Block cups-files.conf directives (Issue #5530)

diff --git a/CHANGES.md b/CHANGES.md
index 7fb4be14480155c6e6135d0f6f7c128d60e6e8e5..aabae66f8921e6f4503f586b44b817e3d4214441 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,10 +1,12 @@
-CHANGES - 2.3rc1 - 2019-05-13
+CHANGES - 2.3rc1 - 2019-05-15
 =============================
 
 
 Changes in CUPS v2.3rc1
 -----------------------
 
+- The `cupsctl` command now prevents setting "cups-files.conf" directives
+  (Issue #5530)
 - The footer in the web interface covered some content on small displays
   (Issue #5574)
 - The `ippeveprinter` command now looks for print commands in the "command"

diff --git a/systemv/cupsctl.c b/systemv/cupsctl.c
index efbd4ba5b71a114c3d6d47e51e1b2163dcd9f88b..3b5b4c58c404dd5228eb65c5333ed4da15d293c9 100644 (file)
--- a/systemv/cupsctl.c
+++ b/systemv/cupsctl.c
@@ -1,7 +1,7 @@
 /*
  * Scheduler control program for CUPS.
  *
- * Copyright © 2007-2018 by Apple Inc.
+ * Copyright © 2007-2019 by Apple Inc.
  * Copyright © 2006-2007 by Easy Software Products.
  *
  * Licensed under Apache License v2.0.  See the file "LICENSE" for more
@@ -31,11 +31,47 @@ int                                 /* O - Exit status */
 main(int  argc,                                /* I - Number of command-line args */
      char *argv[])                     /* I - Command-line arguments */
 {
-  int          i,                      /* Looping var */
+  int          i, j,                   /* Looping vars */
                num_settings;           /* Number of settings */
-  cups_option_t        *settings;              /* Settings */
+  cups_option_t        *settings,              /* Settings */
+               *setting;               /* Current setting */
   const char   *opt;                   /* Current option character */
   http_t       *http;                  /* Connection to server */
+  static const char * const disallowed[] =
+  {                                    /* List of disallowed directives for cupsd.conf */
+    "AccessLog",
+    "CacheDir",
+    "ConfigFilePerm",
+    "DataDir",
+    "DocumentRoot",
+    "ErrorLog",
+    "FatalErrors",
+    "FileDevice",
+    "FontPath",
+    "Group",
+    "Listen",
+    "LogFilePerm",
+    "LPDConfigFile",
+    "PageLog",
+    "PassEnv",
+    "Port",
+    "Printcap",
+    "PrintcapFormat",
+    "RemoteRoot",
+    "RequestRoot",
+    "ServerBin",
+    "ServerCertificate",
+    "ServerKey",
+    "ServerKeychain",
+    "ServerRoot",
+    "SetEnv",
+    "SMBConfigFile",
+    "StateDir",
+    "SystemGroup",
+    "SystemGroupAuthKey",
+    "TempDir",
+    "User"
+  };
 
 
  /*
@@ -125,11 +161,16 @@ main(int  argc,                           /* I - Number of command-line args */
       usage(argv[i]);
   }
 
-  if (cupsGetOption("Listen", num_settings, settings) ||
-      cupsGetOption("Port", num_settings, settings))
+  for (i = num_settings, setting = settings; i > 0; i --, setting ++)
   {
-    _cupsLangPuts(stderr, _("cupsctl: Cannot set Listen or Port directly."));
-    return (1);
+    for (j = 0; j < (int)(sizeof(disallowed) / sizeof(disallowed[0])); j ++)
+    {
+      if (!_cups_strcasecmp(setting->name, disallowed[j]))
+      {
+       _cupsLangPrintf(stderr, _("cupsctl: Cannot set %s directly."), disallowed[j]);
+       return (1);
+      }
+    }
   }
 
  /*