Load cups into easysw/current.

git-svn-id: svn+ssh://src.apple.com/svn/cups/easysw/current@60 a1ca3aef-8c08-0410-bb20-df032aa958be
author: jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> 2006-02-20 18:43:55 +0000
committer: jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> 2006-02-20 18:43:55 +0000
commit: bd7854cb4d663bb0e561eaf5b01bbd47baa71d22 (patch)
tree: bca042d698732a5e19035c88c6ffc39d80f543f1 /scheduler/cert.c
parent: 4400e98de24bd267328aa20d57951fb6678297fe (diff)
download: cups-bd7854cb4d663bb0e561eaf5b01bbd47baa71d22.tar.gz
1 files changed, 82 insertions, 4 deletions
diff --git a/scheduler/cert.c b/scheduler/cert.c
index aa8b6ca50..195db7842 100644
--- a/scheduler/cert.c
+++ b/scheduler/cert.c
@@ -1,10 +1,10 @@
 /*
- * "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $"
+ * "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $"
  *
  *   Authentication certificate routines for the Common UNIX
  *   Printing System (CUPS).
  *
- *   Copyright 1997-2005 by Easy Software Products.
+ *   Copyright 1997-2006 by Easy Software Products.
  *
  *   These coded instructions, statements, and computer programs are the
  *   property of Easy Software Products and are protected by Federal
@@ -39,7 +39,9 @@
 #include "cupsd.h"
 #ifdef HAVE_ACL_INIT
 #  include <sys/acl.h>
-#  include <membership.h>
+#  ifdef HAVE_MEMBERSHIP_H
+#    include <membership.h>
+#  endif /* HAVE_MEMBERSHIP_H */
 #endif /* HAVE_ACL_INIT */
 
 
@@ -102,7 +104,9 @@ cupsdAddCert(int        pid,		/* I - Process ID */
     acl_t		acl;		/* ACL information */
     acl_entry_t		entry;		/* ACL entry */
     acl_permset_t	permset;	/* Permissions */
+#  ifdef HAVE_MBR_UID_TO_UUID
     uuid_t		group;		/* Group ID */
+#  endif /* HAVE_MBR_UID_TO_UUID */
 #endif /* HAVE_ACL_INIT */
 
 
@@ -113,6 +117,9 @@ cupsdAddCert(int        pid,		/* I - Process ID */
     fchmod(fd, 0440);
     fchown(fd, RunUser, SystemGroupIDs[0]);
 
+    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddCert: NumSystemGroups=%d",
+                    NumSystemGroups);
+
 #ifdef HAVE_ACL_INIT
     if (NumSystemGroups > 1)
     {
@@ -121,6 +128,11 @@ cupsdAddCert(int        pid,		/* I - Process ID */
       * groups can access it...
       */
 
+#  ifdef HAVE_MBR_UID_TO_UUID
+     /*
+      * On MacOS X, ACLs use UUIDs instead of GIDs...
+      */
+
       acl = acl_init(NumSystemGroups - 1);
 
       for (i = 1; i < NumSystemGroups; i ++)
@@ -137,6 +149,72 @@ cupsdAddCert(int        pid,		/* I - Process ID */
 	acl_set_qualifier(entry, &group);
 	acl_set_permset(entry, permset);
       }
+#  else
+     /*
+      * POSIX ACLs need permissions for owner, group, other, and mask
+      * in addition to the rest of the system groups...
+      */
+
+      acl = acl_init(NumSystemGroups + 3);
+
+      /* Owner */
+      acl_create_entry(&acl, &entry);
+      acl_get_permset(entry, &permset);
+      acl_add_perm(permset, ACL_READ);
+      acl_set_tag_type(entry, ACL_USER_OBJ);
+      acl_set_permset(entry, permset);
+
+      /* Group */
+      acl_create_entry(&acl, &entry);
+      acl_get_permset(entry, &permset);
+      acl_add_perm(permset, ACL_READ);
+      acl_set_tag_type(entry, ACL_GROUP_OBJ);
+      acl_set_permset(entry, permset);
+
+      /* Others */
+      acl_create_entry(&acl, &entry);
+      acl_get_permset(entry, &permset);
+      acl_add_perm(permset, ACL_READ);
+      acl_set_tag_type(entry, ACL_OTHER);
+      acl_set_permset(entry, permset);
+
+      /* Mask */
+      acl_create_entry(&acl, &entry);
+      acl_get_permset(entry, &permset);
+      acl_add_perm(permset, ACL_READ);
+      acl_set_tag_type(entry, ACL_MASK);
+      acl_set_permset(entry, permset);
+
+      for (i = 1; i < NumSystemGroups; i ++)
+      {
+       /*
+        * Add each group ID to the ACL...
+	*/
+
+        acl_create_entry(&acl, &entry);
+	acl_get_permset(entry, &permset);
+	acl_add_perm(permset, ACL_READ);
+	acl_set_tag_type(entry, ACL_GROUP);
+	acl_set_qualifier(entry, SystemGroupIDs + i);
+	acl_set_permset(entry, permset);
+      }
+
+      if (acl_valid(acl))
+      {
+        char *text, *textptr;
+
+        cupsdLogMessage(CUPSD_LOG_ERROR, "ACL did not validate: %s",
+	                strerror(errno));
+        text = acl_to_text(acl, NULL);
+	for (textptr = strchr(text, '\n');
+	     textptr;
+	     textptr = strchr(textptr + 1, '\n'))
+	  *textptr = ',';
+
+	cupsdLogMessage(CUPSD_LOG_ERROR, "ACL: %s", text);
+	free(text);
+      }
+#  endif /* HAVE_MBR_UID_TO_UUID */
 
       if (acl_set_fd(fd, acl))
 	cupsdLogMessage(CUPSD_LOG_ERROR,
@@ -337,5 +415,5 @@ cupsdInitCerts(void)
 
 
 /*
- * End of "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $".
+ * End of "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $".
  */
author	jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be>	2006-02-20 18:43:55 +0000
committer	jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be>	2006-02-20 18:43:55 +0000
commit	bd7854cb4d663bb0e561eaf5b01bbd47baa71d22 (patch)
tree	bca042d698732a5e19035c88c6ffc39d80f543f1 /scheduler/cert.c
parent	4400e98de24bd267328aa20d57951fb6678297fe (diff)
download	cups-bd7854cb4d663bb0e561eaf5b01bbd47baa71d22.tar.gz