From 843ebb9de0506ff2c34f52525543b8a7fae25c6e Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Dec 09 2011 12:00:38 +0000 Subject: Bind to datagram socket as well in systemd cups.socket unit file, to prevent that port being stolen by another service (bug #760070). --- diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch index 8e5147d..605f58b 100644 --- a/cups-systemd-socket.patch +++ b/cups-systemd-socket.patch @@ -1,6 +1,6 @@ diff -up cups-1.5.0/config.h.in.systemd-socket cups-1.5.0/config.h.in ---- cups-1.5.0/config.h.in.systemd-socket 2011-10-18 15:32:40.741672460 +0100 -+++ cups-1.5.0/config.h.in 2011-10-18 15:32:40.843670530 +0100 +--- cups-1.5.0/config.h.in.systemd-socket 2011-12-08 17:21:46.397159342 +0000 ++++ cups-1.5.0/config.h.in 2011-12-08 17:21:46.500157383 +0000 @@ -503,6 +503,13 @@ @@ -16,8 +16,8 @@ diff -up cups-1.5.0/config.h.in.systemd-socket cups-1.5.0/config.h.in */ diff -up cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket cups-1.5.0/config-scripts/cups-systemd.m4 ---- cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket 2011-10-18 15:32:40.844670511 +0100 -+++ cups-1.5.0/config-scripts/cups-systemd.m4 2011-10-18 15:33:16.861989058 +0100 +--- cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket 2011-12-08 17:21:46.501157363 +0000 ++++ cups-1.5.0/config-scripts/cups-systemd.m4 2011-12-08 17:21:46.501157363 +0000 @@ -0,0 +1,36 @@ +dnl +dnl "$Id$" @@ -57,7 +57,7 @@ diff -up cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket cups-1.5.0/con +dnl diff -up cups-1.5.0/configure.in.systemd-socket cups-1.5.0/configure.in --- cups-1.5.0/configure.in.systemd-socket 2010-11-20 01:03:46.000000000 +0000 -+++ cups-1.5.0/configure.in 2011-10-18 15:32:40.844670511 +0100 ++++ cups-1.5.0/configure.in 2011-12-08 17:21:46.501157363 +0000 @@ -37,6 +37,7 @@ sinclude(config-scripts/cups-pam.m4) sinclude(config-scripts/cups-largefile.m4) sinclude(config-scripts/cups-dnssd.m4) @@ -77,8 +77,8 @@ diff -up cups-1.5.0/configure.in.systemd-socket cups-1.5.0/configure.in doc/help/ref-cupsd-conf.html doc/help/standard.html diff -up cups-1.5.0/cups/usersys.c.systemd-socket cups-1.5.0/cups/usersys.c ---- cups-1.5.0/cups/usersys.c.systemd-socket 2011-10-18 15:32:40.645674277 +0100 -+++ cups-1.5.0/cups/usersys.c 2011-10-18 15:32:40.845670492 +0100 +--- cups-1.5.0/cups/usersys.c.systemd-socket 2011-12-08 17:21:46.312160958 +0000 ++++ cups-1.5.0/cups/usersys.c 2011-12-08 17:21:46.502157344 +0000 @@ -770,7 +770,7 @@ cups_read_client_conf( struct stat sockinfo; /* Domain socket information */ @@ -89,8 +89,8 @@ diff -up cups-1.5.0/cups/usersys.c.systemd-socket cups-1.5.0/cups/usersys.c else #endif /* CUPS_DEFAULT_DOMAINSOCKET */ diff -up cups-1.5.0/data/cups.path.in.systemd-socket cups-1.5.0/data/cups.path.in ---- cups-1.5.0/data/cups.path.in.systemd-socket 2011-10-18 15:32:40.846670473 +0100 -+++ cups-1.5.0/data/cups.path.in 2011-10-18 15:32:40.846670473 +0100 +--- cups-1.5.0/data/cups.path.in.systemd-socket 2011-12-08 17:21:46.503157325 +0000 ++++ cups-1.5.0/data/cups.path.in 2011-12-08 17:21:46.503157325 +0000 @@ -0,0 +1,8 @@ +[Unit] +Description=CUPS Printer Service Spool @@ -101,8 +101,8 @@ diff -up cups-1.5.0/data/cups.path.in.systemd-socket cups-1.5.0/data/cups.path.i +[Install] +WantedBy=multi-user.target diff -up cups-1.5.0/data/cups.service.in.systemd-socket cups-1.5.0/data/cups.service.in ---- cups-1.5.0/data/cups.service.in.systemd-socket 2011-10-18 15:32:40.846670473 +0100 -+++ cups-1.5.0/data/cups.service.in 2011-10-18 15:32:40.846670473 +0100 +--- cups-1.5.0/data/cups.service.in.systemd-socket 2011-12-08 17:21:46.503157325 +0000 ++++ cups-1.5.0/data/cups.service.in 2011-12-08 17:21:46.503157325 +0000 @@ -0,0 +1,9 @@ +[Unit] +Description=CUPS Printing Service @@ -114,22 +114,23 @@ diff -up cups-1.5.0/data/cups.service.in.systemd-socket cups-1.5.0/data/cups.ser +Also=cups.socket cups.path +WantedBy=printer.target diff -up cups-1.5.0/data/cups.socket.in.systemd-socket cups-1.5.0/data/cups.socket.in ---- cups-1.5.0/data/cups.socket.in.systemd-socket 2011-10-18 15:32:40.847670454 +0100 -+++ cups-1.5.0/data/cups.socket.in 2011-10-18 15:32:40.847670454 +0100 -@@ -0,0 +1,10 @@ +--- cups-1.5.0/data/cups.socket.in.systemd-socket 2011-12-08 17:21:46.504157306 +0000 ++++ cups-1.5.0/data/cups.socket.in 2011-12-08 17:21:46.504157306 +0000 +@@ -0,0 +1,11 @@ +[Unit] +Description=CUPS Printing Service Sockets + +[Socket] +ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ +ListenStream=631 ++ListenDatagram=0.0.0.0:631 +BindIPv6Only=ipv6-only + +[Install] +WantedBy=sockets.target diff -up cups-1.5.0/data/Makefile.systemd-socket cups-1.5.0/data/Makefile --- cups-1.5.0/data/Makefile.systemd-socket 2011-05-12 06:21:56.000000000 +0100 -+++ cups-1.5.0/data/Makefile 2011-10-18 15:32:40.847670454 +0100 ++++ cups-1.5.0/data/Makefile 2011-12-08 17:21:46.504157306 +0000 @@ -112,6 +112,12 @@ install-data: $(INSTALL_DATA) $$file $(DATADIR)/ppdc; \ done @@ -154,8 +155,8 @@ diff -up cups-1.5.0/data/Makefile.systemd-socket cups-1.5.0/data/Makefile # diff -up cups-1.5.0/Makedefs.in.systemd-socket cups-1.5.0/Makedefs.in ---- cups-1.5.0/Makedefs.in.systemd-socket 2011-10-18 15:32:40.719672876 +0100 -+++ cups-1.5.0/Makedefs.in 2011-10-18 15:32:40.848670435 +0100 +--- cups-1.5.0/Makedefs.in.systemd-socket 2011-12-08 17:21:46.375159760 +0000 ++++ cups-1.5.0/Makedefs.in 2011-12-08 17:21:46.505157287 +0000 @@ -143,6 +143,7 @@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@ CXXLIBS = @CXXLIBS@ DBUS_NOTIFIER = @DBUS_NOTIFIER@ @@ -182,7 +183,7 @@ diff -up cups-1.5.0/Makedefs.in.systemd-socket cups-1.5.0/Makedefs.in # diff -up cups-1.5.0/scheduler/client.h.systemd-socket cups-1.5.0/scheduler/client.h --- cups-1.5.0/scheduler/client.h.systemd-socket 2011-03-25 21:25:38.000000000 +0000 -+++ cups-1.5.0/scheduler/client.h 2011-10-18 15:32:40.848670435 +0100 ++++ cups-1.5.0/scheduler/client.h 2011-12-08 17:21:46.505157287 +0000 @@ -75,6 +75,9 @@ typedef struct int fd; /* File descriptor for this server */ http_addr_t address; /* Bind address of socket */ @@ -193,9 +194,99 @@ diff -up cups-1.5.0/scheduler/client.h.systemd-socket cups-1.5.0/scheduler/clien } cupsd_listener_t; +diff -up cups-1.5.0/scheduler/dirsvc.c.systemd-socket cups-1.5.0/scheduler/dirsvc.c +--- cups-1.5.0/scheduler/dirsvc.c.systemd-socket 2011-12-08 17:21:46.452158297 +0000 ++++ cups-1.5.0/scheduler/dirsvc.c 2011-12-08 17:21:46.510157192 +0000 +@@ -1512,7 +1512,7 @@ cupsdStartBrowsing(void) + } + } + +- if (BrowseSocket >= 0) ++ if (BrowseSocket >= 0 && !BrowseSocketIsSystemd) + { + /* + * Bind the socket to browse port... +@@ -1556,13 +1556,17 @@ cupsdStartBrowsing(void) + cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to set broadcast mode - %s.", + strerror(errno)); + ++ if (!BrowseSocketIsSystemd) ++ { + #ifdef WIN32 +- closesocket(BrowseSocket); ++ closesocket(BrowseSocket); + #else +- close(BrowseSocket); ++ close(BrowseSocket); + #endif /* WIN32 */ + +- BrowseSocket = -1; ++ BrowseSocket = -1; ++ } ++ + BrowseLocalProtocols &= ~BROWSE_CUPS; + BrowseRemoteProtocols &= ~BROWSE_CUPS; + +@@ -1885,15 +1889,22 @@ cupsdStopBrowsing(void) + if (((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS) && + BrowseSocket >= 0) + { +- /* +- * Close the socket and remove it from the input selection set. +- */ ++ if (!BrowseSocketIsSystemd) ++ { ++ /* ++ * Close the socket. ++ */ + + #ifdef WIN32 +- closesocket(BrowseSocket); ++ closesocket(BrowseSocket); + #else +- close(BrowseSocket); ++ close(BrowseSocket); + #endif /* WIN32 */ ++ } ++ ++ /* ++ * Remove it from the input selection set. ++ */ + + cupsdRemoveSelect(BrowseSocket); + BrowseSocket = -1; +@@ -5683,11 +5694,14 @@ update_cups_browse(void) + strerror(errno)); + cupsdLogMessage(CUPSD_LOG_ERROR, "CUPS browsing turned off."); + ++ if (!BrowseSocketIsSystemd) ++ { + #ifdef WIN32 +- closesocket(BrowseSocket); ++ closesocket(BrowseSocket); + #else +- close(BrowseSocket); ++ close(BrowseSocket); + #endif /* WIN32 */ ++ } + + cupsdRemoveSelect(BrowseSocket); + BrowseSocket = -1; +diff -up cups-1.5.0/scheduler/dirsvc.h.systemd-socket cups-1.5.0/scheduler/dirsvc.h +--- cups-1.5.0/scheduler/dirsvc.h.systemd-socket 2011-12-08 17:21:46.454158257 +0000 ++++ cups-1.5.0/scheduler/dirsvc.h 2011-12-08 17:21:46.511157174 +0000 +@@ -100,6 +100,8 @@ VAR int Browsing VALUE(TRUE), + /* Short names for remote printers? */ + BrowseSocket VALUE(-1), + /* Socket for browsing */ ++ BrowseSocketIsSystemd VALUE(0), ++ /* BrowseSocket is systemd-provided? */ + BrowsePort VALUE(IPP_PORT), + /* Port number for broadcasts */ + BrowseInterval VALUE(DEFAULT_INTERVAL), diff -up cups-1.5.0/scheduler/listen.c.systemd-socket cups-1.5.0/scheduler/listen.c --- cups-1.5.0/scheduler/listen.c.systemd-socket 2011-04-16 00:38:13.000000000 +0100 -+++ cups-1.5.0/scheduler/listen.c 2011-10-18 15:32:40.849670416 +0100 ++++ cups-1.5.0/scheduler/listen.c 2011-12-08 17:21:46.512157155 +0000 @@ -401,7 +401,11 @@ cupsdStopListening(void) lis; lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) @@ -210,8 +301,8 @@ diff -up cups-1.5.0/scheduler/listen.c.systemd-socket cups-1.5.0/scheduler/liste #ifdef WIN32 closesocket(lis->fd); diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c ---- cups-1.5.0/scheduler/main.c.systemd-socket 2011-10-18 15:32:40.802671306 +0100 -+++ cups-1.5.0/scheduler/main.c 2011-10-18 15:32:40.851670379 +0100 +--- cups-1.5.0/scheduler/main.c.systemd-socket 2011-12-08 17:21:46.467158009 +0000 ++++ cups-1.5.0/scheduler/main.c 2011-12-08 17:23:05.944645297 +0000 @@ -26,6 +26,8 @@ * launchd_checkin() - Check-in with launchd and collect the listening * fds. @@ -272,7 +363,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c /* * Startup the server... */ -@@ -1584,6 +1609,100 @@ launchd_checkout(void) +@@ -1584,6 +1609,147 @@ launchd_checkout(void) } #endif /* HAVE_LAUNCHD */ @@ -304,14 +395,61 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c + char s[256]; + + r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1); -+ if (r < 0) { ++ if (r < 0) ++ { + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Unable to verify socket type - %s", + strerror(-r)); + continue; + } + -+ if (!r) { ++ if (!r) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Browsing=%d", Browsing); ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "BrowseLocalProtocols=%x", BrowseLocalProtocols); ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "BrowseRemoteProtocols=%x", BrowseRemoteProtocols); ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "BROWSE_CUPS=%x", BROWSE_CUPS); ++ if (Browsing && ++ ((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS)) ++ { ++ r = sd_is_socket(fd, AF_UNSPEC, SOCK_DGRAM, 0); ++ if (r < 0) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "systemd_checkin: Unable to verify socket type - %s", ++ strerror(-r)); ++ continue; ++ } ++ ++ if (r) ++ { ++ /* ++ * This is the browse socket. ++ */ ++ ++ char addrstr[256]; ++ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "systemd_checkin: Unable to get local address - %s", ++ strerror(errno)); ++ continue; ++ } ++ ++ httpAddrString (&addr, addrstr, sizeof (addrstr)); ++ BrowseSocket = fd; ++ BrowseSocketIsSystemd = 1; ++ cupsdLogMessage(CUPSD_LOG_DEBUG, ++ "systemd_checkin: Matched browse (port %d) with fd %d:%s...", ++ BrowsePort, fd, addrstr); ++ continue; ++ } ++ ++ } + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Socket not of the right type"); + continue; @@ -325,7 +463,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c + continue; + } + -+ /* ++ /* + * Try to match the systemd socket address to one of the listeners... + */ + @@ -333,7 +471,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c + lis; + lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) + if (httpAddrEqual(&lis->address, &addr)) -+ break; ++ break; + + if (lis) + { @@ -374,8 +512,8 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c /* * 'parent_handler()' - Catch USR1/CHLD signals... diff -up cups-1.5.0/scheduler/Makefile.systemd-socket cups-1.5.0/scheduler/Makefile ---- cups-1.5.0/scheduler/Makefile.systemd-socket 2011-10-18 15:32:40.817671022 +0100 -+++ cups-1.5.0/scheduler/Makefile 2011-10-18 15:32:40.852670360 +0100 +--- cups-1.5.0/scheduler/Makefile.systemd-socket 2011-12-08 17:21:46.477157820 +0000 ++++ cups-1.5.0/scheduler/Makefile 2011-12-08 17:21:46.515157096 +0000 @@ -382,7 +382,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu $(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \ $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ diff --git a/cups.spec b/cups.spec index 867828c..4750bb0 100644 --- a/cups.spec +++ b/cups.spec @@ -13,7 +13,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.5.0 -Release: 22%{?dist} +Release: 23%{?dist} License: GPLv2 Group: System Environment/Daemons Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 @@ -660,6 +660,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/ipptool.1.gz %changelog +* Fri Dec 9 2011 Tim Waugh 1:1.5.0-23 +- Bind to datagram socket as well in systemd cups.socket unit file, to + prevent that port being stolen by another service (bug #760070). + * Fri Nov 11 2011 Tim Waugh 1:1.5.0-22 - Fixed trigger (bug #748841).