From ce7744402066ff3099af87050e59afb66ef01814 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Thu, 29 Mar 2007 16:35:20 +0000 Subject: [PATCH] - Small improvement for AF_UNIX auth patch. --- cups-af_unix-auth.patch | 191 ++++++++++++++++++++++++++++++++++++++++ cups.spec | 7 +- 2 files changed, 196 insertions(+), 2 deletions(-) create mode 100644 cups-af_unix-auth.patch diff --git a/cups-af_unix-auth.patch b/cups-af_unix-auth.patch new file mode 100644 index 0000000..e983159 --- /dev/null +++ b/cups-af_unix-auth.patch @@ -0,0 +1,191 @@ +--- cups-1.2.10/cups/auth.c.af_unix-auth 2007-01-10 16:48:37.000000000 +0000 ++++ cups-1.2.10/cups/auth.c 2007-03-29 16:59:51.000000000 +0100 +@@ -26,6 +26,8 @@ + * Contents: + * + * cupsDoAuthentication() - Authenticate a request. ++ * cups_peercred_auth() - Find out if SO_PEERCRED authentication ++ * is possible + * cups_local_auth() - Get the local authorization certificate if + * available/applicable... + */ +@@ -40,7 +42,9 @@ + #include + #include + #include ++#include + #include ++#include + #if defined(WIN32) || defined(__EMX__) + # include + #else +@@ -177,6 +181,76 @@ + return (0); + } + ++/* ++ * 'cups_peercred_auth()' ++ * - UNIX Domain Sockets authentication ++ */ ++ ++static int /* O - 0 if available, -1 if not */ ++cups_peercred_auth(http_t *http) /* I - HTTP connection to server */ ++{ ++#ifdef SO_PEERCRED ++ long buflen; ++ char *buf, *newbuf; ++ struct passwd pwbuf, *pwbufptr; ++ int r; ++ ++ if (http->hostaddr->addr.sa_family != AF_LOCAL) ++ return (-1); ++ ++ /* ++ * Are we trying to authenticate as ourselves? If not, SO_PEERCRED ++ * is no use. ++ */ ++ buflen = sysconf (_SC_GETPW_R_SIZE_MAX); ++ buf = NULL; ++ do ++ { ++ newbuf = realloc (buf, buflen); ++ if (newbuf == NULL) ++ { ++ free (buf); ++ return (-1); ++ } ++ ++ buf = newbuf; ++ r = getpwnam_r (cupsUser(), &pwbuf, buf, buflen, &pwbufptr); ++ if (r != 0) ++ { ++ if (r == ERANGE) ++ { ++ buflen *= 2; ++ continue; ++ } ++ ++ free (buf); ++ return (-1); ++ } ++ } ++ while (r != 0); ++ ++ if (pwbuf.pw_uid != getuid()) ++ { ++ free (buf); ++ return (-1); ++ } ++ ++ free (buf); ++ ++ /* ++ * Set the authorization string and return... ++ */ ++ ++ snprintf(http->authstring, sizeof(http->authstring), "SO_PEERCRED"); ++ ++ DEBUG_printf(("cups_peercred_auth: Returning authstring = \"%s\"\n", ++ http->authstring)); ++ ++ return (0); ++#else ++ return (-1); ++#endif /* SO_PEERCRED */ ++} + + /* + * 'cups_local_auth()' - Get the local authorization certificate if +@@ -234,7 +308,7 @@ + { + DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n", + filename, strerror(errno))); +- return (-1); ++ return cups_peercred_auth(http); + } + + /* +--- cups-1.2.10/scheduler/auth.c.af_unix-auth 2006-09-12 14:58:39.000000000 +0100 ++++ cups-1.2.10/scheduler/auth.c 2007-03-29 17:03:53.000000000 +0100 +@@ -60,6 +60,9 @@ + + #include "cupsd.h" + #include ++#include ++#include ++#include + #ifdef HAVE_SHADOW_H + # include + #endif /* HAVE_SHADOW_H */ +@@ -79,6 +82,9 @@ + #ifdef HAVE_MEMBERSHIP_H + # include + #endif /* HAVE_MEMBERSHIP_H */ ++#if !defined(WIN32) && !defined(__EMX__) ++# include ++#endif + + + /* +@@ -384,6 +390,61 @@ + "cupsdAuthorize: No authentication data provided."); + return; + } ++#ifdef SO_PEERCRED ++ else if (!strncmp(authorization, "SO_PEERCRED", 3) && ++ con->http.hostaddr->addr.sa_family == AF_LOCAL) ++ { ++ long buflen; ++ char *buf, *newbuf; ++ struct passwd pwbuf, *pwbufptr; ++ struct ucred u; ++ socklen_t ulen = sizeof(u); ++ int r; ++ ++ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &u, &ulen) == -1) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "cupsdAuthorize: getsockopt failed for SO_PEERCRED"); ++ return; ++ } ++ ++ buflen = sysconf (_SC_GETPW_R_SIZE_MAX); ++ buf = NULL; ++ do ++ { ++ newbuf = realloc (buf, buflen); ++ if (newbuf == NULL) ++ { ++ free (buf); ++ return; ++ } ++ ++ buf = newbuf; ++ ++ /* Look up which username the UID is for. */ ++ r = getpwuid_r (u.uid, &pwbuf, buf, buflen, &pwbufptr); ++ if (r != 0) ++ { ++ if (r == ERANGE) ++ { ++ buflen *= 2; ++ continue; ++ } ++ ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "cupsdAuthorize: getpwuid_r failed after SO_PEERCRED"); ++ free (buf); ++ return; ++ } ++ } ++ while (r != 0); ++ ++ strlcpy(username, pwbuf.pw_name, sizeof(username)); ++ free (buf); ++ cupsdLogMessage(CUPSD_LOG_DEBUG2, ++ "cupsdAuthorize: using SO_PEERCRED (uid=%d)", u.uid); ++ } ++#endif /* SO_PEERCRED */ + else if (!strncmp(authorization, "Local", 5) && + !strcasecmp(con->http.hostname, "localhost")) + { diff --git a/cups.spec b/cups.spec index 5f7127c..5144097 100644 --- a/cups.spec +++ b/cups.spec @@ -43,7 +43,7 @@ Patch18: cups-directed-broadcast.patch Patch19: cups-eggcups.patch Patch20: cups-getpass.patch Patch21: cups-driverd-timeout.patch -Patch22: cups-scm_credentials.patch +Patch22: cups-af_unix-auth.patch Patch100: cups-lspp.patch Epoch: 1 Url: http://www.cups.org/ @@ -149,7 +149,7 @@ lpd emulation. %patch19 -p1 -b .eggcups %patch20 -p1 -b .getpass %patch21 -p1 -b .driverd-timeout -%patch22 -p1 -b .scm_credentials +%patch22 -p1 -b .af_unix-auth %if %lspp %patch100 -p1 -b .lspp @@ -436,6 +436,9 @@ rm -rf $RPM_BUILD_ROOT %{cups_serverbin}/daemon/cups-lpd %changelog +* Thu Mar 29 2007 Tim Waugh +- Small improvement for AF_UNIX auth patch. + * Thu Mar 29 2007 Tim Waugh 1:1.2.10-2 - LSPP: Updated patch for line-wrapped labels (bug #228107).