X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fcups.git;a=blobdiff_plain;f=scheduler%2Fconf.c;h=3cde8bd2989e527642003a32c41e85294f5a9040;hp=a07baaa450ac580b0b5e8685e27ef5636936bc7a;hb=57b7b66b58a66426494ec13ffb18f730afeab8b5;hpb=25d0c3feab2396ae88bb46368556840cb18abf28 diff --git a/scheduler/conf.c b/scheduler/conf.c index a07baaa45..3cde8bd29 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -1,16 +1,14 @@ /* - * "$Id$" - * * Configuration routines for the CUPS scheduler. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2016 by Apple Inc. * Copyright 1997-2007 by Easy Software Products, all rights reserved. * * These coded instructions, statements, and computer programs are the * property of Apple Inc. and are protected by Federal copyright * law. Distribution and use rights are outlined in the file "LICENSE.txt" * which should have been included with this file. If this file is - * file is missing or damaged, see the license at "http://www.cups.org/". + * missing or damaged, see the license at "http://www.cups.org/". */ /* @@ -21,6 +19,12 @@ #include #include #include +#ifdef HAVE_ASL_H +# include +#elif defined(HAVE_SYSTEMD_SD_JOURNAL_H) +# define SD_JOURNAL_SUPPRESS_LOCATION +# include +#endif /* HAVE_ASL_H */ #include #ifdef HAVE_LIBPAPER @@ -85,9 +89,9 @@ static const cupsd_var_t cupsd_vars[] = #ifdef HAVE_GSSAPI { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING }, #endif /* HAVE_GSSAPI */ -#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD) +#ifdef HAVE_ONDEMAND { "IdleExitTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME }, -#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */ +#endif /* HAVE_ONDEMAND */ { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME }, { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER }, { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME }, @@ -108,7 +112,7 @@ static const cupsd_var_t cupsd_vars[] = { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER }, { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER }, { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER }, - { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER }, + { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_TIME }, { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME }, { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER }, { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER }, @@ -134,6 +138,9 @@ static const cupsd_var_t cupsfiles_vars[] = { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING }, { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING }, { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM }, +#ifdef HAVE_SSL + { "CreateSelfSignedCerts", &CreateSelfSignedCerts, CUPSD_VARTYPE_BOOLEAN }, +#endif /* HAVE_SSL */ { "DataDir", &DataDir, CUPSD_VARTYPE_STRING }, { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING }, { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING }, @@ -269,8 +276,11 @@ cupsdCheckPermissions( "Unable to create directory \"%s\" - %s", filename, strerror(errno)); else - syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename, - strerror(errno)); +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "Unable to create directory \"%s\" - %s", filename, strerror(errno)); +#else + syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename, strerror(errno)); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ return (-1); } @@ -307,7 +317,11 @@ cupsdCheckPermissions( if (create_dir >= 0) cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename); else +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "\"%s\" is not a directory.", filename); +#else syslog(LOG_ERR, "\"%s\" is not a directory.", filename); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ return (-1); } @@ -336,8 +350,11 @@ cupsdCheckPermissions( "Unable to change ownership of \"%s\" - %s", filename, strerror(errno)); else - syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename, - strerror(errno)); +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename, strerror(errno)); +#else + syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename, strerror(errno)); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ return (1); } @@ -356,8 +373,11 @@ cupsdCheckPermissions( "Unable to change permissions of \"%s\" - %s", filename, strerror(errno)); else - syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename, - strerror(errno)); +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename, strerror(errno)); +#else + syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename, strerror(errno)); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ return (1); } @@ -407,7 +427,7 @@ cupsdDefaultAuthType(void) * to use it... */ - if (gss_init_sec_context == NULL) + if (&gss_init_sec_context == NULL) return (default_auth_type = CUPSD_AUTH_BASIC); # endif /* __APPLE__ */ @@ -596,6 +616,8 @@ cupsdReadConfiguration(void) # else cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain"); # endif /* HAVE_GNUTLS */ + + _httpTLSSetOptions(0); #endif /* HAVE_SSL */ language = cupsLangDefault(); @@ -684,6 +706,7 @@ cupsdReadConfiguration(void) FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS); default_auth_type = CUPSD_AUTH_BASIC; #ifdef HAVE_SSL + CreateSelfSignedCerts = TRUE; DefaultEncryption = HTTP_ENCRYPT_REQUIRED; #endif /* HAVE_SSL */ DirtyCleanInterval = DEFAULT_KEEPALIVE; @@ -755,9 +778,9 @@ cupsdReadConfiguration(void) DefaultLeaseDuration = 86400; MaxLeaseDuration = 0; -#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD) +#ifdef HAVE_ONDEMAND IdleExitTimeout = 60; -#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */ +#endif /* HAVE_ONDEMAND */ /* * Setup environment variables... @@ -780,8 +803,11 @@ cupsdReadConfiguration(void) if (TestConfigFile) printf("\"%s\" contains errors.\n", CupsFilesFile); else - syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", - CupsFilesFile); +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "Unable to read \"%s\" due to errors.", CupsFilesFile); +#else + syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", CupsFilesFile); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ return (0); } @@ -790,8 +816,12 @@ cupsdReadConfiguration(void) cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile); else { - syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile, - strerror(errno)); +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno)); +#else + syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno)); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ + return (0); } @@ -804,8 +834,12 @@ cupsdReadConfiguration(void) if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL) { - syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile, - strerror(errno)); +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", ConfigurationFile, strerror(errno)); +#else + syslog(LOG_LPR, "Unable to open \"%s\" - %s", ConfigurationFile, strerror(errno)); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ + return (0); } @@ -818,8 +852,11 @@ cupsdReadConfiguration(void) if (TestConfigFile) printf("\"%s\" contains errors.\n", ConfigurationFile); else - syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", - ConfigurationFile); +#ifdef HAVE_SYSTEMD_SD_JOURNAL_H + sd_journal_print(LOG_ERR, "Unable to read \"%s\" due to errors.", ConfigurationFile); +#else + syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", ConfigurationFile); +#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ return (0); } @@ -946,25 +983,24 @@ cupsdReadConfiguration(void) * Open the system log for cupsd if necessary... */ -#ifdef HAVE_VSYSLOG + if (!LogStderr) + { + if (!strcmp(AccessLog, "stderr")) + cupsdSetString(&AccessLog, "syslog"); + + if (!strcmp(ErrorLog, "stderr")) + cupsdSetString(&ErrorLog, "syslog"); + + if (!strcmp(PageLog, "stderr")) + cupsdSetString(&PageLog, "syslog"); + } + +#if defined(HAVE_VSYSLOG) && !defined(HAVE_ASL_H) && !defined(HAVE_SYSTEMD_SD_JOURNAL_H) if (!strcmp(AccessLog, "syslog") || !strcmp(ErrorLog, "syslog") || !strcmp(PageLog, "syslog")) openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR); -#endif /* HAVE_VSYSLOG */ - - /* - * Make sure each of the log files exists and gets rotated as necessary... - */ - - if (strcmp(AccessLog, "syslog")) - cupsdCheckLogFile(&AccessFile, AccessLog); - - if (strcmp(ErrorLog, "syslog")) - cupsdCheckLogFile(&ErrorFile, ErrorLog); - - if (strcmp(PageLog, "syslog")) - cupsdCheckLogFile(&PageFile, PageLog); +#endif /* HAVE_VSYSLOG && !HAVE_ASL_H && !HAVE_SYSTEMD_SD_JOURNAL_H */ /* * Log the configuration file that was used... @@ -991,8 +1027,11 @@ cupsdReadConfiguration(void) * Log the error and reset the group to a safe value... */ - cupsdLogMessage(CUPSD_LOG_NOTICE, + cupsdLogMessage(CUPSD_LOG_ERROR, "Group and SystemGroup cannot use the same groups."); + if (FatalErrors & (CUPSD_FATAL_CONFIG | CUPSD_FATAL_PERMISSIONS)) + return (0); + cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"..."); group = getgrnam("nobody"); @@ -1060,11 +1099,15 @@ cupsdReadConfiguration(void) cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir); #ifdef HAVE_SSL - if (ServerKeychain[0] != '/') + if (!_cups_strcasecmp(ServerKeychain, "internal")) + cupsdClearString(&ServerKeychain); + else if (ServerKeychain[0] != '/') cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain); - cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName); - cupsSetServerCredentials(ServerKeychain, ServerName, 1); + cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain ? ServerKeychain : "internal", ServerName); + if (!CreateSelfSignedCerts) + cupsdLogMessage(CUPSD_LOG_DEBUG, "Self-signed TLS certificate generation is disabled."); + cupsSetServerCredentials(ServerKeychain, ServerName, CreateSelfSignedCerts); #endif /* HAVE_SSL */ /* @@ -1076,7 +1119,7 @@ cupsdReadConfiguration(void) if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser, Group, 1, 1) < 0 || - cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser, + cupsdCheckPermissions(CacheDir, NULL, 0770, RunUser, Group, 1, 1) < 0 || cupsdCheckPermissions(temp, NULL, 0775, RunUser, Group, 1, 1) < 0 || @@ -1177,6 +1220,19 @@ cupsdReadConfiguration(void) cupsdUpdateEnv(); + /* + * Validate the default error policy... + */ + + if (strcmp(ErrorPolicy, "retry-current-job") && + strcmp(ErrorPolicy, "abort-job") && + strcmp(ErrorPolicy, "retry-job") && + strcmp(ErrorPolicy, "stop-printer")) + { + cupsdLogMessage(CUPSD_LOG_ALERT, "Invalid ErrorPolicy \"%s\", resetting to \"stop-printer\".", ErrorPolicy); + cupsdSetString(&ErrorPolicy, "stop-printer"); + } + /* * Update default paper size setting as needed... */ @@ -2003,8 +2059,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ else if (!_cups_strcasecmp(value, "always")) { cupsdLogMessage(CUPSD_LOG_ERROR, - "Encryption value \"%s\" on line %d is invalid in this " - "context. Using \"required\" instead.", value, linenum); + "Encryption value \"%s\" on line %d of %s is invalid in this " + "context. Using \"required\" instead.", value, linenum, ConfigurationFile); loc->encryption = HTTP_ENCRYPT_REQUIRED; } @@ -2015,7 +2071,7 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ else { cupsdLogMessage(CUPSD_LOG_ERROR, - "Unknown Encryption value %s on line %d.", value, linenum); + "Unknown Encryption value %s on line %d of %s.", value, linenum, ConfigurationFile); return (0); } } @@ -2031,8 +2087,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ loc->order_type = CUPSD_AUTH_DENY; else { - cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d of %s.", + value, linenum, ConfigurationFile); return (0); } } @@ -2134,8 +2190,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ if (!get_addr_and_mask(value, ip, mask)) { - cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d of %s.", + value, linenum, ConfigurationFile); return (0); } @@ -2189,8 +2245,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ else { cupsdLogMessage(CUPSD_LOG_WARN, - "Unknown authorization type %s on line %d.", - value, linenum); + "Unknown authorization type %s on line %d of %s.", + value, linenum, ConfigurationFile); return (0); } } @@ -2216,8 +2272,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ cupsdLogMessage(CUPSD_LOG_WARN, "\"AuthClass %s\" is deprecated; consider using " - "\"Require valid-user\" on line %d.", - value, linenum); + "\"Require valid-user\" on line %d of %s.", + value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(value, "group")) { @@ -2225,8 +2281,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ cupsdLogMessage(CUPSD_LOG_WARN, "\"AuthClass %s\" is deprecated; consider using " - "\"Require user @groupname\" on line %d.", - value, linenum); + "\"Require user @groupname\" on line %d of %s.", + value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(value, "system")) { @@ -2236,14 +2292,14 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ cupsdLogMessage(CUPSD_LOG_WARN, "\"AuthClass %s\" is deprecated; consider using " - "\"Require user @SYSTEM\" on line %d.", - value, linenum); + "\"Require user @SYSTEM\" on line %d of %s.", + value, linenum, ConfigurationFile); } else { cupsdLogMessage(CUPSD_LOG_WARN, - "Unknown authorization class %s on line %d.", - value, linenum); + "Unknown authorization class %s on line %d of %s.", + value, linenum, ConfigurationFile); return (0); } } @@ -2253,8 +2309,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ cupsdLogMessage(CUPSD_LOG_WARN, "\"AuthGroupName %s\" directive is deprecated; consider " - "using \"Require user @%s\" on line %d.", - value, value, linenum); + "using \"Require user @%s\" on line %d of %s.", + value, value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "Require")) { @@ -2280,8 +2336,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ loc->level = CUPSD_AUTH_GROUP; else { - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d of %s.", + value, linenum, ConfigurationFile); return (0); } @@ -2343,8 +2399,8 @@ parse_aaa(cupsd_location_t *loc, /* I - Location */ loc->satisfy = CUPSD_AUTH_SATISFY_ANY; else { - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d of %s.", + value, linenum, ConfigurationFile); return (0); } } @@ -2821,7 +2877,7 @@ parse_variable( else snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value); - if (access(temp, 0)) + if (access(temp, 0) && _cups_strcasecmp(value, "internal") && _cups_strcasecmp(line, "ServerKeychain")) { cupsdLogMessage(CUPSD_LOG_ERROR, "File or directory for \"%s %s\" on line %d of %s " @@ -2920,15 +2976,60 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ JobRetryInterval = atoi(value); cupsdLogMessage(CUPSD_LOG_WARN, "FaxRetryInterval is deprecated; use " - "JobRetryInterval on line %d.", linenum); + "JobRetryInterval on line %d of %s.", linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value) { JobRetryLimit = atoi(value); cupsdLogMessage(CUPSD_LOG_WARN, "FaxRetryLimit is deprecated; use " - "JobRetryLimit on line %d.", linenum); + "JobRetryLimit on line %d of %s.", linenum, ConfigurationFile); + } +#ifdef HAVE_SSL + else if (!_cups_strcasecmp(line, "SSLOptions")) + { + /* + * SSLOptions [AllowRC4] [AllowSSL3] [None] + */ + + int options = 0; /* SSL/TLS options */ + + if (value) + { + char *start, /* Start of option */ + *end; /* End of option */ + + for (start = value; *start; start = end) + { + /* + * Find end of keyword... + */ + + end = start; + while (*end && !_cups_isspace(*end)) + end ++; + + if (*end) + *end++ = '\0'; + + /* + * Compare... + */ + + if (!_cups_strcasecmp(start, "AllowRC4")) + options |= _HTTP_TLS_ALLOW_RC4; + else if (!_cups_strcasecmp(start, "AllowSSL3")) + options |= _HTTP_TLS_ALLOW_SSL3; + else if (!_cups_strcasecmp(start, "None")) + options = 0; + else if (_cups_strcasecmp(start, "NoEmptyFragments")) + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum); + } + } + + _httpTLSSetOptions(options); } +#endif /* HAVE_SSL */ else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen") #ifdef HAVE_SSL || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen") @@ -2974,9 +3075,15 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ if (lis) { - httpAddrString(&lis->address, temp, sizeof(temp)); - cupsdLogMessage(CUPSD_LOG_WARN, - "Duplicate listen address \"%s\" ignored.", temp); +#ifdef HAVE_ONDEMAND + if (!lis->on_demand) +#endif /* HAVE_ONDEMAND */ + { + httpAddrString(&lis->address, temp, sizeof(temp)); + cupsdLogMessage(CUPSD_LOG_WARN, + "Duplicate listen address \"%s\" ignored.", temp); + } + continue; } @@ -3051,8 +3158,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ if (protocols < 0) { cupsdLogMessage(CUPSD_LOG_ERROR, - "Unknown browse protocol \"%s\" on line %d.", - value, linenum); + "Unknown browse protocol \"%s\" on line %d of %s.", + value, linenum, ConfigurationFile); break; } @@ -3077,8 +3184,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ else { cupsdLogMessage(CUPSD_LOG_WARN, - "Unknown default authorization type %s on line %d.", - value, linenum); + "Unknown default authorization type %s on line %d of %s.", + value, linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); } @@ -3099,8 +3206,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ else { cupsdLogMessage(CUPSD_LOG_WARN, - "Unknown default encryption %s on line %d.", - value, linenum); + "Unknown default encryption %s on line %d of %s.", + value, linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); } @@ -3121,8 +3228,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ else if (!_cups_strcasecmp(value, "double")) HostNameLookups = 2; else - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d of %s.", + value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "AccessLogLevel") && value) { @@ -3139,8 +3246,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ else if (!_cups_strcasecmp(value, "none")) AccessLogLevel = CUPSD_ACCESSLOG_NONE; else - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d of %s.", + value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "LogLevel") && value) { @@ -3169,8 +3276,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ else if (!_cups_strcasecmp(value, "none")) LogLevel = CUPSD_LOG_NONE; else - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d of %s.", + value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "LogTimeFormat") && value) { @@ -3183,8 +3290,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ else if (!_cups_strcasecmp(value, "usecs")) LogTimeFormat = CUPSD_TIME_USECS; else - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d of %s.", + value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "ServerTokens") && value) { @@ -3215,8 +3322,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ else if (!_cups_strcasecmp(value, "None")) cupsdClearString(&ServerHeader); else - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.", + value, linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "PassEnv") && value) { @@ -3292,8 +3399,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ } else cupsdLogMessage(CUPSD_LOG_ERROR, - "Missing value for SetEnv directive on line %d.", - linenum); + "Missing value for SetEnv directive on line %d of %s.", + linenum, ConfigurationFile); } else if (!_cups_strcasecmp(line, "AccessLog") || !_cups_strcasecmp(line, "CacheDir") || @@ -3414,7 +3521,7 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ * Level of sandboxing? */ - if (!_cups_strcasecmp(value, "off")) + if (!_cups_strcasecmp(value, "off") && getuid()) { Sandboxing = CUPSD_SANDBOXING_OFF; cupsdLogMessage(CUPSD_LOG_WARN, "Disabling sandboxing is not recommended (line %d of %s)", linenum, CupsFilesFile); @@ -3540,8 +3647,8 @@ read_location(cups_file_t *fp, /* I - Configuration file */ if ((parent = cupsdFindLocation(location)) != NULL) - cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate on line %d.", - location, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate on line %d of %s.", + location, linenum, ConfigurationFile); else if ((parent = cupsdNewLocation(location)) == NULL) return (0); else @@ -3566,7 +3673,7 @@ read_location(cups_file_t *fp, /* I - Configuration file */ { if (!value) { - cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum); + cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); else @@ -3601,8 +3708,8 @@ read_location(cups_file_t *fp, /* I - Configuration file */ else if (!strcmp(value, "TRACE")) loc->limit |= CUPSD_AUTH_LIMIT_TRACE; else - cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.", - value, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d of %s.", + value, linenum, ConfigurationFile); for (value = valptr; isspace(*value & 255); value ++); } @@ -3617,15 +3724,15 @@ read_location(cups_file_t *fp, /* I - Configuration file */ loc = parent; else if (!value) { - cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum); + cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); } else if (!parse_aaa(loc, line, value, linenum)) { cupsdLogMessage(CUPSD_LOG_ERROR, - "Unknown Location directive %s on line %d.", - line, linenum); + "Unknown Location directive %s on line %d of %s.", + line, linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); } @@ -3664,8 +3771,8 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ */ if ((pol = cupsdFindPolicy(policy)) != NULL) - cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate on line %d.", - policy, linenum); + cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate on line %d of %s.", + policy, linenum, ConfigurationFile); else if ((pol = cupsdAddPolicy(policy)) == NULL) return (0); @@ -3686,8 +3793,8 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ { if (op) cupsdLogMessage(CUPSD_LOG_WARN, - "Missing before on line %d.", - linenum); + "Missing before on line %d of %s.", + linenum, ConfigurationFile); set_policy_defaults(pol); @@ -3697,7 +3804,7 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ { if (!value) { - cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum); + cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); else @@ -3723,15 +3830,15 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ ops[num_ops] = IPP_ANY_OPERATION; else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION) cupsdLogMessage(CUPSD_LOG_ERROR, - "Bad IPP operation name \"%s\" on line %d.", - value, linenum); + "Bad IPP operation name \"%s\" on line %d of %s.", + value, linenum, ConfigurationFile); else num_ops ++; } else cupsdLogMessage(CUPSD_LOG_ERROR, - "Too many operations listed on line %d.", - linenum); + "Too many operations listed on line %d of %s.", + linenum, ConfigurationFile); for (value = valptr; isspace(*value & 255); value ++); } @@ -3772,7 +3879,7 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ } else if (!value) { - cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum); + cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); } @@ -3785,7 +3892,7 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ { cupsdLogMessage(CUPSD_LOG_ERROR, "%s directive must appear outside ... " - "on line %d.", line, linenum); + "on line %d of %s.", line, linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); } @@ -3883,16 +3990,16 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ else if (!op) { cupsdLogMessage(CUPSD_LOG_ERROR, - "Missing directive before %s on line %d.", - line, linenum); + "Missing directive before %s on line %d of %s.", + line, linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); } else if (!parse_aaa(op, line, value, linenum)) { cupsdLogMessage(CUPSD_LOG_ERROR, - "Unknown Policy Limit directive %s on line %d.", - line, linenum); + "Unknown Policy Limit directive %s on line %d of %s.", + line, linenum, ConfigurationFile); if (FatalErrors & CUPSD_FATAL_CONFIG) return (0); @@ -3921,121 +4028,106 @@ set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */ * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs, * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that * upgrades do not introduce new security issues... + * + * CUPS STR #4659: Allow a lone policy. */ - if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL || - op->op == IPP_ANY_OPERATION) + if (cupsArrayCount(pol->ops) > 1) { - if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL && - op->op != IPP_ANY_OPERATION) + if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL || + op->op == IPP_ANY_OPERATION) { - /* - * Add a new limit for Validate-Job using the Print-Job limit as a - * template... - */ + if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL && + op->op != IPP_ANY_OPERATION) + { + /* + * Add a new limit for Validate-Job using the Print-Job limit as a + * template... + */ - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Validate-Job defined in policy %s " - "- using Print-Job's policy.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s - using Print-Job's policy.", pol->name); - cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB); + cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB); + } + else + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s and no suitable template found.", pol->name); } - else - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Validate-Job defined in policy %s " - "and no suitable template found.", pol->name); - } - if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL || - op->op == IPP_ANY_OPERATION) - { - if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL && - op->op != IPP_ANY_OPERATION) + if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL || + op->op == IPP_ANY_OPERATION) { - /* - * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a - * template... - */ + if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL && + op->op != IPP_ANY_OPERATION) + { + /* + * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a + * template... + */ - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Cancel-Jobs defined in policy %s " - "- using Pause-Printer's policy.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s - using Pause-Printer's policy.", pol->name); - cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS); + cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS); + } + else + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s and no suitable template found.", pol->name); } - else - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Cancel-Jobs defined in policy %s " - "and no suitable template found.", pol->name); - } - if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL || - op->op == IPP_ANY_OPERATION) - { - if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL && - op->op != IPP_ANY_OPERATION) + if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL || + op->op == IPP_ANY_OPERATION) { - /* - * Add a new limit for Cancel-My-Jobs using the Send-Document limit as - * a template... - */ + if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL && + op->op != IPP_ANY_OPERATION) + { + /* + * Add a new limit for Cancel-My-Jobs using the Send-Document limit as + * a template... + */ - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Cancel-My-Jobs defined in policy %s " - "- using Send-Document's policy.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s - using Send-Document's policy.", pol->name); - cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS); + cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS); + } + else + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s and no suitable template found.", pol->name); } - else - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Cancel-My-Jobs defined in policy %s " - "and no suitable template found.", pol->name); - } - if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL || - op->op == IPP_ANY_OPERATION) - { - if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL && - op->op != IPP_ANY_OPERATION) + if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL || + op->op == IPP_ANY_OPERATION) { - /* - * Add a new limit for Close-Job using the Send-Document limit as a - * template... - */ + if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL && + op->op != IPP_ANY_OPERATION) + { + /* + * Add a new limit for Close-Job using the Send-Document limit as a + * template... + */ - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Close-Job defined in policy %s " - "- using Send-Document's policy.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s - using Send-Document's policy.", pol->name); - cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB); + cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB); + } + else + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s and no suitable template found.", pol->name); } - else - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for Close-Job defined in policy %s " - "and no suitable template found.", pol->name); - } - if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL || - op->op == IPP_ANY_OPERATION) - { - if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL && - op->op != IPP_ANY_OPERATION) + if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL || + op->op == IPP_ANY_OPERATION) { - /* - * Add a new limit for CUPS-Get-Document using the Send-Document - * limit as a template... - */ + if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL && + op->op != IPP_ANY_OPERATION) + { + /* + * Add a new limit for CUPS-Get-Document using the Send-Document + * limit as a template... + */ - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for CUPS-Get-Document defined in policy %s " - "- using Send-Document's policy.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s - using Send-Document's policy.", pol->name); - cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT); + cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT); + } + else + cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s and no suitable template found.", pol->name); } - else - cupsdLogMessage(CUPSD_LOG_WARN, - "No limit for CUPS-Get-Document defined in policy %s " - "and no suitable template found.", pol->name); } /* @@ -4045,18 +4137,14 @@ set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */ if (!pol->job_access) { - cupsdLogMessage(CUPSD_LOG_WARN, - "No JobPrivateAccess defined in policy %s " - "- using defaults.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateAccess defined in policy %s - using defaults.", pol->name); cupsdAddString(&(pol->job_access), "@OWNER"); cupsdAddString(&(pol->job_access), "@SYSTEM"); } if (!pol->job_attrs) { - cupsdLogMessage(CUPSD_LOG_WARN, - "No JobPrivateValues defined in policy %s " - "- using defaults.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateValues defined in policy %s - using defaults.", pol->name); cupsdAddString(&(pol->job_attrs), "job-name"); cupsdAddString(&(pol->job_attrs), "job-originating-host-name"); cupsdAddString(&(pol->job_attrs), "job-originating-user-name"); @@ -4065,18 +4153,14 @@ set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */ if (!pol->sub_access) { - cupsdLogMessage(CUPSD_LOG_WARN, - "No SubscriptionPrivateAccess defined in policy %s " - "- using defaults.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateAccess defined in policy %s - using defaults.", pol->name); cupsdAddString(&(pol->sub_access), "@OWNER"); cupsdAddString(&(pol->sub_access), "@SYSTEM"); } if (!pol->sub_attrs) { - cupsdLogMessage(CUPSD_LOG_WARN, - "No SubscriptionPrivateValues defined in policy %s " - "- using defaults.", pol->name); + cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateValues defined in policy %s - using defaults.", pol->name); cupsdAddString(&(pol->sub_attrs), "notify-events"); cupsdAddString(&(pol->sub_attrs), "notify-pull-method"); cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri"); @@ -4084,8 +4168,3 @@ set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */ cupsdAddString(&(pol->sub_attrs), "notify-user-data"); } } - - -/* - * End of "$Id$". - */