X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fcups.git;a=blobdiff_plain;f=scheduler%2Fcert.c;h=17f5bd5dc5befb1db43af77d65b562c29dda4558;hp=a25f3092a6884ab094309268e4232ecd9b679878;hb=503b54c9302c8de6207e079a80a89a787eb612ea;hpb=12f89d241ce15358fb71ef1b1249803ee9d97374 diff --git a/scheduler/cert.c b/scheduler/cert.c index a25f3092a..17f5bd5dc 100644 --- a/scheduler/cert.c +++ b/scheduler/cert.c @@ -1,25 +1,14 @@ /* - * "$Id: cert.c 7673 2008-06-18 22:31:26Z mike $" + * Authentication certificate routines for the CUPS scheduler. * - * Authentication certificate routines for the CUPS scheduler. + * Copyright 2007-2015 by Apple Inc. + * Copyright 1997-2006 by Easy Software Products. * - * Copyright 2007-2011 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. - * - * These coded instructions, statements, and computer programs are the - * property of Apple Inc. and are protected by Federal copyright - * law. Distribution and use rights are outlined in the file "LICENSE.txt" - * which should have been included with this file. If this file is - * file is missing or damaged, see the license at "http://www.cups.org/". - * - * Contents: - * - * cupsdAddCert() - Add a certificate. - * cupsdDeleteCert() - Delete a single certificate. - * cupsdDeleteAllCerts() - Delete all certificates... - * cupsdFindCert() - Find a certificate. - * cupsdInitCerts() - Initialize the certificate "system" and root - * certificate. + * These coded instructions, statements, and computer programs are the + * property of Apple Inc. and are protected by Federal copyright + * law. Distribution and use rights are outlined in the file "LICENSE.txt" + * which should have been included with this file. If this file is + * file is missing or damaged, see the license at "http://www.cups.org/". */ /* @@ -35,6 +24,13 @@ #endif /* HAVE_ACL_INIT */ +/* + * Local functions... + */ + +static int ctcompare(const char *a, const char *b); + + /* * 'cupsdAddCert()' - Add a certificate. */ @@ -42,7 +38,7 @@ void cupsdAddCert(int pid, /* I - Process ID */ const char *username, /* I - Username */ - void *ccache) /* I - Kerberos credentials or NULL */ + int type) /* I - AuthType for username */ { int i; /* Looping var */ cupsd_cert_t *cert; /* Current certificate */ @@ -52,8 +48,7 @@ cupsdAddCert(int pid, /* I - Process ID */ /* Hex constants... */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdAddCert: Adding certificate for PID %d", pid); + cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAddCert: Adding certificate for PID %d", pid); /* * Allocate memory for the certificate... @@ -66,7 +61,8 @@ cupsdAddCert(int pid, /* I - Process ID */ * Fill in the certificate information... */ - cert->pid = pid; + cert->pid = pid; + cert->type = type; strlcpy(cert->username, username, sizeof(cert->username)); for (i = 0; i < 32; i ++) @@ -110,8 +106,7 @@ cupsdAddCert(int pid, /* I - Process ID */ fchmod(fd, 0440); fchown(fd, RunUser, SystemGroupIDs[0]); - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddCert: NumSystemGroups=%d", - NumSystemGroups); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddCert: NumSystemGroups=%d", NumSystemGroups); #ifdef HAVE_ACL_INIT if (NumSystemGroups > 1) @@ -259,16 +254,6 @@ cupsdAddCert(int pid, /* I - Process ID */ write(fd, cert->certificate, strlen(cert->certificate)); close(fd); - /* - * Add Kerberos credentials as needed... - */ - -#ifdef HAVE_GSSAPI - cert->ccache = (krb5_ccache)ccache; -#else - (void)ccache; -#endif /* HAVE_GSSAPI */ - /* * Insert the certificate at the front of the list... */ @@ -297,8 +282,7 @@ cupsdDeleteCert(int pid) /* I - Process ID */ * Remove this certificate from the list... */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdDeleteCert: Removing certificate for PID %d", pid); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteCert: Removing certificate for PID %d.", pid); DEBUG_printf(("DELETE pid=%d, username=%s, cert=%s\n", cert->pid, cert->username, cert->certificate)); @@ -308,15 +292,6 @@ cupsdDeleteCert(int pid) /* I - Process ID */ else prev->next = cert->next; -#ifdef HAVE_GSSAPI - /* - * Release Kerberos credentials as needed... - */ - - if (cert->ccache) - krb5_cc_destroy(KerberosContext, cert->ccache); -#endif /* HAVE_GSSAPI */ - free(cert); /* @@ -381,17 +356,15 @@ cupsdFindCert(const char *certificate) /* I - Certificate */ cupsd_cert_t *cert; /* Current certificate */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert(certificate=%s)", - certificate); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert(certificate=%s)", certificate); for (cert = Certs; cert != NULL; cert = cert->next) - if (!_cups_strcasecmp(certificate, cert->certificate)) + if (!ctcompare(certificate, cert->certificate)) { - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert: Returning %s...", - cert->username); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert: Returning \"%s\".", cert->username); return (cert); } - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert: Certificate not found!"); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert: Certificate not found."); return (NULL); } @@ -435,10 +408,10 @@ cupsdInitCerts(void) * them as the seed... */ - seed = cupsFileGetChar(fp); - seed = (seed << 8) | cupsFileGetChar(fp); - seed = (seed << 8) | cupsFileGetChar(fp); - CUPS_SRAND((seed << 8) | cupsFileGetChar(fp)); + seed = (unsigned)cupsFileGetChar(fp); + seed = (seed << 8) | (unsigned)cupsFileGetChar(fp); + seed = (seed << 8) | (unsigned)cupsFileGetChar(fp); + CUPS_SRAND((seed << 8) | (unsigned)cupsFileGetChar(fp)); cupsFileClose(fp); } @@ -449,10 +422,27 @@ cupsdInitCerts(void) */ if (!RunUser) - cupsdAddCert(0, "root", NULL); + cupsdAddCert(0, "root", cupsdDefaultAuthType()); } /* - * End of "$Id: cert.c 7673 2008-06-18 22:31:26Z mike $". + * 'ctcompare()' - Compare two strings in constant time. */ + +static int /* O - 0 on match, non-zero on non-match */ +ctcompare(const char *a, /* I - First string */ + const char *b) /* I - Second string */ +{ + int result = 0; /* Result */ + + + while (*a && *b) + { + result |= *a ^ *b; + a ++; + b ++; + } + + return (result); +}