From: Michael R Sweet Date: Mon, 27 Sep 2021 20:37:30 +0000 (-0400) Subject: Fix X.509 certificate generation and user preferences on Windows. X-Git-Tag: v2.4b1~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b0f0587024564352a88412847b64b4819706a8c;p=thirdparty%2Fcups.git Fix X.509 certificate generation and user preferences on Windows. --- diff --git a/cups/dest.c b/cups/dest.c index 50dcc0e567..60a9539307 100644 --- a/cups/dest.c +++ b/cups/dest.c @@ -1790,7 +1790,11 @@ cupsGetNamedDest(http_t *http, /* I - Connection to server or @code CUPS_HTT * No default in the environment, try the user's lpoptions files... */ +#if _WIN32 + snprintf(filename, sizeof(filename), "%s/AppData/Local/cups/lpoptions", cg->home); +#else snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home); +#endif // _WIN32 dest_name = cups_get_default(filename, defname, sizeof(defname), &instance); @@ -1901,7 +1905,11 @@ cupsGetNamedDest(http_t *http, /* I - Connection to server or @code CUPS_HTT if (cg->home) { +#if _WIN32 + snprintf(filename, sizeof(filename), "%s/AppData/Local/cups/lpoptions", cg->home); +#else snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home); +#endif // _WIN32 cups_get_dests(filename, dest_name, instance, 0, 1, 1, &dest); } @@ -2078,11 +2086,19 @@ cupsSetDests2(http_t *http, /* I - Connection to server or @code CUPS_HTTP_ * Create ~/.cups subdirectory... */ +#if _WIN32 + snprintf(filename, sizeof(filename), "%s/AppData/Local/cups", cg->home); +#else snprintf(filename, sizeof(filename), "%s/.cups", cg->home); +#endif // _WIN32 if (access(filename, 0)) mkdir(filename, 0700); +#if _WIN32 + snprintf(filename, sizeof(filename), "%s/AppData/Local/cups/lpoptions", cg->home); +#else snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home); +#endif // _WIN32 } /* @@ -3449,7 +3465,11 @@ cups_enum_dests( if (cg->home) { +#if _WIN32 + snprintf(filename, sizeof(filename), "%s/AppData/Local/cups/lpoptions", cg->home); +#else snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home); +#endif // _WIN32 data.num_dests = cups_get_dests(filename, NULL, NULL, 1, user_default != NULL, data.num_dests, &data.dests); } diff --git a/cups/globals.c b/cups/globals.c index 67f442bd40..a25902562a 100644 --- a/cups/globals.c +++ b/cups/globals.c @@ -274,7 +274,7 @@ cups_globals_alloc(void) if ((cg->localedir = getenv("LOCALEDIR")) == NULL) cg->localedir = localedir; - cg->home = getenv("HOME"); + cg->home = getenv("USERPROFILE"); #else # ifdef HAVE_GETEUID diff --git a/cups/tls-sspi.c b/cups/tls-sspi.c index 52ded5f21f..5b086f297b 100644 --- a/cups/tls-sspi.c +++ b/cups/tls-sspi.c @@ -1002,6 +1002,8 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ } } + fprintf(stderr, "_httpTLSStart: Using hostname '%s'.\n", hostname); + return (http_sspi_server(http, hostname)); } } @@ -1695,7 +1697,7 @@ http_sspi_find_credentials( } } - store = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, hProv, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, L"MY"); + store = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, hProv, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, L"MY"); if (!store) { @@ -1907,17 +1909,19 @@ http_sspi_make_credentials( if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET)) { DEBUG_printf(("5http_sspi_make_credentials: CryptAcquireContext failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CryptAcquireContext failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } } } - store = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, hProv, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, L"MY"); + store = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, hProv, CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, L"MY"); if (!store) { DEBUG_printf(("5http_sspi_make_credentials: CertOpenSystemStore failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CertOpenSystemStore failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } @@ -1927,6 +1931,7 @@ http_sspi_make_credentials( if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, NULL, &dwSize, NULL)) { DEBUG_printf(("5http_sspi_make_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CertStrToName failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } @@ -1936,6 +1941,7 @@ http_sspi_make_credentials( if (!p) { DEBUG_printf(("5http_sspi_make_credentials: malloc failed for %d bytes", dwSize)); + fprintf(stderr, "5http_sspi_make_credentials: malloc failed for %d bytes\n", dwSize); ok = FALSE; goto cleanup; } @@ -1943,17 +1949,22 @@ http_sspi_make_credentials( if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, p, &dwSize, NULL)) { DEBUG_printf(("5http_sspi_make_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CertStrToName failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } + sib.cbData = dwSize; + sib.pbData = p; + /* * Create a private key and self-signed certificate... */ - if (!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) + if (!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE | RSA1024BIT_KEY, &hKey)) { DEBUG_printf(("5http_sspi_make_credentials: CryptGenKey failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CryptGenKey failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } @@ -1977,6 +1988,7 @@ http_sspi_make_credentials( if (!createdContext) { DEBUG_printf(("5http_sspi_make_credentials: CertCreateSelfSignCertificate failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CertCreateSelfSignCertificate failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } @@ -1989,6 +2001,7 @@ http_sspi_make_credentials( if (!CertAddCertificateContextToStore(store, createdContext, CERT_STORE_ADD_REPLACE_EXISTING, &storedContext)) { DEBUG_printf(("5http_sspi_make_credentials: CertAddCertificateContextToStore failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CertAddCertificateContextToStore failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } @@ -2003,6 +2016,7 @@ http_sspi_make_credentials( if (!CertSetCertificateContextProperty(storedContext, CERT_KEY_PROV_INFO_PROP_ID, 0, &ckp)) { DEBUG_printf(("5http_sspi_make_credentials: CertSetCertificateContextProperty failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + fprintf(stderr, "5http_sspi_make_credentials: CertSetCertificateContextProperty failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())); ok = FALSE; goto cleanup; } @@ -2025,6 +2039,7 @@ http_sspi_make_credentials( if (Status != SEC_E_OK) { DEBUG_printf(("5http_sspi_make_credentials: AcquireCredentialsHandle failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), Status))); + fprintf(stderr, "5http_sspi_make_credentials: AcquireCredentialsHandle failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), Status)); ok = FALSE; goto cleanup; } @@ -2065,7 +2080,7 @@ static int /* O - 0 on success, -1 on failure */ http_sspi_server(http_t *http, /* I - HTTP connection */ const char *hostname) /* I - Hostname of server */ { - _http_sspi_t *sspi = http->tls; /* I - SSPI data */ + _http_sspi_t *sspi = http->tls; /* SSPI data */ char common_name[512]; /* Common name for cert */ DWORD dwSSPIFlags; /* SSL connection attributes we want */ DWORD dwSSPIOutFlags; /* SSL connection attributes we got */ @@ -2100,6 +2115,9 @@ http_sspi_server(http_t *http, /* I - HTTP connection */ if (!http_sspi_find_credentials(http, L"ServerContainer", common_name)) if (!http_sspi_make_credentials(http->tls, L"ServerContainer", common_name, _HTTP_MODE_SERVER, 10)) { + char temp[8192]; + + fprintf(stderr, "Unable to create credentials for '%s': %s\n", common_name, http_sspi_strerror(temp, sizeof(temp), GetLastError())); DEBUG_puts("5http_sspi_server: Unable to get server credentials."); return (-1); } diff --git a/cups/usersys.c b/cups/usersys.c index 953778505a..a5553ad44c 100644 --- a/cups/usersys.c +++ b/cups/usersys.c @@ -1005,7 +1005,12 @@ _cupsSetDefaults(void) * Look for ~/.cups/client.conf... */ +#if _WIN32 + snprintf(filename, sizeof(filename), "%s/AppData/Local/cups/client.conf", cg->home); +#else snprintf(filename, sizeof(filename), "%s/.cups/client.conf", cg->home); +#endif // _WIN32 + if ((fp = cupsFileOpen(filename, "r")) != NULL) { cups_read_client_conf(fp, &cc); diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c index 9ea73f8cfc..8ec61e7f68 100644 --- a/tools/ippeveprinter.c +++ b/tools/ippeveprinter.c @@ -6016,7 +6016,8 @@ process_http(ippeve_client_t *client) /* I - Client connection */ client->host_port = client->printer->port; } - ptr = strrchr(client->host_field, '.'); + if ((ptr = strstr(client->host_field, ".local")) == NULL) + ptr = strrchr(client->host_field, '.'); if (!isdigit(client->host_field[0] & 255) && client->host_field[0] != '[' && strcmp(client->host_field, client->printer->hostname) && strcmp(client->host_field, "localhost") && (!ptr || (strcmp(ptr, ".local") && strcmp(ptr, ".local.")))) diff --git a/vcnet/ippeveprinter.vcxproj.user b/vcnet/ippeveprinter.vcxproj.user index be25078707..bb6a290158 100644 --- a/vcnet/ippeveprinter.vcxproj.user +++ b/vcnet/ippeveprinter.vcxproj.user @@ -1,4 +1,8 @@  - + + -vv -r _print,_universal -f application/pdf,image/jpeg,image/pwg-raster,image/urf "ippeveprinter test" + WindowsLocalDebugger + CUPS_DEBUG_LOG=-;CUPS_DEBUG_LEVEL=9;CUPS_DEBUG_FILTER=sspi + \ No newline at end of file