From 6c2b2b194479fd5ace2b48378c13e7421023ac6d Mon Sep 17 00:00:00 2001 From: msweet Date: Wed, 16 Jul 2014 19:37:34 +0000 Subject: [PATCH] Fix cookie handling for web interface. Allow access to auth certificates in the state directory. Remove client connection from select when all data has been read from client. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12034 a1ca3aef-8c08-0410-bb20-df032aa958be --- cgi-bin/var.c | 4 ++-- cups/http.c | 11 +++++++++-- scheduler/cert.c | 3 +-- scheduler/client.c | 12 ++++++------ scheduler/process.c | 6 +++++- 5 files changed, 23 insertions(+), 13 deletions(-) diff --git a/cgi-bin/var.c b/cgi-bin/var.c index 6972eef02..408634dac 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -437,9 +437,9 @@ cgiSetCookie(const char *name, /* I - Name */ printf(" expires=%s;", httpGetDateString2(expires, date, sizeof(date))); } if (secure) - puts(" secure;"); + puts(" httponly; secure;"); else - putchar('\n'); + puts(" httponly;"); } diff --git a/cups/http.c b/cups/http.c index 553981522..a9954ed44 100644 --- a/cups/http.c +++ b/cups/http.c @@ -3593,8 +3593,15 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */ if (http->cookie) { - if (httpPrintf(http, "Set-Cookie: %s path=/ httponly%s\r\n", - http->cookie, http->tls ? " secure" : "") < 1) + if (strchr(http->cookie, ';')) + { + if (httpPrintf(http, "Set-Cookie: %s\r\n", http->cookie) < 1) + { + http->status = HTTP_STATUS_ERROR; + return (-1); + } + } + else if (httpPrintf(http, "Set-Cookie: %s; path=/; httponly;%s\r\n", http->cookie, http->tls ? " secure;" : "") < 1) { http->status = HTTP_STATUS_ERROR; return (-1); diff --git a/scheduler/cert.c b/scheduler/cert.c index 893ea3314..eb68befb7 100644 --- a/scheduler/cert.c +++ b/scheduler/cert.c @@ -43,8 +43,7 @@ cupsdAddCert(int pid, /* I - Process ID */ /* Hex constants... */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdAddCert: Adding certificate for PID %d", pid); + cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAddCert: Adding certificate for PID %d", pid); /* * Allocate memory for the certificate... diff --git a/scheduler/client.c b/scheduler/client.c index d7491cbbd..f5150e5c5 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -1979,6 +1979,12 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ if (httpGetState(con->http) == HTTP_STATE_POST_SEND) { + /* + * Don't listen for activity until we decide to do something with this... + */ + + cupsdAddSelect(httpGetFd(con->http), NULL, NULL, con); + if (con->file >= 0) { fstat(con->file, &filestats); @@ -2630,12 +2636,6 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ } else if (!_cups_strcasecmp(con->header, "Set-Cookie") && value) { - char *sep = strchr(value, ';'); - /* Separator between name=value and the rest */ - - if (sep) - *sep = '\0'; - httpSetCookie(con->http, value); con->sent_header = 1; } diff --git a/scheduler/process.c b/scheduler/process.c index 425f3ba9c..639d6464f 100644 --- a/scheduler/process.c +++ b/scheduler/process.c @@ -73,6 +73,7 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ domain[1024], /* Domain socket, if any */ request[1024], /* Quoted RequestRoot */ root[1024], /* Quoted ServerRoot */ + state[1024], /* Quoted StateDir */ temp[1024]; /* Quoted TempDir */ const char *nodebug; /* " (with no-log)" for no debug */ cupsd_listener_t *lis; /* Current listening socket */ @@ -104,6 +105,7 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ cupsd_requote(cache, CacheDir, sizeof(cache)); cupsd_requote(request, RequestRoot, sizeof(request)); cupsd_requote(root, ServerRoot, sizeof(root)); + cupsd_requote(state, StateDir, sizeof(state)); cupsd_requote(temp, TempDir, sizeof(temp)); nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : ""; @@ -188,8 +190,10 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ " #\"^%s/\"" /* TempDir/... */ " #\"^%s$\"" /* CacheDir */ " #\"^%s/\"" /* CacheDir/... */ + " #\"^%s$\"" /* StateDir */ + " #\"^%s/\"" /* StateDir/... */ "))\n", - temp, temp, cache, cache); + temp, temp, cache, cache, state, state); /* Read common folders */ cupsFilePrintf(fp, "(allow file-read-data file-read-metadata\n" -- 2.39.2