/*
- * "$Id$"
- *
* Configuration routines for the CUPS scheduler.
*
- * Copyright 2007-2015 by Apple Inc.
+ * Copyright 2007-2016 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* These coded instructions, statements, and computer programs are the
* property of Apple Inc. and are protected by Federal copyright
* law. Distribution and use rights are outlined in the file "LICENSE.txt"
* which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
+ * missing or damaged, see the license at "http://www.cups.org/".
*/
/*
#include <stdarg.h>
#include <grp.h>
#include <sys/utsname.h>
+#ifdef HAVE_ASL_H
+# include <asl.h>
+#elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
+# define SD_JOURNAL_SUPPRESS_LOCATION
+# include <systemd/sd-journal.h>
+#endif /* HAVE_ASL_H */
#include <syslog.h>
#ifdef HAVE_LIBPAPER
#ifdef HAVE_GSSAPI
{ "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
#endif /* HAVE_GSSAPI */
-#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
+#ifdef HAVE_ONDEMAND
{ "IdleExitTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
-#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
+#endif /* HAVE_ONDEMAND */
{ "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
{ "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
{ "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
{ "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
{ "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
{ "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
+#ifdef HAVE_SSL
+ { "CreateSelfSignedCerts", &CreateSelfSignedCerts, CUPSD_VARTYPE_BOOLEAN },
+#endif /* HAVE_SSL */
{ "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
{ "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
{ "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
"Unable to create directory \"%s\" - %s", filename,
strerror(errno));
else
- syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
- strerror(errno));
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "Unable to create directory \"%s\" - %s", filename, strerror(errno));
+#else
+ syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename, strerror(errno));
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
return (-1);
}
if (create_dir >= 0)
cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
else
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "\"%s\" is not a directory.", filename);
+#else
syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
return (-1);
}
"Unable to change ownership of \"%s\" - %s", filename,
strerror(errno));
else
- syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
- strerror(errno));
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename, strerror(errno));
+#else
+ syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename, strerror(errno));
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
return (1);
}
"Unable to change permissions of \"%s\" - %s", filename,
strerror(errno));
else
- syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
- strerror(errno));
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename, strerror(errno));
+#else
+ syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename, strerror(errno));
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
return (1);
}
FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
default_auth_type = CUPSD_AUTH_BASIC;
#ifdef HAVE_SSL
+ CreateSelfSignedCerts = TRUE;
DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
#endif /* HAVE_SSL */
DirtyCleanInterval = DEFAULT_KEEPALIVE;
DefaultLeaseDuration = 86400;
MaxLeaseDuration = 0;
-#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
+#ifdef HAVE_ONDEMAND
IdleExitTimeout = 60;
-#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
+#endif /* HAVE_ONDEMAND */
/*
* Setup environment variables...
if (TestConfigFile)
printf("\"%s\" contains errors.\n", CupsFilesFile);
else
- syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
- CupsFilesFile);
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "Unable to read \"%s\" due to errors.", CupsFilesFile);
+#else
+ syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", CupsFilesFile);
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
return (0);
}
cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
else
{
- syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile,
- strerror(errno));
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
+#else
+ syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
+
return (0);
}
if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
{
- syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile,
- strerror(errno));
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", ConfigurationFile, strerror(errno));
+#else
+ syslog(LOG_LPR, "Unable to open \"%s\" - %s", ConfigurationFile, strerror(errno));
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
+
return (0);
}
if (TestConfigFile)
printf("\"%s\" contains errors.\n", ConfigurationFile);
else
- syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
- ConfigurationFile);
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ sd_journal_print(LOG_ERR, "Unable to read \"%s\" due to errors.", ConfigurationFile);
+#else
+ syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", ConfigurationFile);
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
return (0);
}
* Open the system log for cupsd if necessary...
*/
-#ifdef HAVE_VSYSLOG
+ if (!LogStderr)
+ {
+ if (!strcmp(AccessLog, "stderr"))
+ cupsdSetString(&AccessLog, "syslog");
+
+ if (!strcmp(ErrorLog, "stderr"))
+ cupsdSetString(&ErrorLog, "syslog");
+
+ if (!strcmp(PageLog, "stderr"))
+ cupsdSetString(&PageLog, "syslog");
+ }
+
+#if defined(HAVE_VSYSLOG) && !defined(HAVE_ASL_H) && !defined(HAVE_SYSTEMD_SD_JOURNAL_H)
if (!strcmp(AccessLog, "syslog") ||
!strcmp(ErrorLog, "syslog") ||
!strcmp(PageLog, "syslog"))
openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
-#endif /* HAVE_VSYSLOG */
-
- /*
- * Make sure each of the log files exists and gets rotated as necessary...
- */
-
- if (strcmp(AccessLog, "syslog"))
- cupsdCheckLogFile(&AccessFile, AccessLog);
-
- if (strcmp(ErrorLog, "syslog"))
- cupsdCheckLogFile(&ErrorFile, ErrorLog);
-
- if (strcmp(PageLog, "syslog"))
- cupsdCheckLogFile(&PageFile, PageLog);
+#endif /* HAVE_VSYSLOG && !HAVE_ASL_H && !HAVE_SYSTEMD_SD_JOURNAL_H */
/*
* Log the configuration file that was used...
cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
#ifdef HAVE_SSL
- if (ServerKeychain[0] != '/')
+ if (!_cups_strcasecmp(ServerKeychain, "internal"))
+ cupsdClearString(&ServerKeychain);
+ else if (ServerKeychain[0] != '/')
cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
- cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
- cupsSetServerCredentials(ServerKeychain, ServerName, 1);
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain ? ServerKeychain : "internal", ServerName);
+ if (!CreateSelfSignedCerts)
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Self-signed TLS certificate generation is disabled.");
+ cupsSetServerCredentials(ServerKeychain, ServerName, CreateSelfSignedCerts);
#endif /* HAVE_SSL */
/*
cupsdUpdateEnv();
+ /*
+ * Validate the default error policy...
+ */
+
+ if (strcmp(ErrorPolicy, "retry-current-job") &&
+ strcmp(ErrorPolicy, "abort-job") &&
+ strcmp(ErrorPolicy, "retry-job") &&
+ strcmp(ErrorPolicy, "stop-printer"))
+ {
+ cupsdLogMessage(CUPSD_LOG_ALERT, "Invalid ErrorPolicy \"%s\", resetting to \"stop-printer\".", ErrorPolicy);
+ cupsdSetString(&ErrorPolicy, "stop-printer");
+ }
+
/*
* Update default paper size setting as needed...
*/
else
snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
- if (access(temp, 0))
+ if (access(temp, 0) && _cups_strcasecmp(value, "internal") && _cups_strcasecmp(line, "ServerKeychain"))
{
cupsdLogMessage(CUPSD_LOG_ERROR,
"File or directory for \"%s %s\" on line %d of %s "
if (lis)
{
-#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
+#ifdef HAVE_ONDEMAND
if (!lis->on_demand)
-#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
+#endif /* HAVE_ONDEMAND */
{
httpAddrString(&lis->address, temp, sizeof(temp));
cupsdLogMessage(CUPSD_LOG_WARN,
* Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
* Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
* upgrades do not introduce new security issues...
+ *
+ * CUPS STR #4659: Allow a lone <Limit All> policy.
*/
- if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
- op->op == IPP_ANY_OPERATION)
+ if (cupsArrayCount(pol->ops) > 1)
{
- if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Validate-Job using the Print-Job limit as a
- * template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Validate-Job using the Print-Job limit as a
+ * template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Validate-Job defined in policy %s "
- "- using Print-Job's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s - using Print-Job's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
+ cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Validate-Job defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
- * template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
+ * template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-Jobs defined in policy %s "
- "- using Pause-Printer's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s - using Pause-Printer's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
+ cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-Jobs defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
- * a template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
+ * a template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-My-Jobs defined in policy %s "
- "- using Send-Document's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s - using Send-Document's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
+ cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Cancel-My-Jobs defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for Close-Job using the Send-Document limit as a
- * template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for Close-Job using the Send-Document limit as a
+ * template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Close-Job defined in policy %s "
- "- using Send-Document's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s - using Send-Document's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
+ cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for Close-Job defined in policy %s "
- "and no suitable template found.", pol->name);
- }
- if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
- op->op == IPP_ANY_OPERATION)
- {
- if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
- op->op != IPP_ANY_OPERATION)
+ if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
+ op->op == IPP_ANY_OPERATION)
{
- /*
- * Add a new limit for CUPS-Get-Document using the Send-Document
- * limit as a template...
- */
+ if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
+ op->op != IPP_ANY_OPERATION)
+ {
+ /*
+ * Add a new limit for CUPS-Get-Document using the Send-Document
+ * limit as a template...
+ */
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for CUPS-Get-Document defined in policy %s "
- "- using Send-Document's policy.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s - using Send-Document's policy.", pol->name);
- cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
+ cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s and no suitable template found.", pol->name);
}
- else
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No limit for CUPS-Get-Document defined in policy %s "
- "and no suitable template found.", pol->name);
}
/*
if (!pol->job_access)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No JobPrivateAccess defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateAccess defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->job_access), "@OWNER");
cupsdAddString(&(pol->job_access), "@SYSTEM");
}
if (!pol->job_attrs)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No JobPrivateValues defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateValues defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->job_attrs), "job-name");
cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
if (!pol->sub_access)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No SubscriptionPrivateAccess defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateAccess defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->sub_access), "@OWNER");
cupsdAddString(&(pol->sub_access), "@SYSTEM");
}
if (!pol->sub_attrs)
{
- cupsdLogMessage(CUPSD_LOG_WARN,
- "No SubscriptionPrivateValues defined in policy %s "
- "- using defaults.", pol->name);
+ cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateValues defined in policy %s - using defaults.", pol->name);
cupsdAddString(&(pol->sub_attrs), "notify-events");
cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
cupsdAddString(&(pol->sub_attrs), "notify-user-data");
}
}
-
-
-/*
- * End of "$Id$".
- */