diff options
author | jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2006-02-20 18:43:55 +0000 |
---|---|---|
committer | jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2006-02-20 18:43:55 +0000 |
commit | bd7854cb4d663bb0e561eaf5b01bbd47baa71d22 (patch) | |
tree | bca042d698732a5e19035c88c6ffc39d80f543f1 /scheduler/cert.c | |
parent | 4400e98de24bd267328aa20d57951fb6678297fe (diff) | |
download | cups-bd7854cb4d663bb0e561eaf5b01bbd47baa71d22.tar.gz |
Load cups into easysw/current.
git-svn-id: svn+ssh://src.apple.com/svn/cups/easysw/current@60 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'scheduler/cert.c')
-rw-r--r-- | scheduler/cert.c | 86 |
1 files changed, 82 insertions, 4 deletions
diff --git a/scheduler/cert.c b/scheduler/cert.c index aa8b6ca50..195db7842 100644 --- a/scheduler/cert.c +++ b/scheduler/cert.c @@ -1,10 +1,10 @@ /* - * "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $" + * "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $" * * Authentication certificate routines for the Common UNIX * Printing System (CUPS). * - * Copyright 1997-2005 by Easy Software Products. + * Copyright 1997-2006 by Easy Software Products. * * These coded instructions, statements, and computer programs are the * property of Easy Software Products and are protected by Federal @@ -39,7 +39,9 @@ #include "cupsd.h" #ifdef HAVE_ACL_INIT # include <sys/acl.h> -# include <membership.h> +# ifdef HAVE_MEMBERSHIP_H +# include <membership.h> +# endif /* HAVE_MEMBERSHIP_H */ #endif /* HAVE_ACL_INIT */ @@ -102,7 +104,9 @@ cupsdAddCert(int pid, /* I - Process ID */ acl_t acl; /* ACL information */ acl_entry_t entry; /* ACL entry */ acl_permset_t permset; /* Permissions */ +# ifdef HAVE_MBR_UID_TO_UUID uuid_t group; /* Group ID */ +# endif /* HAVE_MBR_UID_TO_UUID */ #endif /* HAVE_ACL_INIT */ @@ -113,6 +117,9 @@ cupsdAddCert(int pid, /* I - Process ID */ fchmod(fd, 0440); fchown(fd, RunUser, SystemGroupIDs[0]); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddCert: NumSystemGroups=%d", + NumSystemGroups); + #ifdef HAVE_ACL_INIT if (NumSystemGroups > 1) { @@ -121,6 +128,11 @@ cupsdAddCert(int pid, /* I - Process ID */ * groups can access it... */ +# ifdef HAVE_MBR_UID_TO_UUID + /* + * On MacOS X, ACLs use UUIDs instead of GIDs... + */ + acl = acl_init(NumSystemGroups - 1); for (i = 1; i < NumSystemGroups; i ++) @@ -137,6 +149,72 @@ cupsdAddCert(int pid, /* I - Process ID */ acl_set_qualifier(entry, &group); acl_set_permset(entry, permset); } +# else + /* + * POSIX ACLs need permissions for owner, group, other, and mask + * in addition to the rest of the system groups... + */ + + acl = acl_init(NumSystemGroups + 3); + + /* Owner */ + acl_create_entry(&acl, &entry); + acl_get_permset(entry, &permset); + acl_add_perm(permset, ACL_READ); + acl_set_tag_type(entry, ACL_USER_OBJ); + acl_set_permset(entry, permset); + + /* Group */ + acl_create_entry(&acl, &entry); + acl_get_permset(entry, &permset); + acl_add_perm(permset, ACL_READ); + acl_set_tag_type(entry, ACL_GROUP_OBJ); + acl_set_permset(entry, permset); + + /* Others */ + acl_create_entry(&acl, &entry); + acl_get_permset(entry, &permset); + acl_add_perm(permset, ACL_READ); + acl_set_tag_type(entry, ACL_OTHER); + acl_set_permset(entry, permset); + + /* Mask */ + acl_create_entry(&acl, &entry); + acl_get_permset(entry, &permset); + acl_add_perm(permset, ACL_READ); + acl_set_tag_type(entry, ACL_MASK); + acl_set_permset(entry, permset); + + for (i = 1; i < NumSystemGroups; i ++) + { + /* + * Add each group ID to the ACL... + */ + + acl_create_entry(&acl, &entry); + acl_get_permset(entry, &permset); + acl_add_perm(permset, ACL_READ); + acl_set_tag_type(entry, ACL_GROUP); + acl_set_qualifier(entry, SystemGroupIDs + i); + acl_set_permset(entry, permset); + } + + if (acl_valid(acl)) + { + char *text, *textptr; + + cupsdLogMessage(CUPSD_LOG_ERROR, "ACL did not validate: %s", + strerror(errno)); + text = acl_to_text(acl, NULL); + for (textptr = strchr(text, '\n'); + textptr; + textptr = strchr(textptr + 1, '\n')) + *textptr = ','; + + cupsdLogMessage(CUPSD_LOG_ERROR, "ACL: %s", text); + free(text); + } +# endif /* HAVE_MBR_UID_TO_UUID */ if (acl_set_fd(fd, acl)) cupsdLogMessage(CUPSD_LOG_ERROR, @@ -337,5 +415,5 @@ cupsdInitCerts(void) /* - * End of "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $". + * End of "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $". */ |