--- cups-1.2.10/cups/auth.c.af_unix-auth 2007-01-10 16:48:37.000000000 +0000
+++ cups-1.2.10/cups/auth.c 2007-03-29 16:59:51.000000000 +0100
@@ -26,6 +26,8 @@
* Contents:
*
* cupsDoAuthentication() - Authenticate a request.
+ * cups_peercred_auth() - Find out if SO_PEERCRED authentication
+ * is possible
* cups_local_auth() - Get the local authorization certificate if
* available/applicable...
*/
@@ -40,7 +42,9 @@
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
+#include <pwd.h>
#include <sys/stat.h>
+#include <sys/types.h>
#if defined(WIN32) || defined(__EMX__)
# include <io.h>
#else
@@ -177,6 +181,76 @@
return (0);
}
+/*
+ * 'cups_peercred_auth()'
+ * - UNIX Domain Sockets authentication
+ */
+
+static int /* O - 0 if available, -1 if not */
+cups_peercred_auth(http_t *http) /* I - HTTP connection to server */
+{
+#ifdef SO_PEERCRED
+ long buflen;
+ char *buf, *newbuf;
+ struct passwd pwbuf, *pwbufptr;
+ int r;
+
+ if (http->hostaddr->addr.sa_family != AF_LOCAL)
+ return (-1);
+
+ /*
+ * Are we trying to authenticate as ourselves? If not, SO_PEERCRED
+ * is no use.
+ */
+ buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
+ buf = NULL;
+ do
+ {
+ newbuf = realloc (buf, buflen);
+ if (newbuf == NULL)
+ {
+ free (buf);
+ return (-1);
+ }
+
+ buf = newbuf;
+ r = getpwnam_r (cupsUser(), &pwbuf, buf, buflen, &pwbufptr);
+ if (r != 0)
+ {
+ if (r == ERANGE)
+ {
+ buflen *= 2;
+ continue;
+ }
+
+ free (buf);
+ return (-1);
+ }
+ }
+ while (r != 0);
+
+ if (pwbuf.pw_uid != getuid())
+ {
+ free (buf);
+ return (-1);
+ }
+
+ free (buf);
+
+ /*
+ * Set the authorization string and return...
+ */
+
+ snprintf(http->authstring, sizeof(http->authstring), "SO_PEERCRED");
+
+ DEBUG_printf(("cups_peercred_auth: Returning authstring = \"%s\"\n",
+ http->authstring));
+
+ return (0);
+#else
+ return (-1);
+#endif /* SO_PEERCRED */
+}
/*
* 'cups_local_auth()' - Get the local authorization certificate if
@@ -234,7 +308,7 @@
{
DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
filename, strerror(errno)));
- return (-1);
+ return cups_peercred_auth(http);
}
/*
--- cups-1.2.10/scheduler/auth.c.af_unix-auth 2006-09-12 14:58:39.000000000 +0100
+++ cups-1.2.10/scheduler/auth.c 2007-03-29 17:03:53.000000000 +0100
@@ -60,6 +60,9 @@
#include "cupsd.h"
#include <grp.h>
+#include <pwd.h>
+#include <sys/socket.h>
+#include <sys/types.h>
#ifdef HAVE_SHADOW_H
# include <shadow.h>
#endif /* HAVE_SHADOW_H */
@@ -79,6 +82,9 @@
#ifdef HAVE_MEMBERSHIP_H
# include <membership.h>
#endif /* HAVE_MEMBERSHIP_H */
+#if !defined(WIN32) && !defined(__EMX__)
+# include <unistd.h>
+#endif
/*
@@ -384,6 +390,61 @@
"cupsdAuthorize: No authentication data provided.");
return;
}
+#ifdef SO_PEERCRED
+ else if (!strncmp(authorization, "SO_PEERCRED", 3) &&
+ con->http.hostaddr->addr.sa_family == AF_LOCAL)
+ {
+ long buflen;
+ char *buf, *newbuf;
+ struct passwd pwbuf, *pwbufptr;
+ struct ucred u;
+ socklen_t ulen = sizeof(u);
+ int r;
+
+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &u, &ulen) == -1)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "cupsdAuthorize: getsockopt failed for SO_PEERCRED");
+ return;
+ }
+
+ buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
+ buf = NULL;
+ do
+ {
+ newbuf = realloc (buf, buflen);
+ if (newbuf == NULL)
+ {
+ free (buf);
+ return;
+ }
+
+ buf = newbuf;
+
+ /* Look up which username the UID is for. */
+ r = getpwuid_r (u.uid, &pwbuf, buf, buflen, &pwbufptr);
+ if (r != 0)
+ {
+ if (r == ERANGE)
+ {
+ buflen *= 2;
+ continue;
+ }
+
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "cupsdAuthorize: getpwuid_r failed after SO_PEERCRED");
+ free (buf);
+ return;
+ }
+ }
+ while (r != 0);
+
+ strlcpy(username, pwbuf.pw_name, sizeof(username));
+ free (buf);
+ cupsdLogMessage(CUPSD_LOG_DEBUG2,
+ "cupsdAuthorize: using SO_PEERCRED (uid=%d)", u.uid);
+ }
+#endif /* SO_PEERCRED */
else if (!strncmp(authorization, "Local", 5) &&
!strcasecmp(con->http.hostname, "localhost"))
{