/*
- * "$Id: conf.c 5663 2006-06-15 20:36:42Z mike $"
+ * "$Id: conf.c 6253 2007-02-10 18:48:40Z mike $"
*
* Configuration routines for the Common UNIX Printing System (CUPS).
*
{ "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
{ "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
{ "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
- { "HideImplicitMembers", &HideImplicitMembers, CUPSD_VARTYPE_BOOLEAN },
+#ifdef HAVE_GSSAPI
+ { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
+#endif /* HAVE_GSSAPI */
{ "ImplicitClasses", &ImplicitClasses, CUPSD_VARTYPE_BOOLEAN },
{ "ImplicitAnyClasses", &ImplicitAnyClasses, CUPSD_VARTYPE_BOOLEAN },
{ "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
{ "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_INTEGER },
{ "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_INTEGER },
{ "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
+#ifdef HAVE_LAUNCHD
+ { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_INTEGER },
+ { "LaunchdConf", &LaunchdConf, CUPSD_VARTYPE_STRING },
+#endif /* HAVE_LAUNCHD */
{ "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
{ "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
{ "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
{ "ServerKey", &ServerKey, CUPSD_VARTYPE_STRING },
# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
#endif /* HAVE_SSL */
-#ifdef HAVE_LAUNCHD
- { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_INTEGER },
- { "LaunchdConf", &LaunchdConf, CUPSD_VARTYPE_STRING },
-#endif /* HAVE_LAUNCHD */
{ "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
{ "ServerRoot", &ServerRoot, CUPSD_VARTYPE_STRING },
{ "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
+#ifdef HAVE_AUTHORIZATION_H
+ { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
+#endif /* HAVE_AUTHORIZATION_H */
{ "TempDir", &TempDir, CUPSD_VARTYPE_STRING },
{ "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER },
{ "UseNetworkDefault", &UseNetworkDefault, CUPSD_VARTYPE_BOOLEAN }
cupsdSetString(&RemoteRoot, "remroot");
cupsdSetString(&ServerHeader, "CUPS/1.2");
cupsdSetString(&StateDir, CUPS_STATEDIR);
+#ifdef HAVE_GSSAPI
+ cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
+#endif /* HAVE_GSSAPI */
if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
PrintcapFormat = PRINTCAP_SOLARIS;
MaxActiveJobs = 0;
MaxJobsPerUser = 0;
MaxJobsPerPrinter = 0;
- MaxCopies = 100;
+ MaxCopies = CUPS_DEFAULT_MAX_COPIES;
cupsdDeleteAllPolicies();
cupsdClearString(&DefaultPolicy);
+#ifdef HAVE_AUTHORIZATION_H
+ cupsdClearString(&SystemGroupAuthKey);
+#endif /* HAVE_AUTHORIZATION_H */
+
MaxSubscriptions = 100;
MaxSubscriptionsPerJob = 0;
MaxSubscriptionsPerPrinter = 0;
RunUser = getuid();
+ /*
+ * See if the ServerName is an IP address...
+ */
+
+ for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
+
+ ServerNameIsIP = !*slash;
+
/*
* Use the default system group if none was supplied in cupsd.conf...
*/
* writable by the user and group in the cupsd.conf file...
*/
- check_permissions(CacheDir, NULL, 0775, RunUser, Group, 1, 1);
-/* check_permissions(CacheDir, "ppd", 0755, RunUser, Group, 1, 1);*/
-
- check_permissions(StateDir, NULL, 0755, RunUser, Group, 1, 1);
- check_permissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
- SystemGroupIDs[0], 1, 1);
-
- check_permissions(ServerRoot, NULL, 0755, RunUser, Group, 1, 0);
- check_permissions(ServerRoot, "ppd", 0755, RunUser, Group, 1, 1);
- check_permissions(ServerRoot, "ssl", 0700, RunUser, Group, 1, 0);
- check_permissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser, Group,
- 0, 0);
- check_permissions(ServerRoot, "classes.conf", 0600, RunUser, Group, 0, 0);
- check_permissions(ServerRoot, "printers.conf", 0600, RunUser, Group, 0, 0);
- check_permissions(ServerRoot, "passwd.md5", 0600, User, Group, 0, 0);
+ if (check_permissions(CacheDir, NULL, 0775, RunUser, Group, 1, 1) < 0 ||
+ check_permissions(StateDir, NULL, 0755, RunUser, Group, 1, 1) < 0 ||
+ check_permissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
+ SystemGroupIDs[0], 1, 1) < 0 ||
+ check_permissions(ServerRoot, NULL, 0755, RunUser, Group, 1, 0) < 0 ||
+ check_permissions(ServerRoot, "ppd", 0755, RunUser, Group, 1, 1) < 0 ||
+ check_permissions(ServerRoot, "ssl", 0700, RunUser, Group, 1, 0) < 0 ||
+ check_permissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
+ Group, 0, 0) < 0 ||
+ check_permissions(ServerRoot, "classes.conf", 0600, RunUser, Group,
+ 0, 0) < 0 ||
+ check_permissions(ServerRoot, "printers.conf", 0600, RunUser, Group,
+ 0, 0) < 0 ||
+ check_permissions(ServerRoot, "passwd.md5", 0600, User, Group, 0, 0) < 0)
+ return (0);
/*
* Update TempDir to the default if it hasn't been set already...
"TMPDIR (%s) has the wrong permissions!", tmpdir);
else
cupsdSetString(&TempDir, tmpdir);
-
- if (!TempDir)
- cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
- RequestRoot);
}
if (!TempDir)
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
+ RequestRoot);
cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
+ }
}
/*
* permissions...
*/
- check_permissions(RequestRoot, NULL, 0710, RunUser, Group, 1, 1);
+ if (check_permissions(RequestRoot, NULL, 0710, RunUser, Group, 1, 1) < 0)
+ return (0);
if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
access(TempDir, 0))
* is under the spool directory or does not exist...
*/
- check_permissions(TempDir, NULL, 01770, RunUser, Group, 1, 1);
+ if (check_permissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0)
+ return (0);
}
if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)))
if (MaxActiveJobs > (MaxFDs / 3))
MaxActiveJobs = MaxFDs / 3;
- if (Classification && strcasecmp(Classification, "none") == 0)
+ if (Classification && !strcasecmp(Classification, "none"))
cupsdClearString(&Classification);
if (Classification)
"Allowing up to %d client connections per host.",
MaxClientsPerHost);
+ /*
+ * Make sure that BrowseTimeout is at least twice the interval...
+ */
+
+ if (BrowseTimeout < (2 * BrowseInterval) || BrowseTimeout <= 0)
+ {
+ cupsdLogMessage(CUPSD_LOG_ALERT, "Invalid BrowseTimeout value %d!",
+ BrowseTimeout);
+
+ if (BrowseInterval)
+ BrowseTimeout = BrowseInterval * 2;
+ else
+ BrowseTimeout = DEFAULT_TIMEOUT;
+
+ cupsdLogMessage(CUPSD_LOG_ALERT, "Reset BrowseTimeout to %d!",
+ BrowseTimeout);
+ }
+
/*
* Update the default policy, as needed...
*/
* 'check_permissions()' - Fix the mode and ownership of a file or directory.
*/
-static int /* O - 0 on success, -1 on error */
+static int /* O - 0 on success, -1 on error, 1 on warning */
check_permissions(const char *filename, /* I - File/directory name */
const char *suffix, /* I - Additional file/directory name */
int mode, /* I - Permissions */
dir_created = 1;
}
else
- return (-1);
+ return (create_dir ? -1 : 1);
}
/*
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to change ownership of \"%s\" - %s", filename,
strerror(errno));
- return (-1);
+ return (1);
}
}
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to change permissions of \"%s\" - %s", filename,
strerror(errno));
- return (-1);
+ return (1);
}
}
* Get the address...
*/
- ip[0] = ip[1] = ip[2] = ip[2] = 0x00000000;
+ ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
if ((maskval = strchr(value, '/')) != NULL)
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"get_addr_and_mask(value=\"%s\", "
- "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x]",
+ "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
mask[3]);
if (loc->level == AUTH_ANON)
loc->level = AUTH_USER;
}
+#ifdef HAVE_GSSAPI
+ else if (!strcasecmp(value, "kerberos") ||
+ !strcasecmp(value, "gssapi"))
+ {
+ loc->type = AUTH_KERBEROS;
+
+ if (loc->level == AUTH_ANON)
+ loc->level = AUTH_USER;
+ }
+#endif /* HAVE_GSSAPI */
else
{
cupsdLogMessage(CUPSD_LOG_WARN,
while (isspace(*value & 255))
value ++;
+#ifdef HAVE_AUTHORIZATION_H
+ if (!strncmp(value, "@AUTHKEY(", 9))
+ {
+ /*
+ * Grab "@AUTHKEY(name)" value...
+ */
+
+ for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
+
+ if (*valptr)
+ *valptr++ = '\0';
+ }
+ else
+#endif /* HAVE_AUTHORIZATION_H */
if (*value == '\"' || *value == '\'')
{
/*
*valend; /* End of value */
+ /*
+ * Empty protocol line yields NULL pointer...
+ */
+
+ if (!s)
+ return (0);
+
/*
* Loop through the value string,...
*/
protocols |= BROWSE_DNSSD;
else if (!strcasecmp(valstart, "all"))
protocols |= BROWSE_ALL;
- else
+ else if (strcasecmp(valstart, "none"))
return (-1);
for (valstart = valend; *valstart; valstart ++)
strlcpy(temp2, relay->from.mask.name.name, sizeof(temp2));
cupsdLogMessage(CUPSD_LOG_INFO, "Relaying from %s to %s:%d (IPv4)",
- temp, temp2, ntohs(relay->to.ipv4.sin_port));
+ temp2, temp, ntohs(relay->to.ipv4.sin_port));
NumRelays ++;
}
DefaultAuthType = AUTH_DIGEST;
else if (!strcasecmp(value, "basicdigest"))
DefaultAuthType = AUTH_BASICDIGEST;
+#ifdef HAVE_GSSAPI
+ else if (!strcasecmp(value, "kerberos"))
+ DefaultAuthType = AUTH_KERBEROS;
+#endif /* HAVE_GSSAPI */
else
{
cupsdLogMessage(CUPSD_LOG_WARN,
}
}
#endif /* HAVE_SSL */
+#ifdef HAVE_GSSAPI
+ else if (!strcasecmp(line, "Krb5Keytab"))
+ {
+ cupsdSetStringf(&Krb5Keytab, "KRB5_KTNAME=%s", value);
+ putenv(Krb5Keytab);
+
+# ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+ gsskrb5_register_acceptor_identity(value);
+# else
+ cupsdSetEnv("KRB5_KTNAME", value);
+# endif /* HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY */
+ }
+#endif /* HAVE_GSSAPI */
else if (!strcasecmp(line, "User"))
{
/*
n *= 262144;
}
- *((int *)var->ptr) = n;
+ if (n < 0)
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Bad negative integer value for %s on line %d!",
+ line, linenum);
+ else
+ *((int *)var->ptr) = n;
}
break;
/*
- * End of "$Id: conf.c 5663 2006-06-15 20:36:42Z mike $".
+ * End of "$Id: conf.c 6253 2007-02-10 18:48:40Z mike $".
*/