
diff --git a/cups/versioning.h b/cups/versioning.h
index f1b02d648..f3fe98114 100644
--- a/cups/versioning.h
+++ b/cups/versioning.h
@@ -59,8 +59,8 @@
# define _CUPS_API_1_3 AVAILABLE_MAC_OS_X_VERSION_10_5_AND_LATER
# define _CUPS_API_1_4 AVAILABLE_MAC_OS_X_VERSION_10_6_AND_LATER
# define _CUPS_API_1_5 AVAILABLE_MAC_OS_X_VERSION_10_7_AND_LATER
-# define _CUPS_API_1_6 AVAILABLE_MAX_OS_X_VERSION_10_8_AND_LATER
-# define _CUPS_API_1_7 AVAILABLE_MAX_OS_X_VERSION_10_9_AND_LATER
+# define _CUPS_API_1_6 AVAILABLE_MAC_OS_X_VERSION_10_8_AND_LATER
+# define _CUPS_API_1_7 AVAILABLE_MAC_OS_X_VERSION_10_9_AND_LATER
# else
# define _CUPS_API_1_1_19
# define _CUPS_API_1_1_20
diff --git a/doc/Makefile b/doc/Makefile
index 33c1e1d01..55808b70f 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -3,7 +3,7 @@
#
# Documentation makefile for CUPS.
#
-# Copyright 2007-2011 by Apple Inc.
+# Copyright 2007-2012 by Apple Inc.
# Copyright 1997-2007 by Easy Software Products.
#
# These coded instructions, statements, and computer programs are the
diff --git a/doc/help/man-ipptoolfile.html b/doc/help/man-ipptoolfile.html
index 645fd4a1f..4029f4288 100644
--- a/doc/help/man-ipptoolfile.html
+++ b/doc/help/man-ipptoolfile.html
@@ -171,6 +171,18 @@ character - escape commas using the "" character.
same syntax as regular attributes and can themselves be nested collections.
Multiple collection values can be supplied as needed.
+
COMPRESSION deflate
+
+
+
COMPRESSION gzip
+
+
+
COMPRESSION none
+
+
+
Uses the specified compression on the document data following the attributes in
+a Print-Job or Send-Document request.
+
DELAY seconds
Specifies a delay before this test will be run.
diff --git a/doc/help/ref-cups-files-conf.html.in b/doc/help/ref-cups-files-conf.html.in
new file mode 100644
index 000000000..eb1e71c05
--- /dev/null
+++ b/doc/help/ref-cups-files-conf.html.in
@@ -0,0 +1,531 @@
+
+
+
+ cups-files.conf
+
+
+
+
+
cups-files.conf
+
+
The /etc/cups/cups-files.conf file contains configuration directives that control the files, directories. users. and groups that are used by the CUPS scheduler, cupsd(8). Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.
The AccessLog directive sets the name of the
+access log file. If the filename is not absolute then it is
+assumed to be relative to the ServerRoot directory. The
+access log file is stored in "common log format" and can be used
+by any web access reporting tool to generate a report on CUPS
+server activity.
+
+
The server name can be included in the filename by using
+%s in the name.
+
+
The special name "syslog" can be used to send the access
+information to the system log instead of a plain file.
+
+
The default access log file is
+@CUPS_LOGDIR@/access_log.
The ConfigFilePerm directive specifies the permissions to use when the scheduler writes configuration and cache files, typically in response to IPP or HTTP requests. The default is @CUPS_CONFIG_FILE_PERM@.
+
+
Note:
+
+
The permissions for the printers.conf file are always masked to only allow access from the scheduler user (typically root). This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system. There is no way to disable this security feature.
The DocumentRoot directive specifies the location
+of web content for the HTTP server in CUPS. If an absolute path
+is not specified then it is assumed to be relative to the ServerRoot directory. The
+default directory is @CUPS_DOCROOT@.
+
+
Documents are first looked up in a sub-directory for the
+primary language requested by the client (e.g.
+@CUPS_DOCROOT@/fr/...) and then directly under
+the DocumentRoot directory (e.g.
+@CUPS_DOCROOT@/...), so it is possible to
+localize the web content by providing subdirectories for each
+language needed.
The ErrorLog directive sets the name of the error
+log file. If the filename is not absolute then it is assumed to
+be relative to the ServerRoot directory. The
+default error log file is @CUPS_LOGDIR@/error_log.
+
+
The server name can be included in the filename by using
+%s in the name.
+
+
The special name "syslog" can be used to send the error
+information to the system log instead of a plain file.
The FatalErrors directive determines whether certain kinds of
+errors are fatal. The following kinds of errors are currently recognized:
+
+
+
+
none - No errors are fatal
+
+
all - All of the errors below are fatal
+
+
browse - Browsing initialization errors are fatal,
+ for example failed binding to the CUPS browse port or failed connections
+ to LDAP servers
+
+
config - Configuration file syntax errors are
+ fatal
+
+
listen - Listen or Port errors are fatal, except for
+ IPv6 failures on the loopback or "any" addresses
+
+
log - Log file creation or write errors are fatal
+
+
permissions - Bad startup file permissions are
+ fatal, for example shared SSL certificate and key files with world-
+ read permissions
+
+
+
+
Multiple errors can be listed, and the form "-kind" can be used with
+all to remove specific kinds of errors. The default setting is
+@CUPS_FATAL_ERRORS@.
The FileDevice directive determines whether the
+scheduler allows new printers to be added using device URIs of
+the form file:/filename. File devices are most often
+used to test new printer drivers and do not support raw file
+printing.
+
+
The default setting is No.
+
+
Note:
+
+
File devices are managed by the scheduler. Since the
+scheduler normally runs as the root user, file devices
+can be used to overwrite system files and potentially
+gain unauthorized access to the system. If you must
+create printers using file devices, we recommend that
+you set the FileDevice directive to
+Yes for only as long as you need to add the
+printers to the system, and then reset the directive to
+No.
The PageLog directive sets the name of the page
+log file. If the filename is not absolute then it is assumed to
+be relative to the ServerRoot directory. The
+default page log file is @CUPS_LOGDIR@/page_log.
+
+
The server name can be included in the filename by using
+%s in the name.
+
+
The special name "syslog" can be used to send the page
+information to the system log instead of a plain file.
The Printcap directive controls whether or not a
+printcap file is automatically generated and updated with a list
+of available printers. If specified with no value, then no
+printcap file will be generated. The default is to generate a
+file named @CUPS_DEFAULT_PRINTCAP@.
+
+
When a filename is specified (e.g. @CUPS_DEFAULT_PRINTCAP@),
+the printcap file is written whenever a printer is added or
+removed. The printcap file can then be used by applications that
+are hardcoded to look at the printcap file for the available
+printers.
+PrintcapFormat BSD
+PrintcapFormat Solaris
+PrintcapFormat plist
+
+
+
Description
+
+
The PrintcapFormat directive controls the output format of the
+printcap file. The default is to generate the plist format on OS X, the
+Solaris format on Solaris, and the BSD format on other operating systems.
The RemoteRoot directive sets the username for
+unauthenticated root requests from remote hosts. The default
+username is remroot. Setting RemoteRoot
+to root effectively disables this security
+mechanism.
The RequestRoot directive sets the directory for
+incoming IPP requests and HTML forms. If an absolute path is not
+provided then it is assumed to be relative to the ServerRoot directory. The
+default request directory is @CUPS_REQUESTS@.
The ServerBin directive sets the directory for
+server-run executables. If an absolute path is not provided then
+it is assumed to be relative to the ServerRoot directory. The
+default executable directory is /usr/lib/cups,
+/usr/lib32/cups, or /usr/libexec/cups
+depending on the operating system.
The ServerCertificate directive specifies the
+location of the SSL certificate file used by the server when
+negotiating encrypted connections. The certificate must not be
+encrypted (password protected) since the scheduler normally runs
+in the background and will be unable to ask for a password.
+
+
The default certificate file is
+/etc/cups/ssl/server.crt.
The ServerRoot directive specifies the absolute
+path to the server configuration and state files. It is also used
+to resolve relative paths in the cupsd.conf file. The
+default server directory is /etc/cups.
The SystemGroup directive specifies the system
+administration group for System authentication.
+Multiple groups can be listed, separated with spaces. The default
+group list is @CUPS_SYSTEM_GROUPS@.
The TempDir directive specifies an absolute path
+for the directory to use for temporary files. The default
+directory is @CUPS_REQUESTS@/tmp.
+
+
Temporary directories must be world-writable and should have
+the "sticky" permission bit enabled so that other users cannot
+delete filter temporary files. The following commands will create
+an appropriate temporary directory called
+/foo/bar/tmp:
The User directive specifies the UNIX user that
+filter and CGI programs run as. The default user is
+@CUPS_USER@.
+
+
Note:
+
+
You may not use user root, as that would expose
+the system to unacceptable security risks. The scheduler will
+automatically choose user nobody if you specify a
+user whose ID is 0.
-<Location /path>
- ...
- AuthClass Anonymous
- AuthClass User
- AuthClass System
- AuthClass Group
-</Location>
-
-
-
Description
-
-
The AuthClass directive defines what level of
-authentication is required:
-
-
-
-
Anonymous - No authentication should be
- performed (default)
-
-
User - A valid username and password is
- required
-
-
System - A valid username and password
- is required, and the username must belong to the "sys"
- group; this can be changed using the SystemGroup
- directive
-
-
Group - A valid username and password is
- required, and the username must belong to the group named
- by the AuthGroupName
- directive
-
-
-
-
The AuthClass directive must appear inside a Location or Limit section.
-
-
This directive is deprecated and will be removed from a
-future release of CUPS. Consider using the more flexible Require directive instead.
The Printcap directive controls whether or not a
-printcap file is automatically generated and updated with a list
-of available printers. If specified with no value, then no
-printcap file will be generated. The default is to generate a
-file named @CUPS_DEFAUL_PRINTCAP@.
-
-
When a filename is specified (e.g. @CUPS_DEFAULT_PRINTCAP@),
-the printcap file is written whenever a printer is added or
-removed. The printcap file can then be used by applications that
-are hardcoded to look at the printcap file for the available
-printers.
-PrintcapFormat BSD
-PrintcapFormat Solaris
-PrintcapFormat plist
-
-
-
Description
-
-
The PrintcapFormat directive controls the output format of the
-printcap file. The default is to generate the plist format on OS X, the
-Solaris format on Solaris, and the BSD format on other operating systems.
The RemoteRoot directive sets the username for
-unauthenticated root requests from remote hosts. The default
-username is remroot. Setting RemoteRoot
-to root effectively disables this security
-mechanism.
The RequestRoot directive sets the directory for
-incoming IPP requests and HTML forms. If an absolute path is not
-provided then it is assumed to be relative to the ServerRoot directory. The
-default request directory is @CUPS_REQUESTS@.
The ServerBin directive sets the directory for
-server-run executables. If an absolute path is not provided then
-it is assumed to be relative to the ServerRoot directory. The
-default executable directory is /usr/lib/cups,
-/usr/lib32/cups, or /usr/libexec/cups
-depending on the operating system.
The ServerCertificate directive specifies the
-location of the SSL certificate file used by the server when
-negotiating encrypted connections. The certificate must not be
-encrypted (password protected) since the scheduler normally runs
-in the background and will be unable to ask for a password.
-
-
The default certificate file is
-/etc/cups/ssl/server.crt.
The ServerRoot directive specifies the absolute
-path to the server configuration and state files. It is also used
-to resolve relative paths in the cupsd.conf file. The
-default server directory is /etc/cups.
The SystemGroup directive specifies the system
-administration group for System authentication.
-Multiple groups can be listed, separated with spaces. The default
-group list is @CUPS_SYSTEM_GROUPS@.
The TempDir directive specifies an absolute path
-for the directory to use for temporary files. The default
-directory is @CUPS_REQUESTS@/tmp.
-
-
Temporary directories must be world-writable and should have
-the "sticky" permission bit enabled so that other users cannot
-delete filter temporary files. The following commands will create
-an appropriate temporary directory called
-/foo/bar/tmp:
The UseNetworkDefault directive controls whether
-the client will use a network/remote printer as a default
-printer. If enabled, the default printer of a server is used as
-the default printer on a client. When multiple servers are
-advertising a default printer, the client's default printer is
-set to the first discovered printer, or to the implicit class for
-the same printer available from multiple servers.
The User directive specifies the UNIX user that
-filter and CGI programs run as. The default user is
-@CUPS_USER@.
-
-
Note:
-
-
You may not use user root, as that would expose
-the system to unacceptable security risks. The scheduler will
-automatically choose user nobody if you specify a
-user whose ID is 0.