* get_addr_and_mask() - Get an IP address and netmask.
* parse_aaa() - Parse authentication, authorization, and
* access control lines.
+ * parse_fatal_errors() - Parse FatalErrors values in a string.
* parse_groups() - Parse system group names in a string.
* parse_protocols() - Parse browse protocols in a string.
* read_configuration() - Read a configuration file.
unsigned *mask);
static int parse_aaa(cupsd_location_t *loc, char *line,
char *value, int linenum);
+static int parse_fatal_errors(const char *s);
static int parse_groups(const char *s);
static int parse_protocols(const char *s);
static int read_configuration(cups_file_t *fp);
int dir_created = 0; /* Did we create a directory? */
char pathname[1024]; /* File name with prefix */
struct stat fileinfo; /* Stat buffer */
+ int is_symlink; /* Is "filename" a symlink? */
/*
* See if we can stat the file/directory...
*/
- if (stat(filename, &fileinfo))
+ if (lstat(filename, &fileinfo))
{
if (errno == ENOENT && create_dir)
{
return (create_dir ? -1 : 1);
}
+ if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
+ {
+ if (stat(filename, &fileinfo))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
+ filename, strerror(errno));
+ return (-1);
+ }
+ }
+
/*
- * Make sure it's a regular file...
+ * Make sure it's a regular file or a directory as needed...
*/
if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
return (-1);
}
+ /*
+ * If the filename is a symlink, do not change permissions (STR #2937)...
+ */
+
+ if (is_symlink)
+ return (0);
+
/*
* Fix owner, group, and mode as needed...
*/
AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
+ FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
DefaultAuthType = CUPSD_AUTH_BASIC;
#ifdef HAVE_SSL
DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
#endif /* HAVE_SSL */
- DirtyCleanInterval = 60;
+ DirtyCleanInterval = DEFAULT_KEEPALIVE;
JobRetryLimit = 5;
JobRetryInterval = 300;
FileDevice = FALSE;
MaxLogSize = 1024 * 1024;
MaxPrinterHistory = 10;
MaxRequestSize = 0;
- ReloadTimeout = 60;
+ ReloadTimeout = DEFAULT_KEEPALIVE;
RootCertDuration = 300;
Timeout = DEFAULT_TIMEOUT;
NumSystemGroups = 0;
*/
cupsdLogMessage(CUPSD_LOG_EMERG,
- "No valid Listen or Port lines were found in the configuration file!");
+ "No valid Listen or Port lines were found in the "
+ "configuration file!");
/*
* Commit suicide...
if (ServerCertificate[0] != '/')
cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
- if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)))
- {
- chown(ServerCertificate, RunUser, Group);
- chmod(ServerCertificate, 0600);
- }
+ if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
+ cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
+ 0, 0) < 0 &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
+ return (0);
# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
if (ServerKey[0] != '/')
cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
- if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)))
- {
- chown(ServerKey, RunUser, Group);
- chmod(ServerKey, 0600);
- }
+ if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
+ cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
+ return (0);
# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
#endif /* HAVE_SSL */
snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
- if (cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(temp, NULL, 0775, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
- SystemGroupIDs[0], 1, 1) < 0 ||
- cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
- Group, 1, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
- Group, 1, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
- Group, 0, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
- Group, 0, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
- Group, 0, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
- Group, 0, 0) < 0)
+ if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(temp, NULL, 0775, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
+ SystemGroupIDs[0], 1, 1) < 0 ||
+ cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
+ Group, 1, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
+ Group, 1, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
+ Group, 0, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
+ Group, 0, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
+ Group, 0, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
+ Group, 0, 0) < 0) &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
return (0);
/*
* is under the spool directory or does not exist...
*/
- if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0)
+ if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
return (0);
}
if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
{
if (MaxClients > 0)
- cupsdLogMessage(CUPSD_LOG_INFO, "MaxClients limited to 1/3 (%d) of the file descriptor limit (%d)...",
- MaxFDs / 3, MaxFDs);
+ cupsdLogMessage(CUPSD_LOG_INFO,
+ "MaxClients limited to 1/3 (%d) of the file descriptor "
+ "limit (%d)...",
+ MaxFDs / 3, MaxFDs);
MaxClients = MaxFDs / 3;
}
cupsdLogMessage(CUPSD_LOG_EMERG,
"Unable to load MIME database from \"%s\" or \"%s\"!",
mimedir, ServerRoot);
- exit(errno);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
cupsdLogMessage(CUPSD_LOG_INFO,
}
+/*
+ * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
+ */
+
+static int /* O - FatalErrors bits */
+parse_fatal_errors(const char *s) /* I - FatalErrors string */
+{
+ int fatal; /* FatalErrors bits */
+ char value[1024], /* Value string */
+ *valstart, /* Pointer into value */
+ *valend; /* End of value */
+
+
+ /*
+ * Empty FatalErrors line yields NULL pointer...
+ */
+
+ if (!s)
+ return (CUPSD_FATAL_NONE);
+
+ /*
+ * Loop through the value string,...
+ */
+
+ strlcpy(value, s, sizeof(value));
+
+ fatal = CUPSD_FATAL_NONE;
+
+ for (valstart = value; *valstart;)
+ {
+ /*
+ * Get the current space/comma-delimited kind name...
+ */
+
+ for (valend = valstart; *valend; valend ++)
+ if (isspace(*valend & 255) || *valend == ',')
+ break;
+
+ if (*valend)
+ *valend++ = '\0';
+
+ /*
+ * Add the error to the bitmask...
+ */
+
+ if (!strcasecmp(valstart, "all"))
+ fatal = CUPSD_FATAL_ALL;
+ else if (!strcasecmp(valstart, "browse"))
+ fatal |= CUPSD_FATAL_BROWSE;
+ else if (!strcasecmp(valstart, "-browse"))
+ fatal &= ~CUPSD_FATAL_BROWSE;
+ else if (!strcasecmp(valstart, "config"))
+ fatal |= CUPSD_FATAL_CONFIG;
+ else if (!strcasecmp(valstart, "-config"))
+ fatal &= ~CUPSD_FATAL_CONFIG;
+ else if (!strcasecmp(valstart, "listen"))
+ fatal |= CUPSD_FATAL_LISTEN;
+ else if (!strcasecmp(valstart, "-listen"))
+ fatal &= ~CUPSD_FATAL_LISTEN;
+ else if (!strcasecmp(valstart, "log"))
+ fatal |= CUPSD_FATAL_LOG;
+ else if (!strcasecmp(valstart, "-log"))
+ fatal &= ~CUPSD_FATAL_LOG;
+ else if (!strcasecmp(valstart, "permissions"))
+ fatal |= CUPSD_FATAL_PERMISSIONS;
+ else if (!strcasecmp(valstart, "-permissions"))
+ fatal &= ~CUPSD_FATAL_PERMISSIONS;
+ else if (strcasecmp(valstart, "none"))
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Unknown FatalErrors kind \"%s\" ignored!", valstart);
+
+ for (valstart = valend; *valstart; valstart ++)
+ if (!isspace(*valstart & 255) || *valstart != ',')
+ break;
+ }
+
+ return (fatal);
+}
+
+
/*
* 'parse_groups()' - Parse system group names in a string.
*/
if (linenum == 0)
return (0);
}
+ else if (!strcasecmp(line, "FatalErrors"))
+ FatalErrors = parse_fatal_errors(value);
else if (!strcasecmp(line, "FaxRetryInterval") && value)
{
JobRetryInterval = atoi(value);
for (addr = addrlist; addr; addr = addr->next)
{
+ /*
+ * See if this address is already present...
+ */
+
+ for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
+ lis;
+ lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
+ if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
+ _httpAddrPort(&(addr->addr)) == _httpAddrPort(&(lis->address)))
+ break;
+
+ if (lis)
+ {
+ httpAddrString(&lis->address, temp, sizeof(temp));
+ cupsdLogMessage(CUPSD_LOG_WARN,
+ "Duplicate listen address \"%s\" ignored!", temp);
+ continue;
+ }
+
/*
* Allocate another listener...
*/
cupsdLogMessage(CUPSD_LOG_WARN,
"Unknown default authorization type %s on line %d.",
value, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
#ifdef HAVE_SSL
cupsdLogMessage(CUPSD_LOG_WARN,
"Unknown default encryption %s on line %d.",
value, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
#endif /* HAVE_SSL */
if (!value)
{
cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
if ((loc = cupsdCopyLocation(&parent)) == NULL)
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unknown Location directive %s on line %d.",
line, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
"Unexpected end-of-file at line %d while reading location!",
linenum);
- return (0);
+ return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
if (!value)
{
cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
/*
cupsdLogMessage(CUPSD_LOG_ERROR,
"Missing <Limit ops> directive before %s on line %d.",
line, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
else if (!parse_aaa(op, line, value, linenum))
{
"Unknown Policy directive %s on line %d.",
line, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
"Unexpected end-of-file at line %d while reading policy \"%s\"!",
linenum, policy);
- return (0);
+ return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}