From: msweet Date: Thu, 17 Oct 2013 16:44:47 +0000 (+0000) Subject: Get builds working again (still need to fill in the server-side stuff for TLS) X-Git-Tag: v2.2b1~839 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3d894744ded84a4f1d9cae41601b1a2e766acaa;p=thirdparty%2Fcups.git Get builds working again (still need to fill in the server-side stuff for TLS) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11340 a1ca3aef-8c08-0410-bb20-df032aa958be --- diff --git a/cups/http-private.h b/cups/http-private.h index 1eaf09dddf..7c9b725cc5 100644 --- a/cups/http-private.h +++ b/cups/http-private.h @@ -162,7 +162,7 @@ extern "C" { typedef SSL *http_tls_t; typedef void *http_tls_credentials_t; -extern BIO_METHOD *_httpBIOMethods(void); +//extern BIO_METHOD *_httpBIOMethods(void); # elif defined HAVE_GNUTLS /* @@ -172,10 +172,10 @@ extern BIO_METHOD *_httpBIOMethods(void); typedef gnutls_session http_tls_t; typedef void *http_tls_credentials_t; -extern ssize_t _httpReadGNUTLS(gnutls_transport_ptr ptr, void *data, - size_t length); -extern ssize_t _httpWriteGNUTLS(gnutls_transport_ptr ptr, const void *data, - size_t length); +//extern ssize_t _httpReadGNUTLS(gnutls_transport_ptr ptr, void *data, +// size_t length); +//extern ssize_t _httpWriteGNUTLS(gnutls_transport_ptr ptr, const void *data, +// size_t length); # elif defined(HAVE_CDSASSL) /* @@ -392,14 +392,14 @@ extern void _cups_freeifaddrs(struct ifaddrs *addrs); * Prototypes... */ -extern int _httpAddrPort(http_addr_t *addr) +/* XXX */extern int _httpAddrPort(http_addr_t *addr) _CUPS_INTERNAL_MSG("Use httpAddrPort instead."); extern void _httpAddrSetPort(http_addr_t *addr, int port); -extern char *_httpAssembleUUID(const char *server, int port, +/* XXX */extern char *_httpAssembleUUID(const char *server, int port, const char *name, int number, char *buffer, size_t bufsize) _CUPS_INTERNAL_MSG("Use httpAssembleUUID instead."); -extern http_t *_httpCreate(const char *host, int port, +/* XXX */extern http_t *_httpCreate(const char *host, int port, http_addrlist_t *addrlist, http_encryption_t encryption, int family) @@ -412,7 +412,7 @@ extern void _httpDisconnect(http_t *http); extern char *_httpEncodeURI(char *dst, const char *src, size_t dstsize); extern void _httpFreeCredentials(http_tls_credentials_t credentials); -extern ssize_t _httpPeek(http_t *http, char *buffer, size_t length) +/* XXX */extern ssize_t _httpPeek(http_t *http, char *buffer, size_t length) _CUPS_INTERNAL_MSG("Use httpPeek instead."); extern const char *_httpResolveURI(const char *uri, char *resolved_uri, size_t resolved_size, int options, diff --git a/cups/http.c b/cups/http.c index 752706978f..36729b122b 100644 --- a/cups/http.c +++ b/cups/http.c @@ -538,15 +538,29 @@ httpEncryption(http_t *http, /* I - HTTP connection */ if (!http) return (0); - http->encryption = e; + if (http->mode == _HTTP_MODE_CLIENT) + { + http->encryption = e; - if ((http->encryption == HTTP_ENCRYPTION_ALWAYS && !http->tls) || - (http->encryption == HTTP_ENCRYPTION_NEVER && http->tls)) - return (httpReconnect2(http, 30000, NULL)); - else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls) - return (http_tls_upgrade(http)); + if ((http->encryption == HTTP_ENCRYPTION_ALWAYS && !http->tls) || + (http->encryption == HTTP_ENCRYPTION_NEVER && http->tls)) + return (httpReconnect2(http, 30000, NULL)); + else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls) + return (http_tls_upgrade(http)); + else + return (0); + } else - return (0); + { + if (e == HTTP_ENCRYPTION_NEVER && http->tls) + return (-1); + + http->encryption = e; + if (e != HTTP_ENCRYPTION_IF_REQUESTED && !http->tls) + return (http_tls_start(http)); + else + return (0); + } #else if (e == HTTP_ENCRYPTION_ALWAYS || e == HTTP_ENCRYPTION_REQUIRED) return (-1); @@ -2860,7 +2874,7 @@ httpShutdown(http_t *http) /* I - HTTP connection */ return; if (http->tls) - http_shutdown_ssl(http); + http_tls_stop(http); shutdown(http->fd, SHUT_RD); } diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c index db4aa5d4e3..66b6452873 100644 --- a/cups/tls-darwin.c +++ b/cups/tls-darwin.c @@ -447,8 +447,8 @@ http_tls_start(http_t *http) /* I - Connection to server */ } else { - error = http_set_credentials(http); - DEBUG_printf(("4http_tls_start: http_set_credentials, error=%d", + error = http_tls_set_credentials(http); + DEBUG_printf(("4http_tls_start: http_tls_set_credentials, error=%d", (int)error)); } } @@ -696,6 +696,7 @@ http_tls_write(http_t *http, /* I - Connection to server */ } +#if 0 /* * 'cupsdEndTLS()' - Shutdown a secure session with the client. */ @@ -1227,6 +1228,7 @@ cleanup: return (!status); # endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE */ } +#endif /* 0 */ /* diff --git a/scheduler/Makefile b/scheduler/Makefile index 3c0fff3e12..eb8afc6923 100644 --- a/scheduler/Makefile +++ b/scheduler/Makefile @@ -40,8 +40,7 @@ CUPSDOBJS = \ server.o \ statbuf.o \ subscriptions.o \ - sysman.o \ - tls.o + sysman.o LIBOBJS = \ filter.o \ mime.o \ @@ -391,8 +390,6 @@ cupsd-static: $(CUPSDOBJS) libcupsmime.a ../cups/$(LIBCUPSSTATIC) $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \ $(LIBWRAP) -tls.o: tls-darwin.c tls-gnutls.c tls-openssl.c - # # Make the cupsfilter utility. diff --git a/scheduler/client.c b/scheduler/client.c index 3ec06f71b4..3705cefe9b 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -40,6 +40,9 @@ static int check_if_modified(cupsd_client_t *con, struct stat *filestats); static int compare_clients(cupsd_client_t *a, cupsd_client_t *b, void *data); +#ifdef HAVE_SSL +static int cupsd_start_tls(cupsd_client_t *con, http_encryption_t e); +#endif /* HAVE_SSL */ static char *get_file(cupsd_client_t *con, struct stat *filestats, char *filename, int len); static http_status_t install_cupsd_conf(cupsd_client_t *con); @@ -377,7 +380,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ * https connection; go secure... */ - if (!cupsdStartTLS(con)) + if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS)) cupsdCloseClient(con); } else @@ -631,7 +634,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ "Saw first byte %02X, auto-negotiating " "SSL/TLS session.", buf[0] & 255); - if (!cupsdStartTLS(con)) + if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS)) cupsdCloseClient(con); return; @@ -947,7 +950,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ return; } - if (!cupsdStartTLS(con)) + if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED)) { cupsdCloseClient(con); return; @@ -1006,7 +1009,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ return; } - if (!cupsdStartTLS(con)) + if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED)) { cupsdCloseClient(con); return; @@ -2857,6 +2860,29 @@ compare_clients(cupsd_client_t *a, /* I - First client */ } +#ifdef HAVE_SSL +/* + * 'cupsd_start_tls()' - Start encryption on a connection. + */ + +static int /* O - 0 on success, -1 on error */ +cupsd_start_tls(cupsd_client_t *con, /* I - Client connection */ + http_encryption_t e) /* I - Encryption mode */ +{ + /* TODO: Lookup/load cert + key and set */ + if (httpEncryption(con->http, e)) + { + cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s", + cupsLastErrorString()); + return (-1); + } + + cupsdLogClient(con, CUPSD_LOG_INFO, "Connection now encrypted."); + return (0); +} +#endif /* HAVE_SSL */ + + /* * 'get_file()' - Get a filename and state info. */ diff --git a/scheduler/tls.c b/scheduler/tls.c deleted file mode 100644 index 40d939a9d2..0000000000 --- a/scheduler/tls.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * "$Id$" - * - * TLS support code for the CUPS scheduler. - * - * Copyright 2012 by Apple Inc. - * - * These coded instructions, statements, and computer programs are the - * property of Apple Inc. and are protected by Federal copyright - * law. Distribution and use rights are outlined in the file "LICENSE.txt" - * which should have been included with this file. If this file is - * file is missing or damaged, see the license at "http://www.cups.org/". - */ - -#include "cupsd.h" - -#ifdef HAVE_SSL -# ifdef HAVE_CDSASSL -# include "tls-darwin.c" -# elif defined(HAVE_GNUTLS) -# include "tls-gnutls.c" -# elif defined(HAVE_LIBSSL) -# include "tls-openssl.c" -# endif /* HAVE_CDSASSL */ -#endif /* HAVE_SSL */ - - -/* - * End of "$Id$". - */ diff --git a/xcode/CUPS.xcodeproj/project.pbxproj b/xcode/CUPS.xcodeproj/project.pbxproj index ebce922a6d..e6447279d4 100644 --- a/xcode/CUPS.xcodeproj/project.pbxproj +++ b/xcode/CUPS.xcodeproj/project.pbxproj @@ -329,7 +329,6 @@ 7258EAF513459B6D009286F1 /* libcupsimage.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 72F75A611336F9A3004BB496 /* libcupsimage.dylib */; }; 726AD702135E8A90002C930D /* ippserver.c in Sources */ = {isa = PBXBuildFile; fileRef = 726AD701135E8A90002C930D /* ippserver.c */; }; 7271883D1374AB14001A2036 /* mime-private.h in Headers */ = {isa = PBXBuildFile; fileRef = 7271883C1374AB14001A2036 /* mime-private.h */; }; - 728FB7E8153600FA005426E1 /* tls.c in Sources */ = {isa = PBXBuildFile; fileRef = 728FB7E3153600FA005426E1 /* tls.c */; }; 728FB7E91536161C005426E1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E5136B64AF00836530 /* CoreFoundation.framework */; }; 728FB7EA1536161C005426E1 /* Kerberos.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E6136B64B000836530 /* Kerberos.framework */; }; 728FB7EB1536161C005426E1 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 278C58E7136B64B000836530 /* Security.framework */; }; @@ -1314,7 +1313,6 @@ 728FB7E0153600FA005426E1 /* tls-darwin.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "tls-darwin.c"; path = "../scheduler/tls-darwin.c"; sourceTree = ""; }; 728FB7E1153600FA005426E1 /* tls-gnutls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "tls-gnutls.c"; path = "../scheduler/tls-gnutls.c"; sourceTree = ""; }; 728FB7E2153600FA005426E1 /* tls-openssl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "tls-openssl.c"; path = "../scheduler/tls-openssl.c"; sourceTree = ""; }; - 728FB7E3153600FA005426E1 /* tls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = tls.c; path = ../scheduler/tls.c; sourceTree = ""; }; 728FB7EC1536161C005426E1 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = /usr/lib/libz.dylib; sourceTree = ""; }; 728FB7EF1536167A005426E1 /* libiconv.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libiconv.dylib; path = /usr/lib/libiconv.dylib; sourceTree = ""; }; 728FB7F01536167A005426E1 /* libresolv.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libresolv.dylib; path = /usr/lib/libresolv.dylib; sourceTree = ""; }; @@ -1882,7 +1880,6 @@ 72220F8D13330B0C00FCA411 /* subscriptions.h */, 72220F8E13330B0C00FCA411 /* sysman.c */, 72220F8F13330B0C00FCA411 /* sysman.h */, - 728FB7E3153600FA005426E1 /* tls.c */, 728FB7E0153600FA005426E1 /* tls-darwin.c */, 728FB7E1153600FA005426E1 /* tls-gnutls.c */, 728FB7E2153600FA005426E1 /* tls-openssl.c */, @@ -3015,7 +3012,6 @@ 72220FA613330B0C00FCA411 /* subscriptions.c in Sources */, 72220FA713330B0C00FCA411 /* sysman.c in Sources */, 72C16CB9137B195D007E4BF4 /* file.c in Sources */, - 728FB7E8153600FA005426E1 /* tls.c in Sources */, 72D53A3815B4929D003F877F /* colorman.c in Sources */, ); runOnlyForDeploymentPostprocessing = 0;