/*
* "$Id$"
*
- * User, system, and password routines for CUPS.
+ * User, system, and password routines for CUPS.
*
- * Copyright 2007-2013 by Apple Inc.
- * Copyright 1997-2006 by Easy Software Products.
+ * Copyright 2007-2014 by Apple Inc.
+ * Copyright 1997-2006 by Easy Software Products.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
+ * These coded instructions, statements, and computer programs are the
+ * property of Apple Inc. and are protected by Federal copyright
+ * law. Distribution and use rights are outlined in the file "LICENSE.txt"
+ * which should have been included with this file. If this file is
+ * file is missing or damaged, see the license at "http://www.cups.org/".
*
- * This file is subject to the Apple OS-Developed Software exception.
- *
- * Contents:
- *
- * cupsEncryption() - Get the current encryption settings.
- * cupsGetPassword() - Get a password from the user.
- * cupsGetPassword2() - Get a password from the user using the advanced
- * password callback.
- * cupsServer() - Return the hostname/address of the current
- * server.
- * cupsSetClientCertCB() - Set the client certificate callback.
- * cupsSetCredentials() - Set the default credentials to be used for
- * SSL/TLS connections.
- * cupsSetEncryption() - Set the encryption preference.
- * cupsSetPasswordCB() - Set the password callback for CUPS.
- * cupsSetPasswordCB2() - Set the advanced password callback for CUPS.
- * cupsSetServer() - Set the default server name and port.
- * cupsSetServerCertCB() - Set the server certificate callback.
- * cupsSetUser() - Set the default user name.
- * cupsSetUserAgent() - Set the default HTTP User-Agent string.
- * cupsUser() - Return the current user's name.
- * cupsUserAgent() - Return the default HTTP User-Agent string.
- * _cupsGetPassword() - Get a password from the user.
- * _cupsGSSServiceName() - Get the GSS (Kerberos) service name.
- * _cupsSetDefaults() - Set the default server, port, and encryption.
- * cups_read_client_conf() - Read a client.conf file.
+ * This file is subject to the Apple OS-Developed Software exception.
*/
/*
}
noecho = original;
- noecho.c_lflag &= ~(ICANON | ECHO | ECHOE | ISIG);
+ noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
if (tcsetattr(tty, TCSAFLUSH, &noecho))
{
cups_expiredcerts = getenv("CUPS_EXPIREDCERTS");
if ((cups_user = getenv("CUPS_USER")) == NULL)
- cups_user = getenv("USER");
+ {
+ /*
+ * Try the USER environment variable...
+ */
+
+ if ((cups_user = getenv("USER")) != NULL)
+ {
+ /*
+ * Validate USER matches the current UID, otherwise don't allow it to
+ * override things... This makes sure that printing after doing su or
+ * sudo records the correct username.
+ */
+
+ struct passwd *pw; /* Account information */
+
+ if ((pw = getpwnam(cups_user)) == NULL || pw->pw_uid != getuid())
+ cups_user = NULL;
+ }
+ }
/*
* Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] ||
!cg->user[0] || !cg->ipp_port)
{
+# ifdef HAVE_GETEUID
+ if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
+# elif !defined(WIN32)
+ if (getuid() && (home = getenv("HOME")) != NULL)
+# else
if ((home = getenv("HOME")) != NULL)
+# endif /* HAVE_GETEUID */
{
/*
* Look for ~/.cups/client.conf...