From: msweet Date: Fri, 26 Apr 2013 16:18:20 +0000 (+0000) Subject: Kerberos credentials could get truncated when printing to a shared printer. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=579b6de1536bbc7bc027713cefef5be9ead61575;p=thirdparty%2Fcups.git Kerberos credentials could get truncated when printing to a shared printer. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@10963 7a7537e8-13f0-0310-91df-b6672ffda945 --- diff --git a/CHANGES-1.6.txt b/CHANGES-1.6.txt index 7a409a8452..3ab641b19c 100644 --- a/CHANGES-1.6.txt +++ b/CHANGES-1.6.txt @@ -5,6 +5,8 @@ CHANGES IN CUPS V1.6.3 - The configure script now prefers Clang over GCC. - Fixed a compile problem on AIX (STR #4307) + - Kerberos credentials could get truncated when printing to a shared + printer. - Printing using "ipps" URIs was not encrypted. - Insecure ICC profiles prevented installation of user profiles for a printer on OS X. diff --git a/doc/help/man-client.conf.html b/doc/help/man-client.conf.html index ee9324460d..dfcac80f6e 100644 --- a/doc/help/man-client.conf.html +++ b/doc/help/man-client.conf.html @@ -11,7 +11,7 @@ client.conf - client configuration file for cups

Description

The client.conf file configures the CUPS client and is -normally located in the /etc/cups or ~/.cups +normally located in the /private/etc/cups or ~/.cups directory. Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. diff --git a/doc/help/man-cups-deviced.html b/doc/help/man-cups-deviced.html index 1940f642d2..a64b7a7077 100644 --- a/doc/help/man-cups-deviced.html +++ b/doc/help/man-cups-deviced.html @@ -14,7 +14,7 @@ cups-deviced - cups device daemon request-id limit user-id options

Description

cups-deviced polls the backends in -/usr/lib/cups/backend for a list of available devices. +/usr/libexec/cups/backend for a list of available devices. It is run by cupsd(8) in response to a CUPS-Get-Devices request. The output format is an IPP response message. The request-id argument is the request ID diff --git a/doc/help/man-cups-driverd.html b/doc/help/man-cups-driverd.html index e161435b6f..1fe8572722 100644 --- a/doc/help/man-cups-driverd.html +++ b/doc/help/man-cups-driverd.html @@ -36,7 +36,7 @@ accordingly.

Drivers

Drivers can be static PPD files under the /usr/share/cups/model directory or programs under the -/usr/lib/cups/driver directory. Static PPD files must +/usr/libexec/cups/driver directory. Static PPD files must conform to the Adobe PPD File Format Specification version 4.3 and may be compressed using the gzip(1) program. Driver programs must implement the command-line interface shown in the diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html index 8c3a610fd4..2d686e9e2c 100644 --- a/doc/help/man-cups-files.conf.html +++ b/doc/help/man-cups-files.conf.html @@ -12,7 +12,7 @@ cups-files.conf - file and directory configuration file for cups

Description

The cups-files.conf file configures the files and directories used by the CUPS scheduler, cupsd(8). It is normally located in the -/etc/cups directory. +/private/etc/cups directory.

Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.

Directives

diff --git a/doc/help/man-cups-lpd.html b/doc/help/man-cups-lpd.html index fc891605ab..69f098db4b 100644 --- a/doc/help/man-cups-lpd.html +++ b/doc/help/man-cups-lpd.html @@ -27,7 +27,7 @@ add the following line to the inetd.conf file to enable the 
 
-    printer stream tcp nowait lp /usr/lib/cups/daemon/cups-lpd cups-lpd \
+    printer stream tcp nowait lp /usr/libexec/cups/daemon/cups-lpd cups-lpd \
         -o document-format=application/octet-stream

Note: If you are using Solaris 10 or higher, you must run @@ -46,7 +46,7 @@ named /etc/xinetd.d/cups containing the following lines: user = lp group = sys passenv = - server = /usr/lib/cups/daemon/cups-lpd + server = /usr/libexec/cups/daemon/cups-lpd server_args = -o document-format=application/octet-stream } diff --git a/doc/help/man-cups-snmp.html b/doc/help/man-cups-snmp.html index 9b80a8f7f9..c354a6206b 100644 --- a/doc/help/man-cups-snmp.html +++ b/doc/help/man-cups-snmp.html @@ -10,7 +10,7 @@

Name

snmp - cups snmp backend

Synopsis

-/usr/lib/cups/backend/snmp +/usr/libexec/cups/backend/snmp ip-address-or-hostname
lpinfo -v --include-schemes snmp @@ -34,7 +34,7 @@ The CUPS SNMP backend uses the information from the Host, Printer, and Port Monitor MIBs along with some vendor private MIBs and intelligent port probes to determine the correct device URI and make and model for each printer.

Configuration

-The SNMP backend reads the /etc/cups/snmp.conf configuration file, if +The SNMP backend reads the /private/etc/cups/snmp.conf configuration file, if present, to set the default broadcast address, community name, and logging level. The configuration file is documented in cups-snmp.conf(5). The DebugLevel value can be overridden using the CUPS_DEBUG_LEVEL environment diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html index 995fda2dcf..032b8db872 100644 --- a/doc/help/man-cupsd.conf.html +++ b/doc/help/man-cupsd.conf.html @@ -11,7 +11,7 @@ cupsd.conf - server configuration file for cups

Description

The cupsd.conf file configures the CUPS scheduler, cupsd(8). It -is normally located in the /etc/cups directory. Note: +is normally located in the /private/etc/cups directory. Note: File, directory, and user configuration directives that used to be allowed in the cupsd.conf file are now stored in the cups-files.conf(5) instead in order to prevent certain types of privilege escalation attacks. diff --git a/doc/help/man-cupsd.html b/doc/help/man-cupsd.html index b292cba208..6df5475fc5 100644 --- a/doc/help/man-cupsd.html +++ b/doc/help/man-cupsd.html @@ -18,7 +18,7 @@ cupsd - cups scheduler cupsd is the scheduler for CUPS. It implements a printing system based upon the Internet Printing Protocol, version 2.1. If no options are specified on the command-line then the default configuration file -/etc/cups/cupsd.conf will be used. +/private/etc/cups/cupsd.conf will be used.

Options

-c config-file diff --git a/doc/help/man-lpoptions.html b/doc/help/man-lpoptions.html index c5c2fa7ca7..c342652cc0 100644 --- a/doc/help/man-lpoptions.html +++ b/doc/help/man-lpoptions.html @@ -118,14 +118,14 @@ standard output.

Root Account Options

When run by the root user, lpoptions gets and sets default options and instances for all users in the -/etc/cups/lpoptions file. +/private/etc/cups/lpoptions file.

Compatibility

The lpoptions command is unique to CUPS.

Files

~/.cups/lpoptions - user defaults and instances created by non-root users.
-/etc/cups/lpoptions - system-wide defaults and instances +/private/etc/cups/lpoptions - system-wide defaults and instances created by the root user.

See Also

cancel(1), lp(1), lpadmin(8), lpr(1), diff --git a/scheduler/ipp.c b/scheduler/ipp.c index 60232325f5..83041d64b3 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -9043,7 +9043,7 @@ save_auth_info( fchown(cupsFileNumber(fp), 0, 0); fchmod(cupsFileNumber(fp), 0400); - cupsFilePuts(fp, "CUPSD-AUTH-V2\n"); + cupsFilePuts(fp, "CUPSD-AUTH-V3\n"); for (i = 0; i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); @@ -9061,9 +9061,15 @@ save_auth_info( i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); i ++) { - httpEncode64_2(line, sizeof(line), auth_info->values[i].string.text, - strlen(auth_info->values[i].string.text)); - cupsFilePutConf(fp, dest->auth_info_required[i], line); + if (strcmp(dest->auth_info_required[i], "negotiate")) + { + httpEncode64_2(line, sizeof(line), auth_info->values[i].string.text, + strlen(auth_info->values[i].string.text)); + cupsFilePutConf(fp, dest->auth_info_required[i], line); + } + else + cupsFilePutConf(fp, dest->auth_info_required[i], + auth_info->values[i].string.text); if (!strcmp(dest->auth_info_required[i], "username")) cupsdSetStringf(job->auth_env + i, "AUTH_USERNAME=%s", diff --git a/scheduler/job.c b/scheduler/job.c index b013b674f5..3e17ba9e29 100644 --- a/scheduler/job.c +++ b/scheduler/job.c @@ -1956,7 +1956,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ if (cupsFileGets(fp, line, sizeof(line)) && - !strcmp(line, "CUPSD-AUTH-V2")) + !strcmp(line, "CUPSD-AUTH-V3")) { i = 0; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) @@ -1965,8 +1965,11 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ * Decode value... */ - bytes = sizeof(data); - httpDecode64_2(data, &bytes, value); + if (strcmp(line, "negotiate") && strcmp(line, "uid")) + { + bytes = sizeof(data); + httpDecode64_2(data, &bytes, value); + } /* * Assign environment variables... @@ -1987,7 +1990,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ else if (!strcmp(line, "password")) cupsdSetStringf(job->auth_env + i, "AUTH_PASSWORD=%s", data); else if (!strcmp(line, "negotiate")) - cupsdSetStringf(job->auth_env + i, "AUTH_NEGOTIATE=%s", data); + cupsdSetStringf(job->auth_env + i, "AUTH_NEGOTIATE=%s", value); else continue; diff --git a/scheduler/main.c b/scheduler/main.c index e6583680dd..5a8da815e5 100644 --- a/scheduler/main.c +++ b/scheduler/main.c @@ -1285,7 +1285,7 @@ cupsdSetStringf(char **s, /* O - New string */ const char *f, /* I - Printf-style format string */ ...) /* I - Additional args as needed */ { - char v[4096]; /* Formatting string value */ + char v[65536 + 64]; /* Formatting string value */ va_list ap; /* Argument pointer */ char *olds; /* Old string */