-CHANGES.txt - 2.0.0 - 2014-10-01
+CHANGES.txt - 2.0.1 - 2014-11-14
--------------------------------
+CHANGES IN CUPS V2.0.1
+
+ - Security: SSLv3 is now disabled by default to protect against the
+ POODLE attack (STR #4476)
+ - Printer sharing did not work when systemd was being used (STR #4497)
+ - cupsGetPPD* would return a symlink to the PPD in /etc/cups/ppd even if
+ it was not readable by the user (STR #4500)
+ - The web interface now protects against frame "click-jacking" attacks
+ (STR #4492)
+ - Fixed a crash in ippAttributeString (<rdar://problem/17903871>)
+ - Fixed a crash in the scheduler on Linux/*BSD if colord was not running
+ (STR #4496)
+ - Fixed a random crash in the scheduler when not using systemd
+ (STR #4484)
+ - Added systemd support for cups-lpd (STR #4493)
+ - The scheduler did not honor the FatalErrors directive for mis-
+ configured Group and SystemGroup values (STR #4495)
+ - The network backends no longer report waste-receptacle conditions when
+ using SNMP (STR #4499)
+ - The IPP backend did not work with some configurations of Windows
+ (STR #4503)
+ - RPMs did not build (STR #4490)
+ - Added a USB quirk rule for the Brother HL-1250 (STR #4519)
+ - Fixed compiles on unsupported platforms (STR #4510)
+ - "cancel -a" did not cancel all jobs on all destinations (STR #4513)
+ - The web interface did not work on OpenBSD (STR #4496)
+
+
CHANGES IN CUPS V2.0.0
- The scheduler did not preserve listener sockets from launchd or
-INSTALL - CUPS v2.0.0 - 2014-10-01
+INSTALL - CUPS v2.0.1 - 2014-11-14
----------------------------------
This file describes how to compile and install CUPS from source code. For more
-README - CUPS v2.0.0 - 2014-10-01
+README - CUPS v2.0.1 - 2014-11-14
---------------------------------
Looking for compile instructions? Read the file "INSTALL.txt" instead...
# Canon, Inc. MF4150 Printer, https://bugs.launchpad.net/bugs/1160638
0x04a9 0x26a3 no-reattach
+# Brother Industries, Ltd HL-1250 Laser Printer, https://bugs.debian.org/712512
+0x04f9 0x0007 no-reattach
+
# Brother Industries, Ltd HL-1430 Laser Printer, https://bugs.launchpad.net/bugs/1038695
0x04f9 0x001a no-reattach
/*
- * "$Id: snmp-supplies.c 11558 2014-02-06 18:33:34Z msweet $"
+ * "$Id: snmp-supplies.c 12228 2014-10-21 13:42:05Z msweet $"
*
* SNMP supplies functions for CUPS.
*
else
new_supply_state |= CUPS_OPC_NEAR_EOL;
break;
+#if 0 /* Because no two vendors report waste containers the same, disable SNMP reporting of same */
case CUPS_TC_wasteInk :
case CUPS_TC_wastePaper :
case CUPS_TC_wasteToner :
else
new_supply_state |= CUPS_WASTE_ALMOST_FULL;
break;
+#endif /* 0 */
case CUPS_TC_cleanerUnit :
case CUPS_TC_fuserCleaningPad :
if (percent <= 1)
/*
- * End of "$Id: snmp-supplies.c 11558 2014-02-06 18:33:34Z msweet $".
+ * End of "$Id: snmp-supplies.c 12228 2014-10-21 13:42:05Z msweet $".
*/
#Group @CUPS_GROUP@
# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
+# This cannot contain the Group value for security reasons...
SystemGroup @CUPS_SYSTEM_GROUPS@
@CUPS_SYSTEM_AUTHKEY@
dnl
-dnl "$Id: cups-common.m4 12180 2014-10-01 12:08:02Z msweet $"
+dnl "$Id: cups-common.m4 12195 2014-10-02 18:45:59Z msweet $"
dnl
dnl Common configuration stuff for CUPS.
dnl
AC_CONFIG_HEADER(config.h)
dnl Version number information...
-CUPS_VERSION=2.0.0
+CUPS_VERSION=2.0.1
CUPS_REVISION=
#if test -z "$CUPS_REVISION" -a -d .svn; then
# CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`"
AC_SUBST(BUILDDIRS)
dnl
-dnl End of "$Id: cups-common.m4 12180 2014-10-01 12:08:02Z msweet $".
+dnl End of "$Id: cups-common.m4 12195 2014-10-02 18:45:59Z msweet $".
dnl
ac_config_headers="$ac_config_headers config.h"
-CUPS_VERSION=2.0.0
+CUPS_VERSION=2.0.1
CUPS_REVISION=
#if test -z "$CUPS_REVISION" -a -d .svn; then
# CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`"
-ac_config_files="$ac_config_files Makedefs conf/cups-files.conf conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf cups-config data/testprint desktop/cups.desktop doc/index.html man/client.conf.man man/cups-files.conf.man man/cups-lpd.man man/cups-snmp.man man/cupsaddsmb.man man/cupsd.conf.man man/cupsd.man man/lpoptions.man scheduler/cups-lpd.xinetd scheduler/cups.sh scheduler/cups.xml scheduler/org.cups.cups-lpd.plist scheduler/org.cups.cupsd.path scheduler/org.cups.cupsd.service scheduler/org.cups.cupsd.socket templates/header.tmpl packaging/cups.list $LANGFILES"
+ac_config_files="$ac_config_files Makedefs conf/cups-files.conf conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf cups-config data/testprint desktop/cups.desktop doc/index.html man/client.conf.man man/cups-files.conf.man man/cups-lpd.man man/cups-snmp.man man/cupsaddsmb.man man/cupsd.conf.man man/cupsd.man man/lpoptions.man scheduler/cups-lpd.xinetd scheduler/cups.sh scheduler/cups.xml scheduler/org.cups.cups-lpd.plist scheduler/org.cups.cups-lpdAT.service scheduler/org.cups.cupsd.path scheduler/org.cups.cupsd.service scheduler/org.cups.cupsd.socket templates/header.tmpl packaging/cups.list $LANGFILES"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
"scheduler/cups.sh") CONFIG_FILES="$CONFIG_FILES scheduler/cups.sh" ;;
"scheduler/cups.xml") CONFIG_FILES="$CONFIG_FILES scheduler/cups.xml" ;;
"scheduler/org.cups.cups-lpd.plist") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cups-lpd.plist" ;;
+ "scheduler/org.cups.cups-lpdAT.service") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cups-lpdAT.service" ;;
"scheduler/org.cups.cupsd.path") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cupsd.path" ;;
"scheduler/org.cups.cupsd.service") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cupsd.service" ;;
"scheduler/org.cups.cupsd.socket") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cupsd.socket" ;;
dnl
-dnl "$Id: configure.ac 11823 2014-04-21 12:22:03Z msweet $"
+dnl "$Id: configure.ac 12222 2014-10-21 11:55:01Z msweet $"
dnl
dnl Configuration script for CUPS.
dnl
scheduler/cups.sh
scheduler/cups.xml
scheduler/org.cups.cups-lpd.plist
+ scheduler/org.cups.cups-lpdAT.service
scheduler/org.cups.cupsd.path
scheduler/org.cups.cupsd.service
scheduler/org.cups.cupsd.socket
chmod +x cups-config
dnl
-dnl End of "$Id: configure.ac 11823 2014-04-21 12:22:03Z msweet $".
+dnl End of "$Id: configure.ac 12222 2014-10-21 11:55:01Z msweet $".
dnl
/*
- * "$Id: auth.c 11776 2014-03-28 19:16:05Z msweet $"
+ * "$Id: auth.c 12230 2014-10-21 13:55:24Z msweet $"
*
* Authentication functions for CUPS.
*
if (
# ifdef HAVE_GSSAPI
- strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9) &&
+ _cups_strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9) &&
# endif /* HAVE_GSSAPI */
# ifdef HAVE_AUTHORIZATION_H
!httpGetSubField2(http, HTTP_FIELD_WWW_AUTHENTICATE, "authkey",
filename, strerror(errno)));
# ifdef HAVE_GSSAPI
- if (!strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9))
+ if (!_cups_strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9))
{
/*
* Kerberos required, don't try the root certificate...
/*
- * End of "$Id: auth.c 11776 2014-03-28 19:16:05Z msweet $".
+ * End of "$Id: auth.c 12230 2014-10-21 13:55:24Z msweet $".
*/
/*
- * "$Id: cups.h 12094 2014-08-19 12:15:11Z msweet $"
+ * "$Id: cups.h 12195 2014-10-02 18:45:59Z msweet $"
*
* API definitions for CUPS.
*
* Constants...
*/
-# define CUPS_VERSION 2.0000
+# define CUPS_VERSION 2.0001
# define CUPS_VERSION_MAJOR 2
# define CUPS_VERSION_MINOR 0
-# define CUPS_VERSION_PATCH 0
+# define CUPS_VERSION_PATCH 1
# define CUPS_BC_FD 3
/* Back-channel file descriptor for
#endif /* !_CUPS_CUPS_H_ */
/*
- * End of "$Id: cups.h 12094 2014-08-19 12:15:11Z msweet $".
+ * End of "$Id: cups.h 12195 2014-10-02 18:45:59Z msweet $".
*/
/*
- * "$Id: http-private.h 12126 2014-08-28 16:02:00Z msweet $"
+ * "$Id: http-private.h 12243 2014-11-12 12:12:59Z msweet $"
*
* Private HTTP definitions for CUPS.
*
#define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
#define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
+#define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
+#define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */
+
/*
* Types and functions for SSL support...
extern size_t _httpTLSPending(http_t *http);
extern int _httpTLSRead(http_t *http, char *buf, int len);
extern int _httpTLSSetCredentials(http_t *http);
+extern void _httpTLSSetOptions(int options);
extern int _httpTLSStart(http_t *http);
extern void _httpTLSStop(http_t *http);
extern int _httpTLSWrite(http_t *http, const char *buf, int len);
#endif /* !_CUPS_HTTP_PRIVATE_H_ */
/*
- * End of "$Id: http-private.h 12126 2014-08-28 16:02:00Z msweet $".
+ * End of "$Id: http-private.h 12243 2014-11-12 12:12:59Z msweet $".
*/
/*
- * "$Id: http.c 12125 2014-08-28 15:49:29Z msweet $"
+ * "$Id: http.c 12230 2014-10-21 13:55:24Z msweet $"
*
* HTTP routines for CUPS.
*
http->server = _cupsStrAlloc(value);
break;
+ case HTTP_FIELD_WWW_AUTHENTICATE :
+ /* CUPS STR #4503 - don't override WWW-Authenticate for unknown auth schemes */
+ if (http->fields[HTTP_FIELD_WWW_AUTHENTICATE][0] &&
+ _cups_strncasecmp(value, "Basic ", 6) &&
+ _cups_strncasecmp(value, "Digest ", 7) &&
+ _cups_strncasecmp(value, "Negotiate ", 10))
+ {
+ DEBUG_printf(("1httpSetField: Ignoring unknown auth scheme in \"%s\".", value));
+ return;
+ }
+
+ /* Fall through to copy */
+
default :
strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
break;
return (-1);
}
}
+
+ /*
+ * "Click-jacking" defense (STR #4492)...
+ */
+
+ if (httpPrintf(http, "X-Frame-Options: DENY\r\n"
+ "Content-Security-Policy: frame-ancestors 'none'\r\n") < 1)
+ {
+ http->status = HTTP_STATUS_ERROR;
+ return (-1);
+ }
}
if (httpWrite2(http, "\r\n", 2) < 2)
/*
- * End of "$Id: http.c 12125 2014-08-28 15:49:29Z msweet $".
+ * End of "$Id: http.c 12230 2014-10-21 13:55:24Z msweet $".
*/
/*
- * "$Id: ipp-support.c 12095 2014-08-19 16:16:06Z msweet $"
+ * "$Id: ipp-support.c 12194 2014-10-02 18:44:36Z msweet $"
*
* Internet Printing Protocol support functions for CUPS.
*
ipp_attribute_t *attr; /* Current member attribute */
+ if (!col)
+ {
+ if (buffer)
+ *buffer = '\0';
+
+ return (0);
+ }
+
bufptr = buffer;
bufend = buffer + bufsize - 1;
/*
- * End of "$Id: ipp-support.c 12095 2014-08-19 16:16:06Z msweet $".
+ * End of "$Id: ipp-support.c 12194 2014-10-02 18:44:36Z msweet $".
*/
/*
- * "$Id: tls-darwin.c 12159 2014-09-23 14:56:14Z msweet $"
+ * "$Id: tls-darwin.c 12215 2014-10-20 18:24:56Z msweet $"
*
* TLS support code for CUPS on OS X.
*
extern char **environ;
+/*
+ * Test define - set to 1 to use SSLSetEnabledCiphers. Currently disabled (0)
+ * because of <rdar://problem/18707430>.
+ */
+
+#define USE_SET_ENABLED_CIPHERS 0
+
+
/*
* Local globals...
*/
/* Server cert keychain path */
static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER;
/* Mutex for keychain/certs */
+static int tls_options = 0;/* Options for TLS connections */
#endif /* HAVE_SECKEYCHAINOPEN */
}
+/*
+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
+ */
+
+void
+_httpTLSSetOptions(int options) /* I - Options */
+{
+ tls_options = options;
+}
+
+
/*
* '_httpTLSStart()' - Set up SSL/TLS support on a connection.
*/
{
error = SSLSetSessionOption(http->tls, kSSLSessionOptionBreakOnServerAuth,
true);
- DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d",
- (int)error));
+ DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d", (int)error));
+ }
+
+ if (!error)
+ {
+ error = SSLSetProtocolVersionMin(http->tls, (tls_options & _HTTP_TLS_ALLOW_SSL3) ? kSSLProtocol3 : kTLSProtocol1);
+ DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin, error=%d", (int)error));
+ }
+
+# if USE_SET_ENABLED_CIPHERS
+ if (!error)
+ {
+ SSLCipherSuite supported[100]; /* Supported cipher suites */
+ size_t num_supported; /* Number of supported cipher suites */
+ SSLCipherSuite enabled[100]; /* Cipher suites to enable */
+ size_t num_enabled; /* Number of cipher suites to enable */
+
+ num_supported = sizeof(supported) / sizeof(supported[0]);
+ error = SSLGetSupportedCiphers(http->tls, supported, &num_supported);
+
+ if (!error)
+ {
+ DEBUG_printf(("4_httpTLSStart: %d cipher suites supported.", (int)num_supported));
+
+ for (i = 0, num_enabled = 0; i < (int)num_supported && num_enabled < (sizeof(enabled) / sizeof(enabled[0])); i ++)
+ {
+ switch (supported[i])
+ {
+ /* Obviously insecure cipher suites that we never want to use */
+ case SSL_NULL_WITH_NULL_NULL :
+ case SSL_RSA_WITH_NULL_MD5 :
+ case SSL_RSA_WITH_NULL_SHA :
+ case SSL_RSA_EXPORT_WITH_RC4_40_MD5 :
+ case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 :
+ case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_RSA_WITH_DES_CBC_SHA :
+ case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DH_DSS_WITH_DES_CBC_SHA :
+ case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DH_RSA_WITH_DES_CBC_SHA :
+ case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DHE_DSS_WITH_DES_CBC_SHA :
+ case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DHE_RSA_WITH_DES_CBC_SHA :
+ case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 :
+ case SSL_DH_anon_WITH_RC4_128_MD5 :
+ case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DH_anon_WITH_DES_CBC_SHA :
+ case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA :
+ case SSL_FORTEZZA_DMS_WITH_NULL_SHA :
+ case TLS_DH_anon_WITH_AES_128_CBC_SHA :
+ case TLS_DH_anon_WITH_AES_256_CBC_SHA :
+ case TLS_ECDH_ECDSA_WITH_NULL_SHA :
+ case TLS_ECDHE_RSA_WITH_NULL_SHA :
+ case TLS_ECDH_anon_WITH_NULL_SHA :
+ case TLS_ECDH_anon_WITH_RC4_128_SHA :
+ case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA :
+ case TLS_ECDH_anon_WITH_AES_128_CBC_SHA :
+ case TLS_ECDH_anon_WITH_AES_256_CBC_SHA :
+ case TLS_RSA_WITH_NULL_SHA256 :
+ case TLS_DH_anon_WITH_AES_128_CBC_SHA256 :
+ case TLS_DH_anon_WITH_AES_256_CBC_SHA256 :
+ case TLS_PSK_WITH_NULL_SHA :
+ case TLS_DHE_PSK_WITH_NULL_SHA :
+ case TLS_RSA_PSK_WITH_NULL_SHA :
+ case TLS_DH_anon_WITH_AES_128_GCM_SHA256 :
+ case TLS_DH_anon_WITH_AES_256_GCM_SHA384 :
+ case TLS_PSK_WITH_NULL_SHA256 :
+ case TLS_PSK_WITH_NULL_SHA384 :
+ case TLS_DHE_PSK_WITH_NULL_SHA256 :
+ case TLS_DHE_PSK_WITH_NULL_SHA384 :
+ case TLS_RSA_PSK_WITH_NULL_SHA256 :
+ case TLS_RSA_PSK_WITH_NULL_SHA384 :
+ case SSL_RSA_WITH_DES_CBC_MD5 :
+ break;
+
+ /* RC4 cipher suites that should only be used as a last resort */
+ case SSL_RSA_WITH_RC4_128_MD5 :
+ case SSL_RSA_WITH_RC4_128_SHA :
+ case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
+ case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
+ case TLS_ECDH_RSA_WITH_RC4_128_SHA :
+ case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
+ case TLS_PSK_WITH_RC4_128_SHA :
+ case TLS_DHE_PSK_WITH_RC4_128_SHA :
+ case TLS_RSA_PSK_WITH_RC4_128_SHA :
+ if (tls_options & _HTTP_TLS_ALLOW_RC4)
+ enabled[num_enabled ++] = supported[i];
+ break;
+
+ /* Anything else we'll assume is secure */
+ default :
+ enabled[num_enabled ++] = supported[i];
+ break;
+ }
+ }
+
+ DEBUG_printf(("4_httpTLSStart: %d cipher suites enabled.", (int)num_enabled));
+ error = SSLSetEnabledCiphers(http->tls, enabled, num_enabled);
+ }
}
+#endif /* USE_SET_ENABLED_CIPHERS */
if (!error && http->mode == _HTTP_MODE_CLIENT)
{
/*
- * End of "$Id: tls-darwin.c 12159 2014-09-23 14:56:14Z msweet $".
+ * End of "$Id: tls-darwin.c 12215 2014-10-20 18:24:56Z msweet $".
*/
/*
- * "$Id: tls-gnutls.c 12159 2014-09-23 14:56:14Z msweet $"
+ * "$Id: tls-gnutls.c 12215 2014-10-20 18:24:56Z msweet $"
*
* TLS support code for CUPS using GNU TLS.
*
/* Server cert keychain path */
static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER;
/* Mutex for keychain/certs */
+static int tls_options = 0;/* Options for TLS connections */
/*
}
+/*
+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
+ */
+
+void
+_httpTLSSetOptions(int options) /* I - Options */
+{
+ tls_options = options;
+}
+
+
/*
* '_httpTLSStart()' - Set up SSL/TLS support on a connection.
*/
return (-1);
}
+ if (!tls_options)
+ gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
+ else if ((tls_options & _HTTP_TLS_ALLOW_SSL3) && (tls_options & _HTTP_TLS_ALLOW_RC4))
+ gnutls_priority_set_direct(http->tls, "NORMAL", NULL);
+ else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL", NULL);
+ else
+ gnutls_priority_set_direct(http->tls, "NORMAL:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
+
gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr_t)http);
gnutls_transport_set_pull_function(http->tls, http_gnutls_read);
#ifdef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION
/*
- * End of "$Id: tls-gnutls.c 12159 2014-09-23 14:56:14Z msweet $".
+ * End of "$Id: tls-gnutls.c 12215 2014-10-20 18:24:56Z msweet $".
*/
/*
- * "$Id: tls-sspi.c 12159 2014-09-23 14:56:14Z msweet $"
+ * "$Id: tls-sspi.c 12215 2014-10-20 18:24:56Z msweet $"
*
- * TLS support for CUPS on Windows using SSPI.
+ * TLS support for CUPS on Windows using the Security Support Provider
+ * Interface (SSPI).
*
* Copyright 2010-2014 by Apple Inc.
*
# define SECURITY_FLAG_IGNORE_CERT_DATE_INVALID 0x00002000 /* Expired X509 Cert. */
#endif /* !SECURITY_FLAG_IGNORE_CERT_DATE_INVALID */
+
+/*
+ * Local globals...
+ */
+
+static int tls_options = 0;/* Options for TLS connections */
+
+
/*
* Local functions...
*/
}
+/*
+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
+ */
+
+void
+_httpTLSSetOptions(int options) /* I - Options */
+{
+ tls_options = options;
+}
+
+
/*
* '_httpTLSStart()' - Set up SSL/TLS support on a connection.
*/
SchannelCred.paCred = &storedContext;
/*
- * SSPI doesn't seem to like it if grbitEnabledProtocols is set for a client.
+ * Set supported protocols (can also be overriden in the registry...)
*/
+#ifdef SP_PROT_TLS1_2_SERVER
if (http->mode == _HTTP_MODE_SERVER)
- SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1;
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER | SP_PROT_SSL3_SERVER;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER;
+ }
+ else
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_SSL3_CLIENT;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT;
+ }
+
+#else
+ if (http->mode == _HTTP_MODE_SERVER)
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER;
+ }
+ else
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
+ }
+#endif /* SP_PROT_TLS1_2_SERVER */
+
+ /* TODO: Support _HTTP_TLS_ALLOW_RC4 option; right now we'll rely on Windows registry to enable/disable RC4... */
/*
* Create an SSPI credential.
/*
- * End of "$Id: tls-sspi.c 12159 2014-09-23 14:56:14Z msweet $".
+ * End of "$Id: tls-sspi.c 12215 2014-10-20 18:24:56Z msweet $".
*/
/*
- * "$Id: usersys.c 12124 2014-08-28 15:37:22Z msweet $"
+ * "$Id: usersys.c 12215 2014-10-20 18:24:56Z msweet $"
*
* User, system, and password routines for CUPS.
*
#endif /* HAVE_GSSAPI */
const char *cups_anyroot,
const char *cups_expiredcerts,
- const char *cups_validatecerts);
+ const char *cups_validatecerts,
+ int ssl_options);
/*
if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] ||
!cg->user[0] || !cg->ipp_port)
{
+ /*
+ * Look for CUPS_SERVERROOT/client.conf...
+ */
+
+ snprintf(filename, sizeof(filename), "%s/client.conf",
+ cg->cups_serverroot);
+ fp = cupsFileOpen(filename, "r");
+
+ /*
+ * Read the configuration file and apply any environment variables; both
+ * functions handle NULL cups_file_t pointers...
+ */
+
+ cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
+#ifdef HAVE_GSSAPI
+ cups_gssservicename,
+#endif /* HAVE_GSSAPI */
+ cups_anyroot, cups_expiredcerts, cups_validatecerts, 1);
+ cupsFileClose(fp);
+
+ /*
+ * Then user defaults, if it is safe to do so...
+ */
+
# ifdef HAVE_GETEUID
if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
# elif !defined(WIN32)
snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
fp = cupsFileOpen(filename, "r");
- }
- else
- fp = NULL;
- if (!fp)
- {
/*
- * Look for CUPS_SERVERROOT/client.conf...
+ * Read the configuration file and apply any environment variables; both
+ * functions handle NULL cups_file_t pointers...
*/
- snprintf(filename, sizeof(filename), "%s/client.conf",
- cg->cups_serverroot);
- fp = cupsFileOpen(filename, "r");
- }
-
- /*
- * Read the configuration file and apply any environment variables; both
- * functions handle NULL cups_file_t pointers...
- */
-
- cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
+ cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
#ifdef HAVE_GSSAPI
- cups_gssservicename,
+ cups_gssservicename,
#endif /* HAVE_GSSAPI */
- cups_anyroot, cups_expiredcerts, cups_validatecerts);
- cupsFileClose(fp);
+ cups_anyroot, cups_expiredcerts, cups_validatecerts, 0);
+ cupsFileClose(fp);
+ }
}
}
#endif /* HAVE_GSSAPI */
const char *cups_anyroot, /* I - CUPS_ANYROOT env var */
const char *cups_expiredcerts, /* I - CUPS_EXPIREDCERTS env var */
- const char *cups_validatecerts)/* I - CUPS_VALIDATECERTS env var */
+ const char *cups_validatecerts,/* I - CUPS_VALIDATECERTS env var */
+ int ssl_options) /* I - Allow setting of SSLOptions? */
{
int linenum; /* Current line number */
char line[1024], /* Line from file */
cups_gssservicename = gss_service_name;
}
#endif /* HAVE_GSSAPI */
+ else if (ssl_options && !_cups_strcasecmp(line, "SSLOptions") && value)
+ {
+ /*
+ * SSLOptions [AllowRC4] [AllowSSL3] [None]
+ */
+
+ int options = 0; /* SSL/TLS options */
+ char *start, /* Start of option */
+ *end; /* End of option */
+
+ for (start = value; *start; start = end)
+ {
+ /*
+ * Find end of keyword...
+ */
+
+ end = start;
+ while (*end && !_cups_isspace(*end))
+ end ++;
+
+ if (*end)
+ *end++ = '\0';
+
+ /*
+ * Compare...
+ */
+
+ if (!_cups_strcasecmp(start, "AllowRC4"))
+ options |= _HTTP_TLS_ALLOW_RC4;
+ else if (!_cups_strcasecmp(start, "AllowSSL3"))
+ options |= _HTTP_TLS_ALLOW_SSL3;
+ else if (!_cups_strcasecmp(start, "None"))
+ options = 0;
+ }
+
+ _httpTLSSetOptions(options);
+ }
}
/*
/*
- * End of "$Id: usersys.c 12124 2014-08-28 15:37:22Z msweet $".
+ * End of "$Id: usersys.c 12215 2014-10-20 18:24:56Z msweet $".
*/
/*
- * "$Id: util.c 12073 2014-07-31 00:58:00Z msweet $"
+ * "$Id: util.c 12220 2014-10-20 22:03:01Z msweet $"
*
* Printing utilities for CUPS.
*
snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd", cg->cups_serverroot,
name);
- if (!stat(ppdname, &ppdinfo))
+ if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK))
{
/*
- * OK, the file exists, use it!
+ * OK, the file exists and is readable, use it!
*/
if (buffer[0])
/*
- * End of "$Id: util.c 12073 2014-07-31 00:58:00Z msweet $".
+ * End of "$Id: util.c 12220 2014-10-20 22:03:01Z msweet $".
*/
<b>Note: This directive it not supported on OS X 10.7 or later.</b>
<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
+<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
+<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
<dt><b>User </b><i>name</i>
<dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
<dt><b>ValidateCerts Yes</b>
<dd style="margin-left: 5.0em"><dt><b>SSLListen [</b><i>ipv6-address</i><b>]:</b><i>port</i>
<dd style="margin-left: 5.0em"><dt><b>SSLListen *:</b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified address and port for encrypted connections.
+<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
+<dd style="margin-left: 5.0em">Sets encryption options.
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
<dt><b>SSLPort </b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified port for encrypted connections.
<dt><b>StrictConformance Yes</b>
.\"
-.\" "$Id: client.conf.man.in 11851 2014-05-07 23:55:35Z msweet $"
+.\" "$Id: client.conf.man.in 12215 2014-10-20 18:24:56Z msweet $"
.\"
.\" client.conf man page for CUPS.
.\"
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH client.conf 5 "CUPS" "7 May 2014" "Apple Inc."
+.TH client.conf 5 "CUPS" "20 October 2014" "Apple Inc."
.SH NAME
client.conf \- client configuration file for cups (deprecated)
.SH DESCRIPTION
\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR
Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
.TP 5
+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
+.TP 5
+\fBSSLOptions None\fR
+Sets encryption options (only in /etc/cups/client.conf).
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+.TP 5
\fBUser \fIname\fR
Specifies the default user name to use for requests.
.TP 5
.SH COPYRIGHT
Copyright \[co] 2007-2014 by Apple Inc.
.\"
-.\" End of "$Id: client.conf.man.in 11851 2014-05-07 23:55:35Z msweet $".
+.\" End of "$Id: client.conf.man.in 12215 2014-10-20 18:24:56Z msweet $".
.\"
.\"
-.\" "$Id: cupsd.conf.man.in 12059 2014-07-28 14:04:32Z msweet $"
+.\" "$Id: cupsd.conf.man.in 12215 2014-10-20 18:24:56Z msweet $"
.\"
.\" cupsd.conf man page for CUPS.
.\"
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cupsd.conf 5 "CUPS" "28 July 2014" "Apple Inc."
+.TH cupsd.conf 5 "CUPS" "20 October 2014" "Apple Inc."
.SH NAME
cupsd.conf \- server configuration file for cups
.SH DESCRIPTION
\fBSSLListen *:\fIport\fR
Listens on the specified address and port for encrypted connections.
.TP 5
+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
+.TP 5
+\fBSSLOptions None\fR
+Sets encryption options.
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+.TP 5
\fBSSLPort \fIport\fR
Listens on the specified port for encrypted connections.
.TP 5
.SH COPYRIGHT
Copyright \[co] 2007-2014 by Apple Inc.
.\"
-.\" End of "$Id: cupsd.conf.man.in 12059 2014-07-28 14:04:32Z msweet $".
+.\" End of "$Id: cupsd.conf.man.in 12215 2014-10-20 18:24:56Z msweet $".
.\"
#
-# "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $"
+# "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $"
#
# RPM "spec" file for CUPS.
#
Summary: CUPS
Name: cups
-Version: 2.0.0
+Version: 2.0.1
Release: 1
Epoch: 1
License: GPL
Group: System Environment/Daemons
-Source: http://www.cups.org/software/2.0.0/cups-2.0.0-source.tar.bz2
+Source: http://www.cups.org/software/2.0.1/cups-2.0.1-source.tar.bz2
Url: http://www.cups.org
Packager: Anonymous <anonymous@foo.com>
Vendor: Apple Inc.
%if %{?_with_systemd:1}%{!?_with_systemd:0}
# SystemD
-/usr/lib/systemd/system/*
+/usr/lib/systemd/system/org.cups.cupsd.*
%else
# Legacy init support on Linux
#/usr/share/doc/cups/ca/*
#%dir /usr/share/doc/cups/cs
#/usr/share/doc/cups/cs/*
-#%dir /usr/share/doc/cups/es
-#/usr/share/doc/cups/es/*
+%dir /usr/share/doc/cups/es
+/usr/share/doc/cups/es/*
#%dir /usr/share/doc/cups/fr
#/usr/share/doc/cups/fr/*
#%dir /usr/share/doc/cups/ja
%files lpd
%defattr(-,root,root)
+%if %{?_with_systemd:1}%{!?_with_systemd:0}
+# SystemD
+/usr/lib/systemd/system/org.cups.cups-lpd*
+%else
+# Legacy xinetd
/etc/xinetd.d/cups-lpd
+%endif
+
%dir /usr/lib/cups
%dir /usr/lib/cups/daemon
/usr/lib/cups/daemon/cups-lpd
#
-# End of "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $".
+# End of "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $".
#
#
-# "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $"
+# "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $"
#
# RPM "spec" file for CUPS.
#
%if %{?_with_systemd:1}%{!?_with_systemd:0}
# SystemD
-/usr/lib/systemd/system/*
+/usr/lib/systemd/system/org.cups.cupsd.*
%else
# Legacy init support on Linux
#/usr/share/doc/cups/ca/*
#%dir /usr/share/doc/cups/cs
#/usr/share/doc/cups/cs/*
-#%dir /usr/share/doc/cups/es
-#/usr/share/doc/cups/es/*
+%dir /usr/share/doc/cups/es
+/usr/share/doc/cups/es/*
#%dir /usr/share/doc/cups/fr
#/usr/share/doc/cups/fr/*
#%dir /usr/share/doc/cups/ja
%files lpd
%defattr(-,root,root)
+%if %{?_with_systemd:1}%{!?_with_systemd:0}
+# SystemD
+/usr/lib/systemd/system/org.cups.cups-lpd*
+%else
+# Legacy xinetd
/etc/xinetd.d/cups-lpd
+%endif
+
%dir /usr/lib/cups
%dir /usr/lib/cups/daemon
/usr/lib/cups/daemon/cups-lpd
#
-# End of "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $".
+# End of "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $".
#
#
-# "$Id: Makefile 12132 2014-08-29 11:27:18Z msweet $"
+# "$Id: Makefile 12222 2014-10-21 11:55:01Z msweet $"
#
# Scheduler Makefile for CUPS.
#
-# Copyright 2007-2013 by Apple Inc.
+# Copyright 2007-2014 by Apple Inc.
# Copyright 1997-2007 by Easy Software Products, all rights reserved.
#
# These coded instructions, statements, and computer programs are the
$(INSTALL_DATA) org.cups.cupsd.path $(BUILDROOT)$(SYSTEMD_DIR); \
$(INSTALL_DATA) org.cups.cupsd.service $(BUILDROOT)$(SYSTEMD_DIR); \
$(INSTALL_DATA) org.cups.cupsd.socket $(BUILDROOT)$(SYSTEMD_DIR); \
- fi
- if test "x$(XINETD)" != x; then \
+ $(INSTALL_DATA) org.cups.cups-lpdAT.service $(BUILDROOT)$(SYSTEMD_DIR)/org.cups.cups-lpd@.service; \
+ $(INSTALL_DATA) org.cups.cups-lpd.socket $(BUILDROOT)$(SYSTEMD_DIR); \
+ elif test "x$(XINETD)" != x; then \
echo Installing xinetd configuration file for cups-lpd...; \
$(INSTALL_DIR) -m 755 $(BUILDROOT)$(XINETD); \
$(INSTALL_DATA) cups-lpd.xinetd $(BUILDROOT)$(XINETD)/cups-lpd; \
#
-# End of "$Id: Makefile 12132 2014-08-29 11:27:18Z msweet $".
+# End of "$Id: Makefile 12222 2014-10-21 11:55:01Z msweet $".
#
/*
- * "$Id: colorman.c 11558 2014-02-06 18:33:34Z msweet $"
+ * "$Id: colorman.c 12226 2014-10-21 13:36:05Z msweet $"
*
* Color management routines for the CUPS scheduler.
*
cupsdStopColor(void)
{
#if !defined(__APPLE__) && defined(HAVE_DBUS)
- dbus_connection_unref(colord_con);
+ if (colord_con)
+ dbus_connection_unref(colord_con);
colord_con = NULL;
#endif /* !__APPLE__ && HAVE_DBUS */
}
/*
- * End of "$Id: colorman.c 11558 2014-02-06 18:33:34Z msweet $".
+ * End of "$Id: colorman.c 12226 2014-10-21 13:36:05Z msweet $".
*/
/*
- * "$Id: conf.c 12178 2014-09-30 18:56:48Z msweet $"
+ * "$Id: conf.c 12224 2014-10-21 13:16:30Z msweet $"
*
* Configuration routines for the CUPS scheduler.
*
# else
cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
# endif /* HAVE_GNUTLS */
+
+ _httpTLSSetOptions(0);
#endif /* HAVE_SSL */
language = cupsLangDefault();
cupsdLogMessage(CUPSD_LOG_NOTICE,
"Group and SystemGroup cannot use the same groups.");
+ if (FatalErrors & (CUPSD_FATAL_CONFIG | CUPSD_FATAL_PERMISSIONS))
+ return (0);
+
cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
group = getgrnam("nobody");
"FaxRetryLimit is deprecated; use "
"JobRetryLimit on line %d.", linenum);
}
+ else if (!_cups_strcasecmp(line, "SSLOptions"))
+ {
+ /*
+ * SSLOptions [AllowRC4] [AllowSSL3] [None]
+ */
+
+ int options = 0; /* SSL/TLS options */
+
+ if (value)
+ {
+ char *start, /* Start of option */
+ *end; /* End of option */
+
+ for (start = value; *start; start = end)
+ {
+ /*
+ * Find end of keyword...
+ */
+
+ end = start;
+ while (*end && !_cups_isspace(*end))
+ end ++;
+
+ if (*end)
+ *end++ = '\0';
+
+ /*
+ * Compare...
+ */
+
+ if (!_cups_strcasecmp(start, "AllowRC4"))
+ options |= _HTTP_TLS_ALLOW_RC4;
+ else if (!_cups_strcasecmp(start, "AllowSSL3"))
+ options |= _HTTP_TLS_ALLOW_SSL3;
+ else if (!_cups_strcasecmp(start, "None"))
+ options = 0;
+ else if (_cups_strcasecmp(start, "NoEmptyFragments"))
+ cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
+ }
+ }
+
+ _httpTLSSetOptions(options);
+ }
else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
#ifdef HAVE_SSL
|| !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
/*
- * End of "$Id: conf.c 12178 2014-09-30 18:56:48Z msweet $".
+ * End of "$Id: conf.c 12224 2014-10-21 13:16:30Z msweet $".
*/
/*
- * "$Id: main.c 12140 2014-08-30 01:51:22Z msweet $"
+ * "$Id: main.c 12248 2014-11-12 16:32:57Z msweet $"
*
* Main loop for the CUPS scheduler.
*
{
int i; /* Looping var */
char *opt; /* Option character */
- int fg; /* Run in the foreground */
+ int close_all = 1, /* Close all file descriptors? */
+ disconnect = 1, /* Disconnect from controlling terminal? */
+ fg = 0, /* Run in foreground? */
+ run_as_child = 0;
+ /* Running as child process? */
int fds; /* Number of ready descriptors */
cupsd_client_t *con; /* Current client */
cupsd_job_t *job; /* Current job */
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action; /* Actions for POSIX signals */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
- int run_as_child = 0;
- /* Needed for background fork/exec */
#ifdef __APPLE__
int use_sysman = 1; /* Use system management functions? */
#else
#ifdef HAVE_LAUNCHD
if (getenv("CUPSD_LAUNCHD"))
{
- OnDemand = 1;
- fg = 1;
+ OnDemand = 1;
+ fg = 1;
+ close_all = 0;
+ disconnect = 0;
}
#endif /* HAVE_LAUNCHD */
{
case 'C' : /* Run as child with config file */
run_as_child = 1;
- fg = -1;
+ fg = 1;
+ close_all = 0;
case 'c' : /* Configuration file */
i ++;
break;
case 'f' : /* Run in foreground... */
- fg = 1;
+ fg = 1;
+ disconnect = 0;
+ close_all = 0;
break;
case 'F' : /* Run in foreground, but disconnect from terminal... */
- fg = -1;
+ fg = 1;
+ close_all = 0;
break;
case 'h' : /* Show usage/help */
case 'l' : /* Started by launchd/systemd... */
#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
- OnDemand = 1;
- fg = 1;
+ OnDemand = 1;
+ fg = 1;
+ close_all = 0;
+ disconnect = 0;
#else
_cupsLangPuts(stderr, _("cupsd: On-demand support not compiled "
"in, running in normal mode."));
- fg = 0;
+ fg = 0;
+ disconnect = 1;
+ close_all = 1;
#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
break;
"use only!\n", stderr);
stop_scheduler = 1;
fg = 1;
+ disconnect = 0;
+ close_all = 0;
break;
case 'P' : /* Disable security profiles */
case 't' : /* Test the cupsd.conf file... */
TestConfigFile = 1;
fg = 1;
+ disconnect = 0;
+ close_all = 0;
break;
default : /* Unknown option */
free(filename);
}
+ if (disconnect)
+ {
+ /*
+ * Make sure we aren't tying up any filesystems...
+ */
+
+ chdir("/");
+
+ /*
+ * Disconnect from the controlling terminal...
+ */
+
+ setsid();
+ }
+
+ if (close_all)
+ {
+ /*
+ * Close all open files...
+ */
+
+ getrlimit(RLIMIT_NOFILE, &limit);
+
+ for (i = 0; i < (int)limit.rlim_cur && i < 1024; i ++)
+ close(i);
+
+ /*
+ * Redirect stdin/out/err to /dev/null...
+ */
+
+ if ((i = open("/dev/null", O_RDONLY)) != 0)
+ {
+ dup2(i, 0);
+ close(i);
+ }
+
+ if ((i = open("/dev/null", O_WRONLY)) != 1)
+ {
+ dup2(i, 1);
+ close(i);
+ }
+
+ if ((i = open("/dev/null", O_WRONLY)) != 2)
+ {
+ dup2(i, 2);
+ close(i);
+ }
+ }
+
/*
- * If the user hasn't specified "-f", run in the background...
+ * Run in the background as needed...
*/
if (!fg)
#endif /* __OpenBSD__ && OpenBSD < 201211 */
/*
- * Since CoreFoundation and DBUS both create fork-unsafe data on execution of
- * a program, and since this kind of really unfriendly behavior seems to be
- * more common these days in system libraries, we need to re-execute the
- * background cupsd with the "-C" option to avoid problems. Unfortunately,
- * we also have to assume that argv[0] contains the name of the cupsd
- * executable - there is no portable way to get the real pathname...
+ * Since many system libraries create fork-unsafe data on execution of a
+ * program, we need to re-execute the background cupsd with the "-C" and "-s"
+ * options to avoid problems. Unfortunately, we also have to assume that
+ * argv[0] contains the name of the cupsd executable - there is no portable
+ * way to get the real pathname...
*/
- execlp(argv[0], argv[0], "-C", ConfigurationFile, (char *)0);
+ execlp(argv[0], argv[0], "-C", ConfigurationFile, "-s", CupsFilesFile, (char *)0);
exit(errno);
}
- if (fg < 1)
- {
- /*
- * Make sure we aren't tying up any filesystems...
- */
-
- chdir("/");
-
-#ifndef DEBUG
- /*
- * Disable core dumps...
- */
-
- getrlimit(RLIMIT_CORE, &limit);
- limit.rlim_cur = 0;
- setrlimit(RLIMIT_CORE, &limit);
-
- /*
- * Disconnect from the controlling terminal...
- */
-
- setsid();
-
- /*
- * Close all open files...
- */
-
- getrlimit(RLIMIT_NOFILE, &limit);
-
- for (i = 0; i < limit.rlim_cur && i < 1024; i ++)
- close(i);
-
- /*
- * Redirect stdin/out/err to /dev/null...
- */
-
- if ((i = open("/dev/null", O_RDONLY)) != 0)
- {
- dup2(i, 0);
- close(i);
- }
-
- if ((i = open("/dev/null", O_WRONLY)) != 1)
- {
- dup2(i, 1);
- close(i);
- }
-
- if ((i = open("/dev/null", O_WRONLY)) != 2)
- {
- dup2(i, 2);
- close(i);
- }
-#endif /* DEBUG */
- }
-
/*
* Set the timezone info...
*/
if (timeout == 86400 && OnDemand && IdleExitTimeout &&
!cupsArrayCount(ActiveJobs) &&
+# ifdef HAVE_SYSTEMD
+ !WebInterface &&
+# endif /* HAVE_SYSTEMD */
(!Browsing || !BrowseLocalProtocols || !cupsArrayCount(Printers)))
{
timeout = IdleExitTimeout;
* jobs or shared printers to advertise...
*/
- if (cupsArrayCount(ActiveJobs) ||
+ if (cupsArrayCount(ActiveJobs) || /* Active jobs */
+# ifdef HAVE_SYSTEMD
+ WebInterface || /* Web interface enabled */
+# endif /* HAVE_SYSTEMD */
(Browsing && BrowseLocalProtocols && cupsArrayCount(Printers)))
+ /* Printers being shared */
{
cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating keep-alive file \"" CUPS_KEEPALIVE "\".");
/*
- * End of "$Id: main.c 12140 2014-08-30 01:51:22Z msweet $".
+ * End of "$Id: main.c 12248 2014-11-12 16:32:57Z msweet $".
*/
--- /dev/null
+[Unit]
+Description=CUPS LPD Server Socket
+
+[Socket]
+ListenStream=515
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
--- /dev/null
+[Unit]
+Description=CUPS LPD server
+Documentation=man:cups-lpd(8)
+
+[Service]
+ExecStart=-@CUPS_SERVERBIN@/daemon/cups-lpd
+StandardInput=socket
+User=@CUPS_USER@
+
[Unit]
Description=CUPS Scheduler
+Documentation=man:cupsd(8)
[Service]
ExecStart=@sbindir@/cupsd -l
[Socket]
ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
-ListenStream=[::1]:631
-ListenStream=127.0.0.1:631
-BindIPv6Only=ipv6-only
-ReusePort=true
[Install]
WantedBy=sockets.target
/*
- * "$Id: process.c 12102 2014-08-20 15:19:09Z msweet $"
+ * "$Id: process.c 12252 2014-11-14 17:14:45Z msweet $"
*
* Process management routines for the CUPS scheduler.
*
int i; /* Looping var */
const char *exec_path = command; /* Command to be exec'd */
char *real_argv[110], /* Real command-line arguments */
- cups_exec[1024]; /* Path to "cups-exec" program */
+ cups_exec[1024], /* Path to "cups-exec" program */
+ user_str[16], /* User string */
+ group_str[16], /* Group string */
+ nice_str[16]; /* FilterNice string */
uid_t user; /* Command UID */
cupsd_proc_t *proc; /* New process record */
-#ifdef HAVE_POSIX_SPAWN
+#if defined(HAVE_POSIX_SPAWN) && !defined(__OpenBSD__)
posix_spawn_file_actions_t actions; /* Spawn file actions */
posix_spawnattr_t attrs; /* Spawn attributes */
- char user_str[16], /* User string */
- group_str[16], /* Group string */
- nice_str[16]; /* FilterNice string */
+ sigset_t defsignals; /* Default signals */
#elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action; /* POSIX signal handler */
-#endif /* HAVE_POSIX_SPAWN */
+#endif /* HAVE_POSIX_SPAWN && !__OpenBSD__ */
#if defined(__APPLE__)
char processPath[1024], /* CFProcessPath environment variable */
linkpath[1024]; /* Link path for symlinks... */
* Use helper program when we have a sandbox profile...
*/
-#ifndef HAVE_POSIX_SPAWN
+#if !defined(HAVE_POSIX_SPAWN) || defined(__OpenBSD__)
if (profile)
-#endif /* !HAVE_POSIX_SPAWN */
+#endif /* !HAVE_POSIX_SPAWN || __OpenBSD__ */
{
snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
snprintf(user_str, sizeof(user_str), "%d", user);
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: argv[%d] = \"%s\"", i, argv[i]);
}
-#ifdef HAVE_POSIX_SPAWN
+#if defined(HAVE_POSIX_SPAWN) && !defined(__OpenBSD__) /* OpenBSD posix_spawn is busted with SETSIGDEF */
/*
* Setup attributes and file actions for the spawn...
*/
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting spawn attributes.");
+ sigemptyset(&defsignals);
+ sigaddset(&defsignals, SIGTERM);
+ sigaddset(&defsignals, SIGCHLD);
+ sigaddset(&defsignals, SIGPIPE);
+
posix_spawnattr_init(&attrs);
posix_spawnattr_setflags(&attrs, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF);
+ posix_spawnattr_setpgroup(&attrs, 0);
+ posix_spawnattr_setsigdefault(&attrs, &defsignals);
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting file actions.");
posix_spawn_file_actions_init(&actions);
}
cupsdReleaseSignals();
-#endif /* HAVE_POSIX_SPAWN */
+#endif /* HAVE_POSIX_SPAWN && !__OpenBSD__ */
if (*pid)
{
/*
- * End of "$Id: process.c 12102 2014-08-20 15:19:09Z msweet $".
+ * End of "$Id: process.c 12252 2014-11-14 17:14:45Z msweet $".
*/
/*
- * "$Id: cancel.c 10996 2013-05-29 11:51:34Z msweet $"
+ * "$Id: cancel.c 12248 2014-11-12 16:32:57Z msweet $"
*
* "cancel" command for CUPS.
*
ippDelete(response);
}
- if (num_dests == 0 && op == IPP_PURGE_JOBS)
+ if (num_dests == 0 && op != IPP_CANCEL_JOB)
{
/*
* Open a connection to the server...
/*
- * End of "$Id: cancel.c 10996 2013-05-29 11:51:34Z msweet $".
+ * End of "$Id: cancel.c 12248 2014-11-12 16:32:57Z msweet $".
*/
{refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:}
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="viewport" content="width=device-width">
+ <style>html{display:none;}</style>
<script type="text/javascript"><!--
+ /* Only display document if we are not in a frame... */
+ if (self == top) {
+ document.documentElement.style.display = 'block';
+ } else {
+ top.location = self.location;
+ }
+
/* Show an error if cookies are disabled */
function check_cookies() {
if (!navigator.cookieEnabled) {
{refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:}
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="viewport" content="width=device-width">
+ <style>html{display:none;}</style>
<script type="text/javascript"><!--
+ /* Only display document if we are not in a frame... */
+ if (self == top) {
+ document.documentElement.style.display = 'block';
+ } else {
+ top.location = self.location;
+ }
+
/* Show an error if cookies are disabled */
function check_cookies() {
if (!navigator.cookieEnabled) {
/*
- * "$Id: ippserver.c 12136 2014-08-29 15:19:40Z msweet $"
+ * "$Id: ippserver.c 12215 2014-10-20 18:24:56Z msweet $"
*
* Sample IPP Everywhere server for CUPS.
*
#ifdef HAVE_DNSSD
# include <dns_sd.h>
+#elif defined(HAVE_AVAHI)
+# include <avahi-client/client.h>
+# include <avahi-client/publish.h>
+# include <avahi-common/error.h>
+# include <avahi-common/thread-watch.h>
#endif /* HAVE_DNSSD */
#ifdef HAVE_SYS_MOUNT_H
# include <sys/mount.h>
* Structures...
*/
+#ifdef HAVE_DNSSD
+typedef DNSServiceRef _ipp_srv_t; /* Service reference */
+typedef TXTRecordRef _ipp_txt_t; /* TXT record */
+
+#elif defined(HAVE_AVAHI)
+typedef AvahiEntryGroup *_ipp_srv_t; /* Service reference */
+typedef AvahiStringList *_ipp_txt_t; /* TXT record */
+
+#else
+typedef void *_ipp_srv_t; /* Service reference */
+typedef void *_ipp_txt_t; /* TXT record */
+#endif /* HAVE_DNSSD */
+
typedef struct _ipp_filter_s /**** Attribute filter ****/
{
cups_array_t *ra; /* Requested attributes */
{
int ipv4, /* IPv4 listener */
ipv6; /* IPv6 listener */
-#ifdef HAVE_DNSSD
- DNSServiceRef common_ref, /* Shared service connection */
- ipp_ref, /* Bonjour IPP service */
-# ifdef HAVE_SSL
+ _ipp_srv_t ipp_ref, /* Bonjour IPP service */
ipps_ref, /* Bonjour IPPS service */
-# endif /* HAVE_SSL */
http_ref, /* Bonjour HTTP service */
printer_ref; /* Bonjour LPD service */
- TXTRecordRef ipp_txt; /* Bonjour IPP TXT record */
- char *dnssd_name; /* printer-dnssd-name */
-#endif /* HAVE_DNSSD */
- char *name, /* printer-name */
+ char *dnssd_name, /* printer-dnssd-name */
+ *name, /* printer-name */
*icon, /* Icon filename */
*directory, /* Spool directory */
*hostname, /* Hostname */
const char *icon,
const char *docformats, int ppm,
int ppm_color, int duplex, int port,
- int pin,
-#ifdef HAVE_DNSSD
- const char *subtype,
-#endif /* HAVE_DNSSD */
+ int pin, const char *subtype,
const char *directory,
const char *command);
static void debug_attributes(const char *title, ipp_t *ipp,
const char *regtype,
const char *domain,
_ipp_printer_t *printer);
+#elif defined(HAVE_AVAHI)
+static void dnssd_callback(AvahiEntryGroup *p, AvahiEntryGroupState state, void *context);
+static void dnssd_client_cb(AvahiClient *c, AvahiClientState state, void *userdata);
#endif /* HAVE_DNSSD */
+static void dnssd_init(void);
static int filter_cb(_ipp_filter_t *filter, ipp_t *dst, ipp_attribute_t *attr);
static _ipp_job_t *find_job(_ipp_client_t *client);
static void html_escape(_ipp_client_t *client, const char *s,
static int process_http(_ipp_client_t *client);
static int process_ipp(_ipp_client_t *client);
static void *process_job(_ipp_job_t *job);
-#ifdef HAVE_DNSSD
static int register_printer(_ipp_printer_t *printer, const char *location, const char *make, const char *model, const char *formats, const char *adminurl, const char *uuid, int color, int duplex, const char *regtype);
-#endif /* HAVE_DNSSD */
static int respond_http(_ipp_client_t *client, http_status_t code,
const char *content_coding,
const char *type, size_t length);
* Globals...
*/
+# ifdef HAVE_DNSSD
+static DNSServiceRef DNSSDMaster = NULL;
+# else /* HAVE_AVAHI */
+static AvahiThreadedPoll *DNSSDMaster = NULL;
+static AvahiClient *DNSSDClient = NULL;
+# endif /* HAVE_DNSSD */
+
static int KeepFiles = 0,
Verbosity = 0;
#ifdef HAVE_SSL
const char *keypath = NULL; /* Keychain path */
#endif /* HAVE_SSL */
-#ifdef HAVE_DNSSD
const char *subtype = "_print"; /* Bonjour service subtype */
-#endif /* HAVE_DNSSD */
int port = 0, /* Port number (0 = auto) */
duplex = 0, /* Duplex mode */
ppm = 10, /* Pages per minute for mono */
port = atoi(argv[i]);
break;
-#ifdef HAVE_DNSSD
case 'r' : /* -r subtype */
i ++;
if (i >= argc)
usage(1);
subtype = argv[i];
break;
-#endif /* HAVE_DNSSD */
case 's' : /* -s speed[,color-speed] */
i ++;
{
#ifdef WIN32
/*
- * Windows is almost always used as a single user system, so use a default port
- * number of 8631.
+ * Windows is almost always used as a single user system, so use a default
+ * port number of 8631.
*/
port = 8631;
cupsSetServerCredentials(keypath, servername, 1);
#endif /* HAVE_SSL */
+ /*
+ * Initialize Bonjour...
+ */
+
+ dnssd_init();
+
/*
* Create the printer...
*/
if ((printer = create_printer(servername, name, location, make, model, icon,
formats, ppm, ppm_color, duplex, port, pin,
-#ifdef HAVE_DNSSD
- subtype,
-#endif /* HAVE_DNSSD */
- directory, command)) == NULL)
+ subtype, directory, command)) == NULL)
return (1);
/*
int duplex, /* I - 1 = duplex, 0 = simplex */
int port, /* I - Port for listeners or 0 for auto */
int pin, /* I - Require PIN printing */
-#ifdef HAVE_DNSSD
const char *subtype, /* I - Bonjour service subtype */
-#endif /* HAVE_DNSSD */
const char *directory, /* I - Spool directory */
const char *command) /* I - Command to run on job files */
{
printer->ipv4 = -1;
printer->ipv6 = -1;
printer->name = strdup(name);
-#ifdef HAVE_DNSSD
printer->dnssd_name = strdup(printer->name);
-#endif /* HAVE_DNSSD */
printer->command = command ? strdup(command) : NULL;
printer->directory = strdup(directory);
printer->hostname = strdup(servername);
debug_attributes("Printer", printer->attrs, 0);
-#ifdef HAVE_DNSSD
/*
* Register the printer with Bonjour...
*/
if (!register_printer(printer, location, make, model, docformats, adminurl, uuid + 9, ppm_color > 0, duplex, subtype))
goto bad_printer;
-#endif /* HAVE_DNSSD */
/*
* Return it!
#if HAVE_DNSSD
if (printer->printer_ref)
DNSServiceRefDeallocate(printer->printer_ref);
-
if (printer->ipp_ref)
DNSServiceRefDeallocate(printer->ipp_ref);
-
-# ifdef HAVE_SSL
if (printer->ipps_ref)
DNSServiceRefDeallocate(printer->ipps_ref);
-# endif /* HAVE_SSL */
if (printer->http_ref)
DNSServiceRefDeallocate(printer->http_ref);
+#elif defined(HAVE_AVAHI)
+ avahi_threaded_poll_lock(DNSSDMaster);
- if (printer->common_ref)
- DNSServiceRefDeallocate(printer->common_ref);
+ if (printer->printer_ref)
+ avahi_entry_group_free(printer->printer_ref);
+ if (printer->ipp_ref)
+ avahi_entry_group_free(printer->ipp_ref);
+ if (printer->ipps_ref)
+ avahi_entry_group_free(printer->ipps_ref);
+ if (printer->http_ref)
+ avahi_entry_group_free(printer->http_ref);
- TXTRecordDeallocate(&(printer->ipp_txt));
+ avahi_threaded_poll_unlock(DNSSDMaster);
+#endif /* HAVE_DNSSD */
if (printer->dnssd_name)
free(printer->dnssd_name);
-#endif /* HAVE_DNSSD */
-
if (printer->name)
free(printer->name);
if (printer->icon)
printer->dnssd_name = strdup(name);
}
}
+
+
+#elif defined(HAVE_AVAHI)
+/*
+ * 'dnssd_callback()' - Handle Bonjour registration events.
+ */
+
+static void
+dnssd_callback(
+ AvahiEntryGroup *srv, /* I - Service */
+ AvahiEntryGroupState state, /* I - Registration state */
+ void *context) /* I - Printer */
+{
+ (void)srv;
+ (void)state;
+ (void)context;
+}
+
+
+/*
+ * 'dnssd_client_cb()' - Client callback for Avahi.
+ *
+ * Called whenever the client or server state changes...
+ */
+
+static void
+dnssd_client_cb(
+ AvahiClient *c, /* I - Client */
+ AvahiClientState state, /* I - Current state */
+ void *userdata) /* I - User data (unused) */
+{
+ (void)userdata;
+
+ if (!c)
+ return;
+
+ switch (state)
+ {
+ default :
+ fprintf(stderr, "Ignore Avahi state %d.\n", state);
+ break;
+
+ case AVAHI_CLIENT_FAILURE:
+ if (avahi_client_errno(c) == AVAHI_ERR_DISCONNECTED)
+ {
+ fputs("Avahi server crashed, exiting.\n", stderr);
+ exit(1);
+ }
+ break;
+ }
+}
#endif /* HAVE_DNSSD */
+/*
+ * 'dnssd_init()' - Initialize the DNS-SD service connections...
+ */
+
+static void
+dnssd_init(void)
+{
+#ifdef HAVE_DNSSD
+ if (DNSServiceCreateConnection(&DNSSDMaster) != kDNSServiceErr_NoError)
+ {
+ fputs("Error: Unable to initialize Bonjour.\n", stderr);
+ exit(1);
+ }
+
+#elif defined(HAVE_AVAHI)
+ int error; /* Error code, if any */
+
+ if ((DNSSDMaster = avahi_threaded_poll_new()) == NULL)
+ {
+ fputs("Error: Unable to initialize Bonjour.\n", stderr);
+ exit(1);
+ }
+
+ if ((DNSSDClient = avahi_client_new(avahi_threaded_poll_get(DNSSDMaster), AVAHI_CLIENT_NO_FAIL, dnssd_client_cb, NULL, &error)) == NULL)
+ {
+ fputs("Error: Unable to initialize Bonjour.\n", stderr);
+ exit(1);
+ }
+
+ avahi_threaded_poll_start(DNSSDMaster);
+#endif /* HAVE_DNSSD */
+}
+
+
/*
* 'filter_cb()' - Filter printer attributes based on the requested array.
*/
* Filter attributes as needed...
*/
-// (void)dst;
+#ifndef WIN32 /* Avoid MS compiler bug */
+ (void)dst;
+#endif /* !WIN32 */
ipp_tag_t group = ippGetGroupTag(attr);
const char *name = ippGetName(attr);
}
-#ifdef HAVE_DNSSD
/*
* 'register_printer()' - Register a printer object via Bonjour.
*/
int duplex, /* I - 1 = duplex, 0 = simplex */
const char *subtype) /* I - Service subtype */
{
+ _ipp_txt_t ipp_txt; /* Bonjour IPP TXT record */
+#ifdef HAVE_DNSSD
DNSServiceErrorType error; /* Error from Bonjour */
char make_model[256],/* Make and model together */
product[256], /* Product string */
snprintf(make_model, sizeof(make_model), "%s %s", make, model);
snprintf(product, sizeof(product), "(%s)", model);
- TXTRecordCreate(&(printer->ipp_txt), 1024, NULL);
- TXTRecordSetValue(&(printer->ipp_txt), "rp", 9, "ipp/print");
- TXTRecordSetValue(&(printer->ipp_txt), "ty", (uint8_t)strlen(make_model),
+ TXTRecordCreate(&ipp_txt, 1024, NULL);
+ TXTRecordSetValue(&ipp_txt, "rp", 9, "ipp/print");
+ TXTRecordSetValue(&ipp_txt, "ty", (uint8_t)strlen(make_model),
make_model);
- TXTRecordSetValue(&(printer->ipp_txt), "adminurl", (uint8_t)strlen(adminurl),
+ TXTRecordSetValue(&ipp_txt, "adminurl", (uint8_t)strlen(adminurl),
adminurl);
if (*location)
- TXTRecordSetValue(&(printer->ipp_txt), "note", (uint8_t)strlen(location),
+ TXTRecordSetValue(&ipp_txt, "note", (uint8_t)strlen(location),
location);
- TXTRecordSetValue(&(printer->ipp_txt), "product", (uint8_t)strlen(product),
+ TXTRecordSetValue(&ipp_txt, "product", (uint8_t)strlen(product),
product);
- TXTRecordSetValue(&(printer->ipp_txt), "pdl", (uint8_t)strlen(formats),
+ TXTRecordSetValue(&ipp_txt, "pdl", (uint8_t)strlen(formats),
formats);
- TXTRecordSetValue(&(printer->ipp_txt), "Color", 1, color ? "T" : "F");
- TXTRecordSetValue(&(printer->ipp_txt), "Duplex", 1, duplex ? "T" : "F");
- TXTRecordSetValue(&(printer->ipp_txt), "usb_MFG", (uint8_t)strlen(make),
+ TXTRecordSetValue(&ipp_txt, "Color", 1, color ? "T" : "F");
+ TXTRecordSetValue(&ipp_txt, "Duplex", 1, duplex ? "T" : "F");
+ TXTRecordSetValue(&ipp_txt, "usb_MFG", (uint8_t)strlen(make),
make);
- TXTRecordSetValue(&(printer->ipp_txt), "usb_MDL", (uint8_t)strlen(model),
+ TXTRecordSetValue(&ipp_txt, "usb_MDL", (uint8_t)strlen(model),
model);
- TXTRecordSetValue(&(printer->ipp_txt), "UUID", (uint8_t)strlen(uuid), uuid);
+ TXTRecordSetValue(&ipp_txt, "UUID", (uint8_t)strlen(uuid), uuid);
# ifdef HAVE_SSL
- TXTRecordSetValue(&(printer->ipp_txt), "TLS", 3, "1.2");
+ TXTRecordSetValue(&ipp_txt, "TLS", 3, "1.2");
# endif /* HAVE_SSL */
- /*
- * Create a shared service reference for Bonjour...
- */
-
- if ((error = DNSServiceCreateConnection(&(printer->common_ref)))
- != kDNSServiceErr_NoError)
- {
- fprintf(stderr, "Unable to create mDNSResponder connection: %d\n", error);
- return (0);
- }
-
/*
* Register the _printer._tcp (LPD) service type with a port number of 0 to
* defend our service name but not actually support LPD...
*/
- printer->printer_ref = printer->common_ref;
+ printer->printer_ref = DNSSDMaster;
if ((error = DNSServiceRegister(&(printer->printer_ref),
kDNSServiceFlagsShareConnection,
* advertise our IPP printer...
*/
- printer->ipp_ref = printer->common_ref;
+ printer->ipp_ref = DNSSDMaster;
if (subtype && *subtype)
snprintf(regtype, sizeof(regtype), "_ipp._tcp,%s", subtype);
0 /* interfaceIndex */, printer->dnssd_name,
regtype, NULL /* domain */,
NULL /* host */, htons(printer->port),
- TXTRecordGetLength(&(printer->ipp_txt)),
- TXTRecordGetBytesPtr(&(printer->ipp_txt)),
+ TXTRecordGetLength(&ipp_txt),
+ TXTRecordGetBytesPtr(&ipp_txt),
(DNSServiceRegisterReply)dnssd_callback,
printer)) != kDNSServiceErr_NoError)
{
# ifdef HAVE_SSL
/*
* Then register the _ipps._tcp (IPP) service type with the real port number to
- * advertise our IPP printer...
+ * advertise our IPPS printer...
*/
- printer->ipps_ref = printer->common_ref;
+ printer->ipps_ref = DNSSDMaster;
if (subtype && *subtype)
snprintf(regtype, sizeof(regtype), "_ipps._tcp,%s", subtype);
0 /* interfaceIndex */, printer->dnssd_name,
regtype, NULL /* domain */,
NULL /* host */, htons(printer->port),
- TXTRecordGetLength(&(printer->ipp_txt)),
- TXTRecordGetBytesPtr(&(printer->ipp_txt)),
+ TXTRecordGetLength(&ipp_txt),
+ TXTRecordGetBytesPtr(&ipp_txt),
(DNSServiceRegisterReply)dnssd_callback,
printer)) != kDNSServiceErr_NoError)
{
* real port number to advertise our IPP printer...
*/
- printer->http_ref = printer->common_ref;
+ printer->http_ref = DNSSDMaster;
if ((error = DNSServiceRegister(&(printer->http_ref),
kDNSServiceFlagsShareConnection,
return (0);
}
+ TXTRecordDeallocate(&ipp_txt);
+
+#elif defined(HAVE_AVAHI)
+ char temp[256]; /* Subtype service string */
+
+ /*
+ * Create the TXT record...
+ */
+
+ ipp_txt = NULL;
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "rp=ipp/print");
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "ty=%s %s", make, model);
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "adminurl=%s", adminurl);
+ if (*location)
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "note=%s", location);
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "product=(%s)", model);
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "pdl=%s", formats);
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "Color=%s", color ? "T" : "F");
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "Duplex=%s", duplex ? "T" : "F");
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "usb_MFG=%s", make);
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "usb_MDL=%s", model);
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "UUID=%s", uuid);
+# ifdef HAVE_SSL
+ ipp_txt = avahi_string_list_add_printf(ipp_txt, "TLS=1.2");
+# endif /* HAVE_SSL */
+
+ /*
+ * Register _printer._tcp (LPD) with port 0 to reserve the service name...
+ */
+
+ avahi_threaded_poll_lock(DNSSDMaster);
+
+ printer->ipp_ref = avahi_entry_group_new(DNSSDClient, dnssd_callback, NULL);
+
+ avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_printer._tcp", NULL, NULL, 0, NULL);
+
+ /*
+ * Then register the _ipp._tcp (IPP)...
+ */
+
+ avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipp._tcp", NULL, NULL, printer->port, ipp_txt);
+ if (subtype && *subtype)
+ {
+ snprintf(temp, sizeof(temp), "%s._sub._ipp._tcp", subtype);
+ avahi_entry_group_add_service_subtype(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipp._tcp", NULL, temp);
+ }
+
+#ifdef HAVE_SSL
+ /*
+ * _ipps._tcp (IPPS) for secure printing...
+ */
+
+ avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipps._tcp", NULL, NULL, printer->port, ipp_txt);
+ if (subtype && *subtype)
+ {
+ snprintf(temp, sizeof(temp), "%s._sub._ipps._tcp", subtype);
+ avahi_entry_group_add_service_subtype(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipps._tcp", NULL, temp);
+ }
+#endif /* HAVE_SSL */
+
+ /*
+ * Finally _http.tcp (HTTP) for the web interface...
+ */
+
+ avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_http._tcp", NULL, NULL, printer->port, NULL);
+ avahi_entry_group_add_service_subtype(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_http._tcp", NULL, "_printer._sub._http._tcp");
+
+ /*
+ * Commit it...
+ */
+
+ avahi_entry_group_commit(printer->ipp_ref);
+ avahi_threaded_poll_unlock(DNSSDMaster);
+
+ avahi_string_list_free(ipp_txt);
+#endif /* HAVE_DNSSD */
+
return (1);
}
-#endif /* HAVE_DNSSD */
/*
num_fds = 2;
#ifdef HAVE_DNSSD
- polldata[num_fds ].fd = DNSServiceRefSockFD(printer->common_ref);
+ polldata[num_fds ].fd = DNSServiceRefSockFD(DNSSDMaster);
polldata[num_fds ++].events = POLLIN;
#endif /* HAVE_DNSSD */
#ifdef HAVE_DNSSD
if (polldata[2].revents & POLLIN)
- DNSServiceProcessResult(printer->common_ref);
+ DNSServiceProcessResult(DNSSDMaster);
#endif /* HAVE_DNSSD */
/*
{
if (!status)
{
- puts(CUPS_SVERSION " - Copyright 2010-2013 by Apple Inc. All rights "
+ puts(CUPS_SVERSION " - Copyright 2010-2014 by Apple Inc. All rights "
"reserved.");
puts("");
}
puts("-m model Model name (default=Printer)");
puts("-n hostname Hostname for printer");
puts("-p port Port number (default=auto)");
-#ifdef HAVE_DNSSD
puts("-r subtype Bonjour service subtype (default=_print)");
-#endif /* HAVE_DNSSD */
puts("-s speed[,color-speed] Speed in pages per minute (default=10,0)");
puts("-v[vvv] Be (very) verbose");
/*
- * End of "$Id: ippserver.c 12136 2014-08-29 15:19:40Z msweet $".
+ * End of "$Id: ippserver.c 12215 2014-10-20 18:24:56Z msweet $".
*/
#!/bin/sh
#
-# "$Id: run-stp-tests.sh 12151 2014-09-04 00:57:41Z msweet $"
+# "$Id: run-stp-tests.sh 12248 2014-11-12 16:32:57Z msweet $"
#
# Perform the complete set of IPP compliance tests specified in the
# CUPS Software Test Plan.
# Requests logged
count=`wc -l $BASE/log/access_log | awk '{print $1}'`
-expected=`expr 37 + 18 + 28 + $pjobs \* 8 + $pprinters \* $pjobs \* 4`
+expected=`expr 37 + 18 + 29 + $pjobs \* 8 + $pprinters \* $pjobs \* 4`
if test $count != $expected; then
echo "FAIL: $count requests logged, expected $expected."
echo "<P>FAIL: $count requests logged, expected $expected.</P>" >>$strfile
fi
#
-# End of "$Id: run-stp-tests.sh 12151 2014-09-04 00:57:41Z msweet $"
+# End of "$Id: run-stp-tests.sh 12248 2014-11-12 16:32:57Z msweet $"
#
/*
- * "$Id: config.h 12136 2014-08-29 15:19:40Z msweet $"
+ * "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $"
*
* Configuration file for CUPS on Windows.
*
* Version of software...
*/
-#define CUPS_SVERSION "CUPS v2.0.0"
-#define CUPS_MINIMAL "CUPS/2.0.0"
+#define CUPS_SVERSION "CUPS v2.0.1"
+#define CUPS_MINIMAL "CUPS/2.0.1"
/*
#endif /* !_CUPS_CONFIG_H_ */
/*
- * End of "$Id: config.h 12136 2014-08-29 15:19:40Z msweet $".
+ * End of "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $".
*/
/*
- * "$Id: config.h 12140 2014-08-30 01:51:22Z msweet $"
+ * "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $"
*
* Configuration file for CUPS and Xcode.
*
* Version of software...
*/
-#define CUPS_SVERSION "CUPS v2.0.0"
-#define CUPS_MINIMAL "CUPS/2.0.0"
+#define CUPS_SVERSION "CUPS v2.0.1"
+#define CUPS_MINIMAL "CUPS/2.0.1"
/*
#endif /* !_CUPS_CONFIG_H_ */
/*
- * End of "$Id: config.h 12140 2014-08-30 01:51:22Z msweet $".
+ * End of "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $".
*/