diff options
author | jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2006-03-04 15:56:42 +0000 |
---|---|---|
committer | jlovell <jlovell@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2006-03-04 15:56:42 +0000 |
commit | 4744bd907e6750c26bba4354d986e342406147ca (patch) | |
tree | 1dee14bb6163fc453ebe124dee65155384b46ad6 /scheduler | |
parent | b423cd4cb9fa8cf030cc046a59c28196f3edf6b4 (diff) | |
download | cups-4744bd907e6750c26bba4354d986e342406147ca.tar.gz |
Load cups into easysw/current.
git-svn-id: svn+ssh://src.apple.com/svn/cups/easysw/current@75 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'scheduler')
-rw-r--r-- | scheduler/auth.c | 6 | ||||
-rw-r--r-- | scheduler/auth.h | 8 | ||||
-rw-r--r-- | scheduler/cert.c | 6 | ||||
-rw-r--r-- | scheduler/client.c | 236 | ||||
-rw-r--r-- | scheduler/conf.c | 36 | ||||
-rw-r--r-- | scheduler/conf.h | 6 | ||||
-rw-r--r-- | scheduler/cups-lpd.c | 6 | ||||
-rw-r--r-- | scheduler/dirsvc.c | 13 | ||||
-rw-r--r-- | scheduler/main.c | 35 |
9 files changed, 269 insertions, 83 deletions
diff --git a/scheduler/auth.c b/scheduler/auth.c index bee2ad395..7843fe15b 100644 --- a/scheduler/auth.c +++ b/scheduler/auth.c @@ -1,5 +1,5 @@ /* - * "$Id: auth.c 5197 2006-02-27 21:30:20Z mike $" + * "$Id: auth.c 5222 2006-03-03 18:57:56Z mike $" * * Authorization routines for the Common UNIX Printing System (CUPS). * @@ -1618,7 +1618,7 @@ cupsdIsAuthorized(cupsd_client_t *con, /* I - Connection */ if (!strcasecmp(con->http.hostname, "localhost")) { /* - * Access from localhost (127.0.0.1 or :::1) is always allowed... + * Access from localhost (127.0.0.1 or ::1) is always allowed... */ auth = AUTH_ALLOW; @@ -2156,5 +2156,5 @@ to64(char *s, /* O - Output string */ /* - * End of "$Id: auth.c 5197 2006-02-27 21:30:20Z mike $". + * End of "$Id: auth.c 5222 2006-03-03 18:57:56Z mike $". */ diff --git a/scheduler/auth.h b/scheduler/auth.h index 2d4dcb326..e18f8defa 100644 --- a/scheduler/auth.h +++ b/scheduler/auth.h @@ -1,5 +1,5 @@ /* - * "$Id: auth.h 5069 2006-02-04 05:24:35Z mike $" + * "$Id: auth.h 5222 2006-03-03 18:57:56Z mike $" * * Authorization definitions for the Common UNIX Printing System (CUPS) * scheduler. @@ -125,6 +125,10 @@ VAR cups_array_t *Locations VALUE(NULL); /* Authorization locations */ VAR int DefaultAuthType VALUE(AUTH_BASIC); /* Default AuthType, if not specified */ +#ifdef HAVE_SSL +VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); + /* Default encryption for authentication */ +#endif /* HAVE_SSL */ /* @@ -156,5 +160,5 @@ extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner); /* - * End of "$Id: auth.h 5069 2006-02-04 05:24:35Z mike $". + * End of "$Id: auth.h 5222 2006-03-03 18:57:56Z mike $". */ diff --git a/scheduler/cert.c b/scheduler/cert.c index 195db7842..91c2af888 100644 --- a/scheduler/cert.c +++ b/scheduler/cert.c @@ -1,5 +1,5 @@ /* - * "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $" + * "$Id: cert.c 5213 2006-03-02 00:37:34Z mike $" * * Authentication certificate routines for the Common UNIX * Printing System (CUPS). @@ -174,7 +174,7 @@ cupsdAddCert(int pid, /* I - Process ID */ /* Others */ acl_create_entry(&acl, &entry); acl_get_permset(entry, &permset); - acl_add_perm(permset, ACL_READ); + acl_add_perm(permset, 0); acl_set_tag_type(entry, ACL_OTHER); acl_set_permset(entry, permset); @@ -415,5 +415,5 @@ cupsdInitCerts(void) /* - * End of "$Id: cert.c 5080 2006-02-05 18:28:27Z mike $". + * End of "$Id: cert.c 5213 2006-03-02 00:37:34Z mike $". */ diff --git a/scheduler/client.c b/scheduler/client.c index c9ae16f01..f9226223d 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -1,5 +1,5 @@ /* - * "$Id: client.c 5200 2006-02-28 00:10:32Z mike $" + * "$Id: client.c 5225 2006-03-04 12:28:10Z mike $" * * Client routines for the Common UNIX Printing System (CUPS) scheduler. * @@ -41,6 +41,7 @@ * get_file() - Get a filename and state info. * install_conf_file() - Install a configuration file. * is_path_absolute() - Is a path absolute and free of relative elements. + * make_certificate() - Make a self-signed SSL/TLS certificate. * pipe_command() - Pipe the output of a command to the remote client. */ @@ -54,6 +55,9 @@ #ifdef HAVE_CDSASSL # include <Security/Security.h> #endif /* HAVE_CDSASSL */ +#ifdef HAVE_GNUTLS +# include <gnutls/x509.h> +#endif /* HAVE_GNUTLS */ /* @@ -69,6 +73,9 @@ static char *get_file(cupsd_client_t *con, struct stat *filestats, char *filename, int len); static http_status_t install_conf_file(cupsd_client_t *con); static int is_path_absolute(const char *path); +#ifdef HAVE_GNUTLS +static void make_certificate(void); +#endif /* HAVE_GNUTLS */ static int pipe_command(cupsd_client_t *con, int infile, int *outfile, char *command, char *options, int root); @@ -698,6 +705,20 @@ cupsdEncryptClient(cupsd_client_t *con) /* I - Client to encrypt */ gnutls_certificate_server_credentials *credentials; /* TLS credentials */ + + /* + * Verify that we have a certificate... + */ + + if (access(ServerKey, 0) || access(ServerCertificate, 0)) + { + /* + * Nope, make a self-signed certificate... + */ + + make_certificate(); + } + /* * Create the SSL object and perform the SSL handshake... */ @@ -727,7 +748,7 @@ cupsdEncryptClient(cupsd_client_t *con) /* I - Client to encrypt */ gnutls_init(&(conn->session), GNUTLS_SERVER); gnutls_set_default_priority(conn->session); gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE, *credentials); - gnutls_transport_set_ptr(conn->session, con->http.fd); + gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr)con->http.fd); error = gnutls_handshake(conn->session); @@ -2256,6 +2277,23 @@ int /* O - 1 if successful, 0 otherwise */ cupsdSendError(cupsd_client_t *con, /* I - Connection */ http_status_t code) /* I - Error code */ { +#ifdef HAVE_SSL + /* + * Force client to upgrade for authentication if that is how the + * server is configured... + */ + + if (code == HTTP_UNAUTHORIZED && + DefaultEncryption == HTTP_ENCRYPT_REQUIRED && + strcasecmp(con->http.hostname, "localhost") && + !con->http.tls) + { + cupsdLogMessage(CUPSD_LOG_DEBUG2, + "cupsdSendError: Encryption before authentication!"); + code = HTTP_UPGRADE_REQUIRED; + } +#endif /* HAVE_SSL */ + /* * Put the request in the access_log file... */ @@ -2416,12 +2454,20 @@ cupsdSendHeader(cupsd_client_t *con, /* I - Client to send to */ http_status_t code, /* I - HTTP status code */ char *type) /* I - MIME type of document */ { + /* + * Send the HTTP status header... + */ + if (httpPrintf(HTTP(con), "HTTP/%d.%d %d %s\r\n", con->http.version / 100, con->http.version % 100, code, httpStatus(code)) < 0) return (0); if (code == HTTP_CONTINUE) { + /* + * 100-continue doesn't send any headers... + */ + if (httpPrintf(HTTP(con), "\r\n") < 0) return (0); else @@ -2589,17 +2635,19 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ if (!strncasecmp(buf, "Location:", 9)) cupsdSendHeader(con, HTTP_SEE_OTHER, NULL); else if (!strncasecmp(buf, "Status:", 7)) - cupsdSendHeader(con, atoi(buf + 7), NULL); + cupsdSendError(con, atoi(buf + 7)); else + { cupsdSendHeader(con, HTTP_OK, NULL); - if (con->http.version == HTTP_1_1) - { - con->http.data_encoding = HTTP_ENCODE_CHUNKED; + if (con->http.version == HTTP_1_1) + { + con->http.data_encoding = HTTP_ENCODE_CHUNKED; - if (httpPrintf(HTTP(con), "Transfer-Encoding: chunked\r\n") < 0) - return (0); - } + if (httpPrintf(HTTP(con), "Transfer-Encoding: chunked\r\n") < 0) + return (0); + } + } con->sent_header = 1; } @@ -2646,26 +2694,26 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ return (1); } else if (bytes == 0) - { con->http.activity = time(NULL); - return (1); - } } - if (httpWrite2(HTTP(con), buf, bytes) < 0) + if (bytes > 0) { - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdWriteClient: %d Write of %d bytes failed!", - con->http.fd, bytes); + if (httpWrite2(HTTP(con), buf, bytes) < 0) + { + cupsdLogMessage(CUPSD_LOG_DEBUG2, + "cupsdWriteClient: %d Write of %d bytes failed!", + con->http.fd, bytes); - cupsdCloseClient(con); - return (0); - } + cupsdCloseClient(con); + return (0); + } - con->bytes += bytes; + con->bytes += bytes; - if (con->http.state == HTTP_WAITING) - bytes = 0; + if (con->http.state == HTTP_WAITING) + bytes = 0; + } } if (bytes <= 0) @@ -3247,6 +3295,148 @@ is_path_absolute(const char *path) /* I - Input path */ } +#ifdef HAVE_GNUTLS +/* + * 'make_certificate()' - Make a self-signed SSL/TLS certificate. + */ + +static void +make_certificate(void) +{ + gnutls_x509_crt crt; /* Self-signed certificate */ + gnutls_x509_privkey key; /* Encryption key */ + cups_lang_t *language; /* Default language info */ + cups_file_t *fp; /* Key/cert file */ + unsigned char buffer[8192]; /* Buffer for x509 data */ + size_t bytes; /* Number of bytes of data */ + unsigned char serial[4]; /* Serial number buffer */ + time_t curtime; /* Current time */ + int result; /* Result of GNU TLS calls */ + + + /* + * Create the encryption key... + */ + + cupsdLogMessage(CUPSD_LOG_INFO, "Generating server key..."); + + gnutls_x509_privkey_init(&key); + gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, 2048, 0); + + /* + * Save it... + */ + + bytes = sizeof(buffer); + + if ((result = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, + buffer, &bytes)) < 0) + { + cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to export server key - %s", + gnutls_strerror(result)); + gnutls_x509_privkey_deinit(key); + return; + } + else if ((fp = cupsFileOpen(ServerKey, "w")) != NULL) + { + cupsFileWrite(fp, (char *)buffer, bytes); + cupsFileClose(fp); + + cupsdLogMessage(CUPSD_LOG_INFO, "Created server key file \"%s\"...", + ServerKey); + } + else + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "Unable to create server key file \"%s\" - %s", + ServerKey, strerror(errno)); + gnutls_x509_privkey_deinit(key); + return; + } + + /* + * Create the self-signed certificate... + */ + + cupsdLogMessage(CUPSD_LOG_INFO, "Generating self-signed certificate..."); + + language = cupsLangDefault(); + curtime = time(NULL); + serial[0] = curtime >> 24; + serial[1] = curtime >> 16; + serial[2] = curtime >> 8; + serial[3] = curtime; + + gnutls_x509_crt_init(&crt); + if (strlen(language->language) == 5) + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0, + language->language + 3, 2); + else + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0, + "US", 2); + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0, + ServerName, strlen(ServerName)); + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, + ServerName, strlen(ServerName)); + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, + 0, "Unknown", 7); + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, + "Unknown", 7); + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_LOCALITY_NAME, 0, + "Unknown", 7); + gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_PKCS9_EMAIL, 0, + ServerAdmin, strlen(ServerAdmin)); + gnutls_x509_crt_set_key(crt, key); + gnutls_x509_crt_set_serial(crt, serial, sizeof(serial)); + gnutls_x509_crt_set_activation_time(crt, curtime); + gnutls_x509_crt_set_expiration_time(crt, curtime + 10 * 365 * 86400); + gnutls_x509_crt_set_ca_status(crt, 0); + gnutls_x509_crt_set_subject_alternative_name(crt, GNUTLS_SAN_DNSNAME, + ServerName); + gnutls_x509_crt_set_key_purpose_oid(crt, GNUTLS_KP_TLS_WWW_SERVER, 0); + gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_KEY_ENCIPHERMENT); + gnutls_x509_crt_set_version(crt, 3); + + bytes = sizeof(buffer); + if (gnutls_x509_crt_get_key_id(crt, 0, buffer, &bytes) >= 0) + gnutls_x509_crt_set_subject_key_id(crt, buffer, bytes); + + gnutls_x509_crt_sign(crt, crt, key); + + /* + * Save it... + */ + + bytes = sizeof(buffer); + if ((result = gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, + buffer, &bytes)) < 0) + cupsdLogMessage(CUPSD_LOG_ERROR, + "Unable to export server certificate - %s", + gnutls_strerror(result)); + else if ((fp = cupsFileOpen(ServerCertificate, "w")) != NULL) + { + cupsFileWrite(fp, (char *)buffer, bytes); + cupsFileClose(fp); + + cupsdLogMessage(CUPSD_LOG_INFO, + "Created 10-year server certificate file \"%s\"...", + ServerCertificate); + } + else + cupsdLogMessage(CUPSD_LOG_ERROR, + "Unable to create server certificate file \"%s\" - %s", + ServerCertificate, strerror(errno)); + + /* + * Cleanup... + */ + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); +} +#endif /* HAVE_GNUTLS */ + + /* * 'pipe_command()' - Pipe the output of a command to the remote client. */ @@ -3569,5 +3759,5 @@ pipe_command(cupsd_client_t *con, /* I - Client connection */ /* - * End of "$Id: client.c 5200 2006-02-28 00:10:32Z mike $". + * End of "$Id: client.c 5225 2006-03-04 12:28:10Z mike $". */ diff --git a/scheduler/conf.c b/scheduler/conf.c index cc8c782b4..ccb02579c 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -1,5 +1,5 @@ /* - * "$Id: conf.c 5167 2006-02-25 02:11:44Z mike $" + * "$Id: conf.c 5222 2006-03-03 18:57:56Z mike $" * * Configuration routines for the Common UNIX Printing System (CUPS). * @@ -152,7 +152,6 @@ static cupsd_var_t variables[] = { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING }, { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING }, { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING }, - { "RunAsUser", &RunAsUser, CUPSD_VARTYPE_BOOLEAN }, { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_INTEGER }, { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING }, { "ServerBin", &ServerBin, CUPSD_VARTYPE_STRING }, @@ -363,6 +362,9 @@ cupsdReadConfiguration(void) ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM; DefaultAuthType = AUTH_BASIC; +#ifdef HAVE_SSL + DefaultEncryption = HTTP_ENCRYPT_REQUIRED; +#endif /* HAVE_SSL */ JobRetryLimit = 5; JobRetryInterval = 300; FileDevice = FALSE; @@ -385,7 +387,6 @@ cupsdReadConfiguration(void) MaxRequestSize = 0; ReloadTimeout = 60; RootCertDuration = 300; - RunAsUser = FALSE; Timeout = DEFAULT_TIMEOUT; NumSystemGroups = 0; @@ -446,10 +447,7 @@ cupsdReadConfiguration(void) if (!status) return (0); - if (RunAsUser) - RunUser = User; - else - RunUser = getuid(); + RunUser = getuid(); /* * Use the default system group if none was supplied in cupsd.conf... @@ -2672,6 +2670,28 @@ read_configuration(cups_file_t *fp) /* I - File to read from */ return (0); } } +#ifdef HAVE_SSL + else if (!strcasecmp(line, "DefaultEncryption")) + { + /* + * DefaultEncryption {Never,IfRequested,Required} + */ + + if (!value || !strcasecmp(value, "never")) + DefaultEncryption = HTTP_ENCRYPT_NEVER; + else if (!strcasecmp(value, "required")) + DefaultEncryption = HTTP_ENCRYPT_REQUIRED; + else if (!strcasecmp(value, "ifrequested")) + DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED; + else + { + cupsdLogMessage(CUPSD_LOG_WARN, + "Unknown default encryption %s on line %d.", + value, linenum); + return (0); + } + } +#endif /* HAVE_SSL */ else if (!strcasecmp(line, "User")) { /* @@ -3217,5 +3237,5 @@ read_policy(cups_file_t *fp, /* I - Configuration file */ /* - * End of "$Id: conf.c 5167 2006-02-25 02:11:44Z mike $". + * End of "$Id: conf.c 5222 2006-03-03 18:57:56Z mike $". */ diff --git a/scheduler/conf.h b/scheduler/conf.h index ee151148c..7b6eea95c 100644 --- a/scheduler/conf.h +++ b/scheduler/conf.h @@ -1,5 +1,5 @@ /* - * "$Id: conf.h 5200 2006-02-28 00:10:32Z mike $" + * "$Id: conf.h 5216 2006-03-02 17:47:53Z mike $" * * Configuration file definitions for the Common UNIX Printing System (CUPS) * scheduler. @@ -160,8 +160,6 @@ VAR int ClassifyOverride VALUE(0), /* Timeout before reload from SIGHUP */ RootCertDuration VALUE(300), /* Root certificate update interval */ - RunAsUser VALUE(FALSE), - /* Run as unpriviledged user? */ RunUser, /* User to run as, used for files */ PrintcapFormat VALUE(PRINTCAP_BSD), /* Format of printcap file? */ @@ -212,5 +210,5 @@ extern int cupsdLogPage(cupsd_job_t *job, const char *page); /* - * End of "$Id: conf.h 5200 2006-02-28 00:10:32Z mike $". + * End of "$Id: conf.h 5216 2006-03-02 17:47:53Z mike $". */ diff --git a/scheduler/cups-lpd.c b/scheduler/cups-lpd.c index eda350c52..e5b546050 100644 --- a/scheduler/cups-lpd.c +++ b/scheduler/cups-lpd.c @@ -1,5 +1,5 @@ /* - * "$Id: cups-lpd.c 5196 2006-02-27 21:23:00Z mike $" + * "$Id: cups-lpd.c 5204 2006-02-28 20:32:43Z mike $" * * Line Printer Daemon interface for the Common UNIX Printing System (CUPS). * @@ -732,8 +732,6 @@ get_printer(http_t *http, /* I - HTTP connection */ CFRelease(plist); } - - CFRelease(prefsok); } CFRelease(prefsurl); @@ -1708,5 +1706,5 @@ smart_gets(char *s, /* I - Pointer to line buffer */ /* - * End of "$Id: cups-lpd.c 5196 2006-02-27 21:23:00Z mike $". + * End of "$Id: cups-lpd.c 5204 2006-02-28 20:32:43Z mike $". */ diff --git a/scheduler/dirsvc.c b/scheduler/dirsvc.c index f4c72b9ec..9cb76dfd4 100644 --- a/scheduler/dirsvc.c +++ b/scheduler/dirsvc.c @@ -1,5 +1,5 @@ /* - * "$Id: dirsvc.c 5178 2006-02-26 00:24:23Z mike $" + * "$Id: dirsvc.c 5223 2006-03-04 01:10:17Z mike $" * * Directory services routines for the Common UNIX Printing System (CUPS). * @@ -641,10 +641,11 @@ cupsdSendBrowseDelete( cupsd_printer_t *p) /* I - Printer to delete */ { /* - * Only announce if browsing is enabled... + * Only announce if browsing is enabled and this is a local queue... */ - if (!Browsing || !p->shared) + if (!Browsing || !p->shared || + (p->type & (CUPS_PRINTER_REMOTE | CUPS_PRINTER_IMPLICIT))) return; /* @@ -843,8 +844,8 @@ cupsdSendCUPSBrowse(cupsd_printer_t *p) /* I - Printer to send */ * printer-make-and-model attributes... */ - dequote(location, p->location, sizeof(p->location)); - dequote(info, p->info, sizeof(p->info)); + dequote(location, p->location, sizeof(location)); + dequote(info, p->info, sizeof(info)); dequote(make_model, p->make_model ? p->make_model : "Unknown", sizeof(make_model)); @@ -3110,5 +3111,5 @@ slp_url_callback( /* - * End of "$Id: dirsvc.c 5178 2006-02-26 00:24:23Z mike $". + * End of "$Id: dirsvc.c 5223 2006-03-04 01:10:17Z mike $". */ diff --git a/scheduler/main.c b/scheduler/main.c index 018fba69a..b0b581cde 100644 --- a/scheduler/main.c +++ b/scheduler/main.c @@ -1,5 +1,5 @@ /* - * "$Id: main.c 5157 2006-02-23 20:58:57Z mike $" + * "$Id: main.c 5216 2006-03-02 17:47:53Z mike $" * * Scheduler main loop for the Common UNIX Printing System (CUPS). * @@ -428,11 +428,7 @@ main(int argc, /* I - Number of command-line args */ */ #ifdef HAVE_SIGSET /* Use System V signals over POSIX to avoid bugs */ - if (RunAsUser) - sigset(SIGHUP, sigterm_handler); - else - sigset(SIGHUP, sighup_handler); - + sigset(SIGHUP, sighup_handler); sigset(SIGPIPE, SIG_IGN); sigset(SIGTERM, sigterm_handler); #elif defined(HAVE_SIGACTION) @@ -440,12 +436,7 @@ main(int argc, /* I - Number of command-line args */ sigemptyset(&action.sa_mask); sigaddset(&action.sa_mask, SIGHUP); - - if (RunAsUser) - action.sa_handler = sigterm_handler; - else - action.sa_handler = sighup_handler; - + action.sa_handler = sighup_handler; sigaction(SIGHUP, &action, NULL); sigemptyset(&action.sa_mask); @@ -458,11 +449,7 @@ main(int argc, /* I - Number of command-line args */ action.sa_handler = sigterm_handler; sigaction(SIGTERM, &action, NULL); #else - if (RunAsUser) - signal(SIGHUP, sigterm_handler); - else - signal(SIGHUP, sighup_handler); - + signal(SIGHUP, sighup_handler); signal(SIGPIPE, SIG_IGN); signal(SIGTERM, sigterm_handler); #endif /* HAVE_SIGSET */ @@ -521,18 +508,6 @@ main(int argc, /* I - Number of command-line args */ cupsdStartSystemMonitor(); /* - * If the administrator has configured the server to run as an unpriviledged - * user, change to that user now... - */ - - if (RunAsUser) - { - setgid(Group); - setgroups(1, &Group); - setuid(User); - } - - /* * Catch signals... */ @@ -2338,5 +2313,5 @@ usage(int status) /* O - Exit status */ /* - * End of "$Id: main.c 5157 2006-02-23 20:58:57Z mike $". + * End of "$Id: main.c 5216 2006-03-02 17:47:53Z mike $". */ |