* get_addr_and_mask() - Get an IP address and netmask.
* parse_aaa() - Parse authentication, authorization, and
* access control lines.
+ * parse_fatal_errors() - Parse FatalErrors values in a string.
* parse_groups() - Parse system group names in a string.
* parse_protocols() - Parse browse protocols in a string.
* read_configuration() - Read a configuration file.
unsigned *mask);
static int parse_aaa(cupsd_location_t *loc, char *line,
char *value, int linenum);
+static int parse_fatal_errors(const char *s);
static int parse_groups(const char *s);
static int parse_protocols(const char *s);
static int read_configuration(cups_file_t *fp);
AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
+ FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
DefaultAuthType = CUPSD_AUTH_BASIC;
#ifdef HAVE_SSL
DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
- 0, 0) < 0)
+ 0, 0) < 0 &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
return (0);
# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
- cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0)
+ cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
return (0);
# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
#endif /* HAVE_SSL */
snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
- if (cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(temp, NULL, 0775, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
- SystemGroupIDs[0], 1, 1) < 0 ||
- cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
- Group, 1, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
- Group, 1, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
- Group, 0, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
- Group, 0, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
- Group, 0, 0) < 0 ||
- cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
- Group, 0, 0) < 0)
+ if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(temp, NULL, 0775, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
+ SystemGroupIDs[0], 1, 1) < 0 ||
+ cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
+ Group, 1, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
+ Group, 1, 1) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
+ Group, 1, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
+ Group, 0, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
+ Group, 0, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
+ Group, 0, 0) < 0 ||
+ cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
+ Group, 0, 0) < 0) &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
return (0);
/*
* is under the spool directory or does not exist...
*/
- if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0)
+ if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
+ (FatalErrors & CUPSD_FATAL_PERMISSIONS))
return (0);
}
if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
{
if (MaxClients > 0)
- cupsdLogMessage(CUPSD_LOG_INFO, "MaxClients limited to 1/3 (%d) of the file descriptor limit (%d)...",
- MaxFDs / 3, MaxFDs);
+ cupsdLogMessage(CUPSD_LOG_INFO,
+ "MaxClients limited to 1/3 (%d) of the file descriptor "
+ "limit (%d)...",
+ MaxFDs / 3, MaxFDs);
MaxClients = MaxFDs / 3;
}
cupsdLogMessage(CUPSD_LOG_EMERG,
"Unable to load MIME database from \"%s\" or \"%s\"!",
mimedir, ServerRoot);
- exit(errno);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
cupsdLogMessage(CUPSD_LOG_INFO,
}
+/*
+ * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
+ */
+
+static int /* O - FatalErrors bits */
+parse_fatal_errors(const char *s) /* I - FatalErrors string */
+{
+ int fatal; /* FatalErrors bits */
+ char value[1024], /* Value string */
+ *valstart, /* Pointer into value */
+ *valend; /* End of value */
+
+
+ /*
+ * Empty FatalErrors line yields NULL pointer...
+ */
+
+ if (!s)
+ return (CUPSD_FATAL_NONE);
+
+ /*
+ * Loop through the value string,...
+ */
+
+ strlcpy(value, s, sizeof(value));
+
+ fatal = CUPSD_FATAL_NONE;
+
+ for (valstart = value; *valstart;)
+ {
+ /*
+ * Get the current space/comma-delimited kind name...
+ */
+
+ for (valend = valstart; *valend; valend ++)
+ if (isspace(*valend & 255) || *valend == ',')
+ break;
+
+ if (*valend)
+ *valend++ = '\0';
+
+ /*
+ * Add the error to the bitmask...
+ */
+
+ if (!strcasecmp(valstart, "all"))
+ fatal = CUPSD_FATAL_ALL;
+ else if (!strcasecmp(valstart, "browse"))
+ fatal |= CUPSD_FATAL_BROWSE;
+ else if (!strcasecmp(valstart, "-browse"))
+ fatal &= ~CUPSD_FATAL_BROWSE;
+ else if (!strcasecmp(valstart, "config"))
+ fatal |= CUPSD_FATAL_CONFIG;
+ else if (!strcasecmp(valstart, "-config"))
+ fatal &= ~CUPSD_FATAL_CONFIG;
+ else if (!strcasecmp(valstart, "listen"))
+ fatal |= CUPSD_FATAL_LISTEN;
+ else if (!strcasecmp(valstart, "-listen"))
+ fatal &= ~CUPSD_FATAL_LISTEN;
+ else if (!strcasecmp(valstart, "log"))
+ fatal |= CUPSD_FATAL_LOG;
+ else if (!strcasecmp(valstart, "-log"))
+ fatal &= ~CUPSD_FATAL_LOG;
+ else if (!strcasecmp(valstart, "permissions"))
+ fatal |= CUPSD_FATAL_PERMISSIONS;
+ else if (!strcasecmp(valstart, "-permissions"))
+ fatal &= ~CUPSD_FATAL_PERMISSIONS;
+ else if (strcasecmp(valstart, "none"))
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Unknown FatalErrors kind \"%s\" ignored!", valstart);
+
+ for (valstart = valend; *valstart; valstart ++)
+ if (!isspace(*valstart & 255) || *valstart != ',')
+ break;
+ }
+
+ return (fatal);
+}
+
+
/*
* 'parse_groups()' - Parse system group names in a string.
*/
if (linenum == 0)
return (0);
}
+ else if (!strcasecmp(line, "FatalErrors"))
+ FatalErrors = parse_fatal_errors(value);
else if (!strcasecmp(line, "FaxRetryInterval") && value)
{
JobRetryInterval = atoi(value);
cupsdLogMessage(CUPSD_LOG_WARN,
"Unknown default authorization type %s on line %d.",
value, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
#ifdef HAVE_SSL
cupsdLogMessage(CUPSD_LOG_WARN,
"Unknown default encryption %s on line %d.",
value, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
#endif /* HAVE_SSL */
if (!value)
{
cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
if ((loc = cupsdCopyLocation(&parent)) == NULL)
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unknown Location directive %s on line %d.",
line, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
"Unexpected end-of-file at line %d while reading location!",
linenum);
- return (0);
+ return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
if (!value)
{
cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
/*
cupsdLogMessage(CUPSD_LOG_ERROR,
"Missing <Limit ops> directive before %s on line %d.",
line, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
else if (!parse_aaa(op, line, value, linenum))
{
"Unknown Policy directive %s on line %d.",
line, linenum);
- return (0);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
}
}
"Unexpected end-of-file at line %d while reading policy \"%s\"!",
linenum, policy);
- return (0);
+ return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
strerror(errno));
BrowseLocalProtocols &= ~BROWSE_CUPS;
BrowseRemoteProtocols &= ~BROWSE_CUPS;
- return;
+
+ if (FatalErrors & CUPSD_FATAL_BROWSE)
+ cupsdEndProcess(getpid(), 0);
}
+ }
+ if (BrowseSocket >= 0)
+ {
/*
* Bind the socket to browse port...
*/
BrowseSocket = -1;
BrowseLocalProtocols &= ~BROWSE_CUPS;
BrowseRemoteProtocols &= ~BROWSE_CUPS;
- return;
+
+ if (FatalErrors & CUPSD_FATAL_BROWSE)
+ cupsdEndProcess(getpid(), 0);
}
}
- /*
- * Set the "broadcast" flag...
- */
-
- val = 1;
- if (setsockopt(BrowseSocket, SOL_SOCKET, SO_BROADCAST, &val, sizeof(val)))
+ if (BrowseSocket >= 0)
{
- cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to set broadcast mode - %s.",
- strerror(errno));
+ /*
+ * Set the "broadcast" flag...
+ */
+
+ val = 1;
+ if (setsockopt(BrowseSocket, SOL_SOCKET, SO_BROADCAST, &val, sizeof(val)))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to set broadcast mode - %s.",
+ strerror(errno));
#ifdef WIN32
- closesocket(BrowseSocket);
+ closesocket(BrowseSocket);
#else
- close(BrowseSocket);
+ close(BrowseSocket);
#endif /* WIN32 */
- BrowseSocket = -1;
- BrowseLocalProtocols &= ~BROWSE_CUPS;
- BrowseRemoteProtocols &= ~BROWSE_CUPS;
- return;
- }
+ BrowseSocket = -1;
+ BrowseLocalProtocols &= ~BROWSE_CUPS;
+ BrowseRemoteProtocols &= ~BROWSE_CUPS;
- /*
- * Close the socket on exec...
- */
+ if (FatalErrors & CUPSD_FATAL_BROWSE)
+ cupsdEndProcess(getpid(), 0);
+ }
+ }
- fcntl(BrowseSocket, F_SETFD, fcntl(BrowseSocket, F_GETFD) | FD_CLOEXEC);
+ if (BrowseSocket >= 0)
+ {
+ /*
+ * Close the socket on exec...
+ */
- /*
- * Finally, add the socket to the input selection set as needed...
- */
+ fcntl(BrowseSocket, F_SETFD, fcntl(BrowseSocket, F_GETFD) | FD_CLOEXEC);
- if (BrowseRemoteProtocols & BROWSE_CUPS)
- {
/*
- * We only listen if we want remote printers...
+ * Finally, add the socket to the input selection set as needed...
*/
- cupsdAddSelect(BrowseSocket, (cupsd_selfunc_t)update_cups_browse,
- NULL, NULL);
+ if (BrowseRemoteProtocols & BROWSE_CUPS)
+ {
+ /*
+ * We only listen if we want remote printers...
+ */
+
+ cupsdAddSelect(BrowseSocket, (cupsd_selfunc_t)update_cups_browse,
+ NULL, NULL);
+ }
}
}
else
if ((error = DNSServiceCreateConnection(&DNSSDRef))
!= kDNSServiceErr_NoError)
+ {
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to create master DNS-SD reference: %d", error);
+
+ if (FatalErrors & CUPSD_FATAL_BROWSE)
+ cupsdEndProcess(getpid(), 0);
+ }
else
{
/*
"Unable to open an SLP handle; disabling SLP browsing!");
BrowseLocalProtocols &= ~BROWSE_SLP;
BrowseRemoteProtocols &= ~BROWSE_SLP;
+ BrowseSLPHandle = NULL;
+
+ if (FatalErrors & CUPSD_FATAL_BROWSE)
+ cupsdEndProcess(getpid(), 0);
}
BrowseSLPRefresh = 0;
"Need to set BrowseLDAPDN to use LDAP browsing!");
BrowseLocalProtocols &= ~BROWSE_LDAP;
BrowseRemoteProtocols &= ~BROWSE_LDAP;
+
+ if (FatalErrors & CUPSD_FATAL_BROWSE)
+ cupsdEndProcess(getpid(), 0);
}
else
{
- /* Open LDAP handle... */
- BrowseLDAPHandle = ldap_connect();
+ /*
+ * Open LDAP handle...
+ */
+
+ if ((BrowseLDAPHandle = ldap_connect()) == NULL &&
+ (FatalErrors & CUPSD_FATAL_BROWSE))
+ cupsdEndProcess(getpid(), 0);
}
BrowseLDAPRefresh = 0;