Tree - rpms/cups - src.fedoraproject.org

rpms / cups

Blame cups-af_unix-auth.patch

Blob History Raw

		83856ec	`--- cups-1.2.10/cups/auth.c.af_unix-auth 2007-01-10 16:48:37.000000000 +0000`
		83856ec	`+++ cups-1.2.10/cups/auth.c 2007-03-29 16:59:51.000000000 +0100`
		83856ec	`@@ -26,6 +26,8 @@`
		83856ec	`* Contents:`
		83856ec	`*`
		83856ec	`* cupsDoAuthentication() - Authenticate a request.`
		83856ec	`+ * cups_peercred_auth() - Find out if SO_PEERCRED authentication`
		83856ec	`+ * is possible`
		83856ec	`* cups_local_auth() - Get the local authorization certificate if`
		83856ec	`* available/applicable...`
		83856ec	`*/`
		83856ec	`@@ -40,7 +42,9 @@`
		83856ec	`#include <ctype.h>`
		83856ec	`#include <errno.h>`
		83856ec	`#include <fcntl.h>`
		83856ec	`+#include <pwd.h>`
		83856ec	`#include <sys/stat.h>`
		83856ec	`+#include <sys/types.h>`
		83856ec	`#if defined(WIN32) \|\| defined(__EMX__)`
		83856ec	`# include <io.h>`
		83856ec	`#else`
		83856ec	`@@ -177,6 +181,76 @@`
		83856ec	`return (0);`
		83856ec	`}`
		83856ec
		83856ec	`+/*`
		83856ec	`+ * 'cups_peercred_auth()'`
		83856ec	`+ * - UNIX Domain Sockets authentication`
		83856ec	`+ */`
		83856ec	`+`
		83856ec	`+static int /* O - 0 if available, -1 if not */`
		83856ec	`+cups_peercred_auth(http_t http) / I - HTTP connection to server */`
		83856ec	`+{`
		83856ec	`+#ifdef SO_PEERCRED`
		83856ec	`+ long buflen;`
		83856ec	`+ char buf, newbuf;`
		83856ec	`+ struct passwd pwbuf, *pwbufptr;`
		83856ec	`+ int r;`
		83856ec	`+`
		83856ec	`+ if (http->hostaddr->addr.sa_family != AF_LOCAL)`
		83856ec	`+ return (-1);`
		83856ec	`+`
		83856ec	`+ /*`
		83856ec	`+ * Are we trying to authenticate as ourselves? If not, SO_PEERCRED`
		83856ec	`+ * is no use.`
		83856ec	`+ */`
		83856ec	`+ buflen = sysconf (_SC_GETPW_R_SIZE_MAX);`
		83856ec	`+ buf = NULL;`
		83856ec	`+ do`
		83856ec	`+ {`
		83856ec	`+ newbuf = realloc (buf, buflen);`
		83856ec	`+ if (newbuf == NULL)`
		83856ec	`+ {`
		83856ec	`+ free (buf);`
		83856ec	`+ return (-1);`
		83856ec	`+ }`
		83856ec	`+`
		83856ec	`+ buf = newbuf;`
		83856ec	`+ r = getpwnam_r (cupsUser(), &pwbuf, buf, buflen, &pwbufptr);`
		83856ec	`+ if (r != 0)`
		83856ec	`+ {`
		83856ec	`+ if (r == ERANGE)`
		83856ec	`+ {`
		83856ec	`+ buflen *= 2;`
		83856ec	`+ continue;`
		83856ec	`+ }`
		83856ec	`+`
		83856ec	`+ free (buf);`
		83856ec	`+ return (-1);`
		83856ec	`+ }`
		83856ec	`+ }`
		83856ec	`+ while (r != 0);`
		83856ec	`+`
		83856ec	`+ if (pwbuf.pw_uid != getuid())`
		83856ec	`+ {`
		83856ec	`+ free (buf);`
		83856ec	`+ return (-1);`
		83856ec	`+ }`
		83856ec	`+`
		83856ec	`+ free (buf);`
		83856ec	`+`
		83856ec	`+ /*`
		83856ec	`+ * Set the authorization string and return...`
		83856ec	`+ */`
		83856ec	`+`
		83856ec	`+ snprintf(http->authstring, sizeof(http->authstring), "SO_PEERCRED");`
		83856ec	`+`
		83856ec	`+ DEBUG_printf(("cups_peercred_auth: Returning authstring = \"%s\"\n",`
		83856ec	`+ http->authstring));`
		83856ec	`+`
		83856ec	`+ return (0);`
		83856ec	`+#else`
		83856ec	`+ return (-1);`
		83856ec	`+#endif /* SO_PEERCRED */`
		83856ec	`+}`
		83856ec
		83856ec	`/*`
		83856ec	`* 'cups_local_auth()' - Get the local authorization certificate if`
		83856ec	`@@ -234,7 +308,7 @@`
		83856ec	`{`
		83856ec	`DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",`
		83856ec	`filename, strerror(errno)));`
		83856ec	`- return (-1);`
		83856ec	`+ return cups_peercred_auth(http);`
		83856ec	`}`
		83856ec
		83856ec	`/*`
		83856ec	`--- cups-1.2.10/scheduler/auth.c.af_unix-auth 2006-09-12 14:58:39.000000000 +0100`
		83856ec	`+++ cups-1.2.10/scheduler/auth.c 2007-03-29 17:03:53.000000000 +0100`
		83856ec	`@@ -60,6 +60,9 @@`
		83856ec
		83856ec	`#include "cupsd.h"`
		83856ec	`#include <grp.h>`
		83856ec	`+#include <pwd.h>`
		83856ec	`+#include <sys/socket.h>`
		83856ec	`+#include <sys/types.h>`
		83856ec	`#ifdef HAVE_SHADOW_H`
		83856ec	`# include <shadow.h>`
		83856ec	`#endif /* HAVE_SHADOW_H */`
		83856ec	`@@ -79,6 +82,9 @@`
		83856ec	`#ifdef HAVE_MEMBERSHIP_H`
		83856ec	`# include <membership.h>`
		83856ec	`#endif /* HAVE_MEMBERSHIP_H */`
		83856ec	`+#if !defined(WIN32) && !defined(__EMX__)`
		83856ec	`+# include <unistd.h>`
		83856ec	`+#endif`
		83856ec
		83856ec
		83856ec	`/*`
		83856ec	`@@ -384,6 +390,61 @@`
		83856ec	`"cupsdAuthorize: No authentication data provided.");`
		83856ec	`return;`
		83856ec	`}`
		83856ec	`+#ifdef SO_PEERCRED`
		83856ec	`+ else if (!strncmp(authorization, "SO_PEERCRED", 3) &&`
		83856ec	`+ con->http.hostaddr->addr.sa_family == AF_LOCAL)`
		83856ec	`+ {`
		83856ec	`+ long buflen;`
		83856ec	`+ char buf, newbuf;`
		83856ec	`+ struct passwd pwbuf, *pwbufptr;`
		83856ec	`+ struct ucred u;`
		83856ec	`+ socklen_t ulen = sizeof(u);`
		83856ec	`+ int r;`
		83856ec	`+`
		83856ec	`+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &u, &ulen) == -1)`
		83856ec	`+ {`
		83856ec	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
		83856ec	`+ "cupsdAuthorize: getsockopt failed for SO_PEERCRED");`
		83856ec	`+ return;`
		83856ec	`+ }`
		83856ec	`+`
		83856ec	`+ buflen = sysconf (_SC_GETPW_R_SIZE_MAX);`
		83856ec	`+ buf = NULL;`
		83856ec	`+ do`
		83856ec	`+ {`
		83856ec	`+ newbuf = realloc (buf, buflen);`
		83856ec	`+ if (newbuf == NULL)`
		83856ec	`+ {`
		83856ec	`+ free (buf);`
		83856ec	`+ return;`
		83856ec	`+ }`
		83856ec	`+`
		83856ec	`+ buf = newbuf;`
		83856ec	`+`
		83856ec	`+ /* Look up which username the UID is for. */`
		83856ec	`+ r = getpwuid_r (u.uid, &pwbuf, buf, buflen, &pwbufptr);`
		83856ec	`+ if (r != 0)`
		83856ec	`+ {`
		83856ec	`+ if (r == ERANGE)`
		83856ec	`+ {`
		83856ec	`+ buflen *= 2;`
		83856ec	`+ continue;`
		83856ec	`+ }`
		83856ec	`+`
		83856ec	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
		83856ec	`+ "cupsdAuthorize: getpwuid_r failed after SO_PEERCRED");`
		83856ec	`+ free (buf);`
		83856ec	`+ return;`
		83856ec	`+ }`
		83856ec	`+ }`
		83856ec	`+ while (r != 0);`
		83856ec	`+`
		83856ec	`+ strlcpy(username, pwbuf.pw_name, sizeof(username));`
		83856ec	`+ free (buf);`
		83856ec	`+ cupsdLogMessage(CUPSD_LOG_DEBUG2,`
		83856ec	`+ "cupsdAuthorize: using SO_PEERCRED (uid=%d)", u.uid);`
		83856ec	`+ }`
		83856ec	`+#endif /* SO_PEERCRED */`
		83856ec	`else if (!strncmp(authorization, "Local", 5) &&`
		83856ec	`!strcasecmp(con->http.hostname, "localhost"))`
		83856ec	`{`

rpms / cups

Source Code

Blame cups-af_unix-auth.patch