/*
- * "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $"
+ * "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $"
*
* Authentication certificate routines for the Common UNIX
* Printing System (CUPS).
*
- * Copyright 1997-2005 by Easy Software Products.
+ * Copyright 1997-2006 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
* property of Easy Software Products and are protected by Federal
#include "cupsd.h"
#ifdef HAVE_ACL_INIT
# include <sys/acl.h>
-# include <membership.h>
+# ifdef HAVE_MEMBERSHIP_H
+# include <membership.h>
+# endif /* HAVE_MEMBERSHIP_H */
#endif /* HAVE_ACL_INIT */
acl_t acl; /* ACL information */
acl_entry_t entry; /* ACL entry */
acl_permset_t permset; /* Permissions */
+# ifdef HAVE_MBR_UID_TO_UUID
uuid_t group; /* Group ID */
+# endif /* HAVE_MBR_UID_TO_UUID */
#endif /* HAVE_ACL_INIT */
fchmod(fd, 0440);
fchown(fd, RunUser, SystemGroupIDs[0]);
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddCert: NumSystemGroups=%d",
+ NumSystemGroups);
+
#ifdef HAVE_ACL_INIT
if (NumSystemGroups > 1)
{
* groups can access it...
*/
+# ifdef HAVE_MBR_UID_TO_UUID
+ /*
+ * On MacOS X, ACLs use UUIDs instead of GIDs...
+ */
+
acl = acl_init(NumSystemGroups - 1);
for (i = 1; i < NumSystemGroups; i ++)
acl_set_qualifier(entry, &group);
acl_set_permset(entry, permset);
}
+# else
+ /*
+ * POSIX ACLs need permissions for owner, group, other, and mask
+ * in addition to the rest of the system groups...
+ */
+
+ acl = acl_init(NumSystemGroups + 3);
+
+ /* Owner */
+ acl_create_entry(&acl, &entry);
+ acl_get_permset(entry, &permset);
+ acl_add_perm(permset, ACL_READ);
+ acl_set_tag_type(entry, ACL_USER_OBJ);
+ acl_set_permset(entry, permset);
+
+ /* Group */
+ acl_create_entry(&acl, &entry);
+ acl_get_permset(entry, &permset);
+ acl_add_perm(permset, ACL_READ);
+ acl_set_tag_type(entry, ACL_GROUP_OBJ);
+ acl_set_permset(entry, permset);
+
+ /* Others */
+ acl_create_entry(&acl, &entry);
+ acl_get_permset(entry, &permset);
+ acl_add_perm(permset, ACL_READ);
+ acl_set_tag_type(entry, ACL_OTHER);
+ acl_set_permset(entry, permset);
+
+ /* Mask */
+ acl_create_entry(&acl, &entry);
+ acl_get_permset(entry, &permset);
+ acl_add_perm(permset, ACL_READ);
+ acl_set_tag_type(entry, ACL_MASK);
+ acl_set_permset(entry, permset);
+
+ for (i = 1; i < NumSystemGroups; i ++)
+ {
+ /*
+ * Add each group ID to the ACL...
+ */
+
+ acl_create_entry(&acl, &entry);
+ acl_get_permset(entry, &permset);
+ acl_add_perm(permset, ACL_READ);
+ acl_set_tag_type(entry, ACL_GROUP);
+ acl_set_qualifier(entry, SystemGroupIDs + i);
+ acl_set_permset(entry, permset);
+ }
+
+ if (acl_valid(acl))
+ {
+ char *text, *textptr;
+
+ cupsdLogMessage(CUPSD_LOG_ERROR, "ACL did not validate: %s",
+ strerror(errno));
+ text = acl_to_text(acl, NULL);
+ for (textptr = strchr(text, '\n');
+ textptr;
+ textptr = strchr(textptr + 1, '\n'))
+ *textptr = ',';
+
+ cupsdLogMessage(CUPSD_LOG_ERROR, "ACL: %s", text);
+ free(text);
+ }
+# endif /* HAVE_MBR_UID_TO_UUID */
if (acl_set_fd(fd, acl))
cupsdLogMessage(CUPSD_LOG_ERROR,
/*
- * End of "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $".
+ * End of "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $".
*/