diff options
| author | jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2006-01-26 21:39:43 +0000 |
|---|---|---|
| committer | jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2006-01-26 21:39:43 +0000 |
| commit | fa73b22906f71080fa5056485d8204612717adac (patch) | |
| tree | f2f23b68c20d1fc9a85301527690aca5efa382df /scheduler/cert.c | |
| parent | 4a09f02d10d679af0b04d36c25f0dcb518e432a4 (diff) | |
| download | cups-fa73b22906f71080fa5056485d8204612717adac.tar.gz | |
Load cups into easysw/current.
git-svn-id: svn+ssh://src.apple.com/svn/cups/easysw/current@13 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'scheduler/cert.c')
| -rw-r--r-- | scheduler/cert.c | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/scheduler/cert.c b/scheduler/cert.c index 4255dd8c4..aa8b6ca50 100644 --- a/scheduler/cert.c +++ b/scheduler/cert.c @@ -1,5 +1,5 @@ /* - * "$Id: cert.c 4719 2005-09-28 21:12:44Z mike $" + * "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $" * * Authentication certificate routines for the Common UNIX * Printing System (CUPS). @@ -37,6 +37,10 @@ */ #include "cupsd.h" +#ifdef HAVE_ACL_INIT +# include <sys/acl.h> +# include <membership.h> +#endif /* HAVE_ACL_INIT */ /* @@ -94,6 +98,14 @@ cupsdAddCert(int pid, /* I - Process ID */ if (pid == 0) { +#ifdef HAVE_ACL_INIT + acl_t acl; /* ACL information */ + acl_entry_t entry; /* ACL entry */ + acl_permset_t permset; /* Permissions */ + uuid_t group; /* Group ID */ +#endif /* HAVE_ACL_INIT */ + + /* * Root certificate... */ @@ -101,6 +113,39 @@ cupsdAddCert(int pid, /* I - Process ID */ fchmod(fd, 0440); fchown(fd, RunUser, SystemGroupIDs[0]); +#ifdef HAVE_ACL_INIT + if (NumSystemGroups > 1) + { + /* + * Set POSIX ACLs for the root certificate so that all system + * groups can access it... + */ + + acl = acl_init(NumSystemGroups - 1); + + for (i = 1; i < NumSystemGroups; i ++) + { + /* + * Add each group ID to the ACL... + */ + + acl_create_entry(&acl, &entry); + acl_get_permset(entry, &permset); + acl_add_perm(permset, ACL_READ_DATA); + acl_set_tag_type(entry, ACL_EXTENDED_ALLOW); + mbr_gid_to_uuid((gid_t)SystemGroupIDs[i], group); + acl_set_qualifier(entry, &group); + acl_set_permset(entry, permset); + } + + if (acl_set_fd(fd, acl)) + cupsdLogMessage(CUPSD_LOG_ERROR, + "Unable to set ACLs on root certificate \"%s\" - %s", + filename, strerror(errno)); + acl_free(acl); + } +#endif /* HAVE_ACL_INIT */ + RootCertTime = time(NULL); } else @@ -292,5 +337,5 @@ cupsdInitCerts(void) /* - * End of "$Id: cert.c 4719 2005-09-28 21:12:44Z mike $". + * End of "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $". */ |