/*
* "$Id$"
*
- * Configuration routines for the CUPS scheduler.
+ * Configuration routines for the CUPS scheduler.
*
- * Copyright 2007-2013 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright 2007-2013 by Apple Inc.
+ * Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
- *
- * Contents:
- *
- * cupsdAddAlias() - Add a host alias.
- * cupsdCheckPermissions() - Fix the mode and ownership of a file or
- * directory.
- * cupsdDefaultAuthType() - Get the default AuthType.
- * cupsdFreeAliases() - Free all of the alias entries.
- * cupsdReadConfiguration() - Read the cupsd.conf file.
- * get_address() - Get an address + port number from a line.
- * get_addr_and_mask() - Get an IP address and netmask.
- * mime_error_cb() - Log a MIME error.
- * parse_aaa() - Parse authentication, authorization, and access
- * control lines.
- * parse_fatal_errors() - Parse FatalErrors values in a string.
- * parse_groups() - Parse system group names in a string.
- * parse_protocols() - Parse browse protocols in a string.
- * parse_variable() - Parse a variable line.
- * read_cupsd_conf() - Read the cupsd.conf configuration file.
- * read_cups_files_conf() - Read the cups-files.conf configuration file.
- * read_location() - Read a <Location path> definition.
- * read_policy() - Read a <Policy name> definition.
- * set_policy_defaults() - Set default policy values as needed.
+ * These coded instructions, statements, and computer programs are the
+ * property of Apple Inc. and are protected by Federal copyright
+ * law. Distribution and use rights are outlined in the file "LICENSE.txt"
+ * which should have been included with this file. If this file is
+ * file is missing or damaged, see the license at "http://www.cups.org/".
*/
/*
CUPSD_VARTYPE_TIME, /* Time interval option */
CUPSD_VARTYPE_STRING, /* String option */
CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
- CUPSD_VARTYPE_PATHNAME /* File/directory name option */
+ CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
+ CUPSD_VARTYPE_PERM /* File/directory permissions */
} cupsd_vartype_t;
typedef struct
{
{ "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
{ "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
- { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
+ { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
{ "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
{ "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
{ "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
{ "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
{ "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
- { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
+ { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_PERM },
{ "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
{ "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
{ "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
{ "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
{ "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
#ifdef HAVE_SSL
- { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME },
-# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
- { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
-# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
+ { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
#endif /* HAVE_SSL */
{ "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
{ "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
cupsdCheckPermissions(
const char *filename, /* I - File/directory name */
const char *suffix, /* I - Additional file/directory name */
- int mode, /* I - Permissions */
- int user, /* I - Owner */
- int group, /* I - Group */
+ mode_t mode, /* I - Permissions */
+ uid_t user, /* I - Owner */
+ gid_t group, /* I - Group */
int is_dir, /* I - 1 = directory, 0 = file */
int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
{
ClassifyOverride = 0;
#ifdef HAVE_SSL
-# ifdef HAVE_CDSASSL
- cupsdSetString(&ServerCertificate, "/Library/Keychains/System.keychain");
+# ifdef HAVE_GNUTLS
+ cupsdSetString(&ServerKeychain, "ssl");
# else
- cupsdSetString(&ServerCertificate, "ssl/server.crt");
- cupsdSetString(&ServerKey, "ssl/server.key");
-# endif /* HAVE_CDSASSL */
+ cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
+# endif /* HAVE_GNUTLS */
#endif /* HAVE_SSL */
language = cupsLangDefault();
default_auth_type = CUPSD_AUTH_BASIC;
#ifdef HAVE_SSL
DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
- SSLOptions = CUPSD_SSL_NONE;
#endif /* HAVE_SSL */
DirtyCleanInterval = DEFAULT_KEEPALIVE;
JobKillDelay = DEFAULT_TIMEOUT;
cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
#ifdef HAVE_SSL
- if (ServerCertificate[0] != '/')
- cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
-
- if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
- cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
- 0, 0) < 0 &&
- (FatalErrors & CUPSD_FATAL_PERMISSIONS))
- return (0);
-
-# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
- if (ServerKey[0] != '/')
- cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
+ if (ServerKeychain[0] != '/')
+ cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
- if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
- cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
- (FatalErrors & CUPSD_FATAL_PERMISSIONS))
- return (0);
-# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
+ cupsSetServerCredentials(ServerKeychain, ServerName, 1);
#endif /* HAVE_SSL */
/*
cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
}
+ setenv("TMPDIR", TempDir, 1);
+
/*
* Make sure the temporary directory has the right permissions...
*/
if (!mimeType(MimeDatabase, "application", "octet-stream"))
NumMimeTypes ++;
- if ((MimeTypes = calloc(NumMimeTypes, sizeof(const char *))) == NULL)
+ if ((MimeTypes = calloc((size_t)NumMimeTypes, sizeof(const char *))) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to allocate memory for %d MIME types.",
* Merge everything into a 32-bit IPv4 address in ip[3]...
*/
- ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
+ ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
+ (unsigned)val[2]) << 8) | (unsigned)val[3];
if (ipcount < 4)
mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
* Merge everything into a 32-bit IPv4 address in ip[3]...
*/
- ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
+ ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
+ (unsigned)val[2]) << 8) | (unsigned)val[3];
if (ipcount < 4)
mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
mask + 3) != 4)
return (0);
- mask[3] |= ((((mask[0] << 8) | mask[1]) << 8) | mask[2]) << 8;
+ mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
+ (unsigned)mask[2]) << 8;
mask[0] = mask[1] = mask[2] = 0;
}
else
}
break;
+ case CUPSD_VARTYPE_PERM :
+ if (!value)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Missing permissions value for %s on line %d of %s.",
+ line, linenum, filename);
+ return (0);
+ }
+ else if (!isdigit(*value & 255))
+ {
+ /* TODO: Add chmod UGO syntax support */
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Bad permissions value for %s on line %d of %s.",
+ line, linenum, filename);
+ return (0);
+ }
+ else
+ {
+ int n = strtol(value, NULL, 8);
+ /* Permissions value */
+
+ if (n < 0)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Bad negative permissions value for %s on line %d of "
+ "%s.", line, linenum, filename);
+ return (0);
+ }
+ else
+ {
+ *((mode_t *)var->ptr) = (mode_t)n;
+ }
+ }
+ break;
+
case CUPSD_VARTYPE_TIME :
if (!value)
{
#endif /* AF_LOCAL */
cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
httpAddrPort(&(lis->address)),
- _httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
+ httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
if (!httpAddrLocalhost(&(lis->address)))
RemotePort = httpAddrPort(&(lis->address));
"Missing value for SetEnv directive on line %d.",
linenum);
}
-#ifdef HAVE_SSL
- else if (!_cups_strcasecmp(line, "SSLOptions"))
- {
- /*
- * SSLOptions options
- */
-
- if (!value || !_cups_strcasecmp(value, "none"))
- SSLOptions = CUPSD_SSL_NONE;
- else if (!_cups_strcasecmp(value, "noemptyfragments"))
- SSLOptions = CUPSD_SSL_NOEMPTY;
- else
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unknown value \"%s\" for SSLOptions directive on "
- "line %d.", value, linenum);
- }
-#endif /* HAVE_SSL */
else if (!_cups_strcasecmp(line, "AccessLog") ||
!_cups_strcasecmp(line, "CacheDir") ||
!_cups_strcasecmp(line, "ConfigFilePerm") ||
!_cups_strcasecmp(line, "ServerBin") ||
!_cups_strcasecmp(line, "ServerCertificate") ||
!_cups_strcasecmp(line, "ServerKey") ||
+ !_cups_strcasecmp(line, "ServerKeychain") ||
!_cups_strcasecmp(line, "ServerRoot") ||
!_cups_strcasecmp(line, "SMBConfigFile") ||
!_cups_strcasecmp(line, "StateDir") ||
*/
if (isdigit(value[0]))
- Group = atoi(value);
+ Group = (gid_t)atoi(value);
else
{
endgrent();
return (0);
}
else
- User = atoi(value);
+ User = (uid_t)atoi(value);
}
else
{
}
}
}
+ else if (!_cups_strcasecmp(line, "ServerCertificate") ||
+ !_cups_strcasecmp(line, "ServerKey"))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO,
+ "The \"%s\" directive on line %d of %s is no longer "
+ "supported; this will become an error in a future "
+ "release.",
+ line, linenum, CupsFilesFile);
+ }
else if (!parse_variable(CupsFilesFile, linenum, line, value,
sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
cupsfiles_vars) &&