From: msweet Date: Fri, 9 May 2014 20:03:14 +0000 (+0000) Subject: The IPP backend did not abort a job when the printer did not validate the X-Git-Tag: v2.2b1~642 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=651e0a226e22d9dc11759d0caf023337a37362de;p=thirdparty%2Fcups.git The IPP backend did not abort a job when the printer did not validate the supplied options () git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11865 a1ca3aef-8c08-0410-bb20-df032aa958be --- diff --git a/CHANGES-1.7.txt b/CHANGES-1.7.txt index 3d005f6e5a..538c9d7afb 100644 --- a/CHANGES-1.7.txt +++ b/CHANGES-1.7.txt @@ -9,6 +9,8 @@ CHANGES IN CUPS V1.7.3 error. - The cupsGetResponse function did not work properly with CUPS_HTTP_DEFAULT () + - The IPP backend did not abort a job when the printer did not validate + the supplied options () CHANGES IN CUPS V1.7.2 diff --git a/backend/ipp.c b/backend/ipp.c index ba4189f4fe..602082a6ae 100644 --- a/backend/ipp.c +++ b/backend/ipp.c @@ -1435,6 +1435,7 @@ main(int argc, /* I - Number of command-line args */ sleep(10); } else if (ipp_status == IPP_STATUS_ERROR_DOCUMENT_FORMAT_NOT_SUPPORTED || + ipp_status == IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES || ipp_status == IPP_STATUS_ERROR_CUPS_ACCOUNT_INFO_NEEDED || ipp_status == IPP_STATUS_ERROR_CUPS_ACCOUNT_CLOSED || ipp_status == IPP_STATUS_ERROR_CUPS_ACCOUNT_LIMIT_REACHED || diff --git a/doc/help/man-client.conf.html b/doc/help/man-client.conf.html index ec11b96f5b..a25435927c 100644 --- a/doc/help/man-client.conf.html +++ b/doc/help/man-client.conf.html @@ -8,46 +8,50 @@

client.conf(5)

Name

-client.conf - client configuration file for cups +client.conf - client configuration file for cups (deprecated)

Description

-The client.conf file configures the CUPS client and is -normally located in the /etc/cups or ~/.cups -directory. Each line in the file can be a configuration -directive, a blank line, or a comment. Comment lines start with -the # character. -

Directives

-The following directives are understood by the client. Consult the -on-line help for detailed descriptions: +The client.conf file configures the CUPS client and is normally located in the /etc/cups and/or ~/.cups directories. +Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. +

Note: Starting with OS X 10.7, this file is only used by command-line and X11 applications. +The ServerName directive is not supported on OS X at all. +

Directives

+The following directives are understood by the client. Consult the online help for detailed descriptions:
-
Encryption IfRequested -
Encryption Never -
Encryption Required -

-Specifies the level of encryption that is required for a particular -location. -
GSSServiceName name -
Specifies the Kerberos service name that is used for authentication, typically -"host", "http", or "ipp". CUPS adds the remote hostname -("name@server.example.com") for you. The default name is -"http". -
ServerName hostname-or-ip-address[:port] -
ServerName /domain/socket -

-Specifies the address and optionally the port to use when connecting to the -server. Note: Not supported on OS X 10.7 or later. -
ServerName hostname-or-ip-address[:port]/version=1.1 -

-Specifies the address and optionally the port to use when connecting to a -server running CUPS 1.3.12 and earlier. Note: Not supported on OS X 10.7 or -later. -
User name -

-Specifies the default user name to use for requests. +
AllowAnyRoot Yes +
AllowAnyRoot No +
Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. +The default is "Yes". +
AllowExpiredCerts Yes +
AllowExpiredCerts No +
Specifies whether to allow TLS with expired certificates. +The default is "Yes". +
Encryption IfRequested +
Encryption Never +
Encryption Required +
Specifies the level of encryption that should be used. +
GSSServiceName name +
Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". +CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". +
ServerName hostname-or-ip-address[:port] +
ServerName /domain/socket +
Specifies the address and optionally the port to use when connecting to the server. +Note: This directive it not supported on OS X 10.7 or later. +
ServerName hostname-or-ip-address[:port]/version=1.1 +
Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. +
User name +
Specifies the default user name to use for requests. +
ValidateCerts Yes +
ValidateCerts No +
Specifies whether to only allow TLS with certificates whose common name matches the hostname. +The default is "No".
+

Notes

+The client.conf file is deprecated and will no longer be supported in a future version of CUPS.

See Also

-http://localhost:631/help +cups(1), +CUPS Online Help (http://localhost:631/help)

Copyright

-Copyright 2007-2013 by Apple Inc. +Copyright © 2007-2014 by Apple Inc. diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html index f23cbdbd08..b4778bfdb2 100644 --- a/doc/help/man-cups-files.conf.html +++ b/doc/help/man-cups-files.conf.html @@ -10,109 +10,138 @@

Name

cups-files.conf - file and directory configuration file for cups

Description

-The cups-files.conf file configures the files and directories used by the -CUPS scheduler, cupsd(8). It is normally located in the -/etc/cups directory. -

Each line in the file can be a configuration directive, a blank line, -or a comment. Comment lines start with the # character. -

Directives

-The following directives are understood by cupsd(8). Consult the -on-line help for detailed descriptions: +The cups-files.conf file configures the files and directories used by the CUPS scheduler, +cupsd(8). +It is normally located in the /etc/cups directory. +

Each line in the file can be a configuration directive, a blank line, or a comment. +Comment lines start with the # character. +

Directives

+The following directives are understood by +cupsd(8):
-
AccessLog filename -
AccessLog syslog -

-Defines the access log filename. -
ConfigFilePerm mode -

-Specifies the permissions for all configuration files that the scheduler -writes. -
DataDir path -

-Specified the directory where data files can be found. -
DocumentRoot directory -

-Specifies the root directory for the internal web server documents. -
ErrorLog filename -
ErrorLog syslog -

-Specifies the error log filename. -
FatalErrors none -
FatalErrors all -kind [... -kind] -
FatalErrors kind [... kind] -

-Specifies which errors are fatal, causing the scheduler to exit. "Kind" is -"browse", "config", "listen", "log", or "permissions". -
FileDevice Yes -
FileDevice No -

-Specifies whether the file pseudo-device can be used for new -printer queues. -
FontPath directory[:directory:...] -

-Specifies the search path for fonts. -
Group group-name-or-number -

-Specifies the group name or ID that will be used when executing -external programs. -
LogFilePerm mode -

-Specifies the permissions for all log files that the scheduler writes. -
PageLog filename -
PageLog syslog -

-Specifies the page log filename. -
Printcap -
Printcap filename -

-Specifies the filename for a printcap file that is updated -automatically with a list of available printers (needed for -legacy applications); specifying Printcap with no filename -disables printcap generation. -
RemoteRoot user-name -

-Specifies the username that is associated with unauthenticated root -accesses. -
RequestRoot directory -

-Specifies the directory to store print jobs and other HTTP request -data. -
Sandboxing off -
Sandboxing relaxed -
Sandboxing strict -
Specifies the level of security sandboxing that is applied to print filters, backends, and other child processes of the scheduler. The default is "strict". (OS X only) -
ServerBin directory -

-Specifies the directory where backends, CGIs, daemons, and filters may -be found. -
ServerKeychain path -

-Specifies the location of TLS certificates and private keys. -
ServerRoot directory -

-Specifies the directory where the server configuration files can be found. -
SyncOnClose Yes -
SyncOnClose No -
Specifies whether the scheduler calls fsync(2) after writing configuration -or state files. The default is No. -
SystemGroup group-name [group-name ...] -

-Specifies the group(s) to use for System class authentication. -
TempDir directory -

-Specifies the directory where temporary files are stored. -
User user-name -

-Specifies the user name or ID that is used when running external programs. +
AccessLog filename +
AccessLog [ filename ] +
AccessLog syslog +
Defines the access log filename. +The value "syslog" causes log entries to be sent to the system log daemon. +Specifying a blank filename disables access log generation. +The server name may be included in filenames using the string "%s", for example: +
+
+    AccessLog /var/log/cups/%s-access_log
+
+
+
ConfigFilePerm mode +
Specifies the permissions for all configuration files that the scheduler writes. +The default is 0644 on OS X and 0640 on all other operating systems. +Note: The permissions for the printers.conf file are currently masked to only allow access from the scheduler user (typically root). +This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system. +There is no way to disable this security feature. +
DataDir path +
Specifies the directory where data files can be found. The default is usually /usr/share/cups. +
DocumentRoot directory +
Specifies the root directory for the CUPS web interface content. The default is usually /usr/share/doc/cups. +
ErrorLog [ filename ] +
ErrorLog syslog +
Defines the error log filename. +The value "syslog" causes log entries to be sent to the system log daemon. +Specifying a blank filename disables error log generation. +The server name may be included in filenames using the string "%s", for example: +
+
+    ErrorLog /var/log/cups/%s-error_log
+
+
+
FatalErrors none +
FatalErrors all -kind [ ... -kind ] +
FatalErrors kind [ ... kind ] +
Specifies which errors are fatal, causing the scheduler to exit. +The default setting is "config". +The kind strings are: +
+
+
none +
No errors are fatal. +
all +
All of the errors below are fatal. +
browse +
Browsing initialization errors are fatal, for example failed connections to the DNS-SD daemon. +
config +
Configuration file syntax errors are fatal. +
listen +
Listen or Port errors are fatal, except for IPv6 failures on the loopback or "any" addresses. +
log +
Log file creation or write errors are fatal. +
permissions +
Bad startup file permissions are fatal, for example shared TLS certificate and key files with world-read permissions. +
+
FileDevice Yes +
FileDevice No +
Specifies whether the file pseudo-device can be used for new printer queues. +The URI "file:///dev/null" is always allowed. +
FontPath directory[:...:directory] +
Specifies the search path for fonts. +This directive is deprecated and will no longer be supported in a future release of CUPS. +
Group group-name-or-number +
Specifies the group name or ID that will be used when executing external programs. +The default group is operating system specific but is usually lp or nobody. +
LogFilePerm mode +
Specifies the permissions of all log files that the scheduler writes. The default is 0644. +
PageLog [ filename ] +
PageLog syslog +
Defines the page log filename. +The value "syslog" causes log entries to be sent to the system log daemon. +Specifying a blank filename disables page log generation. +The server name may be included in filenames using the string "%s", for example: +
+
+    PageLog /var/log/cups/%s-page_log
+
+
+
Printcap [ filename ] +
Defines the printcap filename that the scheduler automatically updates with the current list of available printers, which is sometimes used by legacy applications. +Specifying a blank filename disables printcap generation. +This directive is deprecated and will no longer be supported in a future release of CUPS. +
RemoteRoot username +
Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user. +
RequestRoot directory +
Specifies the directory that contains print jobs and other HTTP request data. +
Sandboxing off +
Sandboxing relaxed +
Sandboxing strict +
Specifies the level of security sandboxing that is applied to print filters, backends, and other child processes of the scheduler. +The default is "strict". +This directive is currently only used on OS X. +
ServerBin directory +
Specifies the directory containing the backends, CGI programs, filters, helper programs, notifiers, and port monitors. +
ServerKeychain path +
Specifies the location of TLS certificates and private keys. +
ServerRoot directory +
Specifies the directory containing the server configuration files. +
SyncOnClose Yes +
SyncOnClose No +
Specifies whether the scheduler calls +fsync(2) +after writing configuration or state files. The default is No. +
SystemGroup group-name [ ... group-name ] +
Specifies the group(s) to use for @SYSTEM group authentication. +
TempDir directory +
Specifies the directory where temporary files are stored. +
User username +
Specifies the user name or ID that is used when running external programs.

See Also

-classes.conf(5), cupsd(8), cupsd.conf(5), mime.convs(5), -mime.types(5), printers.conf(5), -subscriptions.conf(5), -
-http://localhost:631/help +classes.conf(5), +cups(1), +cupsd(8), +cupsd.conf(5), +mime.convs(5), +mime.types(5), +printers.conf(5), +subscriptions.conf(5), +CUPS Online Help (http://localhost:631/help)

Copyright

-Copyright 2007-2014 by Apple Inc. +Copyright © 2007-2014 by Apple Inc. diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html index bdc544a129..c6c71fe626 100644 --- a/doc/help/man-cupsd.conf.html +++ b/doc/help/man-cupsd.conf.html @@ -14,7 +14,9 @@ The cupsd.conf file configures the CUPS scheduler, cupsd(8). -It is normally located in the /etc/cups directory. Note: File, directory, and user configuration directives that used to be allowed in the cupsd.conf file are now stored in the cups-files.conf(5) instead in order to prevent certain types of privilege escalation attacks. +It is normally located in the +/etc/cups +directory. Note: File, directory, and user configuration directives that used to be allowed in the cupsd.conf file are now stored in the cups-files.conf(5) instead in order to prevent certain types of privilege escalation attacks.

Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. The configuration directives are intentionally similar to those used by the popular Apache web server software and are described below.

Top-level Directives

The following directives are understood by diff --git a/doc/help/man-cupsd.html b/doc/help/man-cupsd.html index 7f8242408b..1050d3a525 100644 --- a/doc/help/man-cupsd.html +++ b/doc/help/man-cupsd.html @@ -11,9 +11,20 @@ cupsd - cups scheduler

Synopsis

cupsd -[ -c +[ +-c config-file -] [ -f ] [ -F ] [ -h ] [ -l ] [ -t ] +] [ +-f +] [ +-F +] [ +-h +] [ +-l +] [ +-t +]

Description

cupsd is the scheduler for CUPS. It implements a printing system based upon the Internet Printing Protocol, version 2.1. If no options are specified on the command-line then the default configuration file @@ -21,33 +32,83 @@ is the scheduler for CUPS. It implements a printing system based upon the Intern will be used.

Options

-
-c config-file +
-c config-file
Uses the named configuration file. -
-f +
-f
Run cupsd in the foreground; the default is to run in the background as a "daemon". -
-F +
-F
Run cupsd in the foreground but detach the process from the controlling terminal and current directory. This is useful for running -cupsdfrominit(8). -
-h +cupsd +from +init(8). +
-h
Shows the program usage. -
-l +
-l
This option is passed to cupsd when it is run from -launchd(8). -
-t +launchd(8) +or +systemd(8). +
-t
Test the configuration file for syntax errors.
-

Compatibility

+

Files

+
+/etc/cups/classes.conf
+/etc/cups/cups-files.conf
+/etc/cups/cupsd.conf
+/usr/share/cups/mime/mime.convs
+/usr/share/cups/mime/mime.types
+/etc/cups/printers.conf
+
+

Conforming To

+cupsd +implements all of the required IPP/2.1 attributes and operations. It also implements several CUPS-specific administrative operations. +

Examples

+Run +cupsd +in the background with the default configuration file: +
+
+    cupsd
+
+
+Test a configuration file called +test.conf: +
+
+    cupsd -t -c test.conf
+
+
+Run cupsd -implements all of the required IPP/2.1 attributes and operations. It also implements several CUPS-specific administration operations. +in the foreground with a test configuration file called +test.conf: +
+
+    cupsd -f -c test.conf
+
+

See Also

-backend(7),classes.conf(5),cups-deviced(8),cups-driverd(8),cups-lpd(8),cupsd.conf(5),filter(7),launchd(8),mime.convs(5),mime.types(5),printers.conf(5), -http://localhost:631/help +backend(7), +classes.conf(5), +cups(1), +cups-deviced(8), +cups-driverd(8), +cups-lpd(8), +cupsd.conf(5), +filter(7), +launchd(8), +mime.convs(5), +mime.types(5), +printers.conf(5), +systemd(8), +CUPS Online Help (http://localhost:631/help)

Copyright

Copyright © 2007-2014 by Apple Inc.