commit
a4f9fd8cf4
@ -0,0 +1,2 @@
|
|||||||
|
23108e0f6ca7d8caa1a6a6224f5322e21ba0a27d SOURCES/cups-2.3.3op2-source.tar.gz
|
||||||
|
79ee155bed4c18088be472a6e364f37ad6e410a6 SOURCES/cupsprinter.png
|
@ -0,0 +1,2 @@
|
|||||||
|
SOURCES/cups-2.3.3op2-source.tar.gz
|
||||||
|
SOURCES/cupsprinter.png
|
@ -0,0 +1,33 @@
|
|||||||
|
diff -up cups-2.3.3op2/conf/cupsd.conf.in.idleexittimeout cups-2.3.3op2/conf/cupsd.conf.in
|
||||||
|
--- cups-2.3.3op2/conf/cupsd.conf.in.idleexittimeout 2021-02-01 22:10:25.000000000 +0100
|
||||||
|
+++ cups-2.3.3op2/conf/cupsd.conf.in 2021-11-29 11:37:02.426407322 +0100
|
||||||
|
@@ -28,6 +28,9 @@ DefaultAuthType Basic
|
||||||
|
# Web interface setting...
|
||||||
|
WebInterface @CUPS_WEBIF@
|
||||||
|
|
||||||
|
+# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
|
||||||
|
+IdleExitTimeout @EXIT_TIMEOUT@
|
||||||
|
+
|
||||||
|
# Restrict access to the server...
|
||||||
|
<Location />
|
||||||
|
Order allow,deny
|
||||||
|
diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.idleexittimeout cups-2.3.3op2/config-scripts/cups-defaults.m4
|
||||||
|
--- cups-2.3.3op2/config-scripts/cups-defaults.m4.idleexittimeout 2021-11-29 11:37:02.426407322 +0100
|
||||||
|
+++ cups-2.3.3op2/config-scripts/cups-defaults.m4 2021-11-29 11:39:16.629262421 +0100
|
||||||
|
@@ -461,3 +461,16 @@ esac
|
||||||
|
|
||||||
|
AC_SUBST(CUPS_WEBIF)
|
||||||
|
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_WEBIF, $CUPS_DEFAULT_WEBIF)
|
||||||
|
+
|
||||||
|
+dnl Set default value of IdleExitTimeout
|
||||||
|
+AC_ARG_WITH([idle_exit_timeout], AS_HELP_STRING([--with-idle-exit-timeout], [set the default value for IdleExitTimeout, default=60]), [
|
||||||
|
+ AS_IF([test "x$withval" = "xno"], [
|
||||||
|
+ EXIT_TIMEOUT=0
|
||||||
|
+ ], [
|
||||||
|
+ EXIT_TIMEOUT=$withval
|
||||||
|
+ ])
|
||||||
|
+], [
|
||||||
|
+ EXIT_TIMEOUT=60
|
||||||
|
+])
|
||||||
|
+
|
||||||
|
+AC_SUBST([EXIT_TIMEOUT])
|
@ -0,0 +1,33 @@
|
|||||||
|
diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec cups-2.3.3op2/config-scripts/cups-defaults.m4
|
||||||
|
--- cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec 2021-11-29 13:50:14.568976028 +0100
|
||||||
|
+++ cups-2.3.3op2/config-scripts/cups-defaults.m4 2021-11-29 13:51:02.785567762 +0100
|
||||||
|
@@ -482,3 +482,18 @@ AC_ARG_WITH([idle_exit_timeout], AS_HELP
|
||||||
|
])
|
||||||
|
|
||||||
|
AC_SUBST([EXIT_TIMEOUT])
|
||||||
|
+
|
||||||
|
+dnl set TimeoutStartSec for cups.service
|
||||||
|
+dnl - if used as --without-*, it sets TimeoutStartSec to infinity
|
||||||
|
+AC_ARG_WITH([systemd-timeoutstartsec],
|
||||||
|
+ AS_HELP_STRING([--with-systemd-timeoutstartsec],
|
||||||
|
+ [set TimeoutStartSec value in cups.service, default=default value in systemd]), [
|
||||||
|
+ AS_IF([ test "x$withval" = "xno" ], [
|
||||||
|
+ TIMEOUTSTARTSEC="TimeoutStartSec=infinity"
|
||||||
|
+ ], [
|
||||||
|
+ TIMEOUTSTARTSEC="TimeoutStartSec=$withval"
|
||||||
|
+ ])
|
||||||
|
+], [
|
||||||
|
+ TIMEOUTSTARTSEC=""
|
||||||
|
+])
|
||||||
|
+AC_SUBST([TIMEOUTSTARTSEC])
|
||||||
|
diff -up cups-2.3.3op2/scheduler/cups.service.in.conf-timeoutstartsec cups-2.3.3op2/scheduler/cups.service.in
|
||||||
|
--- cups-2.3.3op2/scheduler/cups.service.in.conf-timeoutstartsec 2021-11-29 13:50:14.551976172 +0100
|
||||||
|
+++ cups-2.3.3op2/scheduler/cups.service.in 2021-11-29 13:50:14.568976028 +0100
|
||||||
|
@@ -8,6 +8,7 @@ Requires=cups.socket
|
||||||
|
ExecStart=@sbindir@/cupsd -l
|
||||||
|
Type=notify
|
||||||
|
Restart=on-failure
|
||||||
|
+@TIMEOUTSTARTSEC@
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
Also=cups.socket cups.path
|
@ -0,0 +1,21 @@
|
|||||||
|
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
|
||||||
|
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
|
||||||
|
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
|
||||||
|
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
|
||||||
|
|
||||||
|
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
|
||||||
|
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
|
||||||
|
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
|
||||||
|
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
|
||||||
|
|
||||||
|
if (lport < 721 && reserve == RESERVE_RFC1179)
|
||||||
|
lport = 731;
|
||||||
|
- else if (lport < 1)
|
||||||
|
+ else if (lport < 512)
|
||||||
|
lport = 1023;
|
||||||
|
|
||||||
|
#ifdef HAVE_GETEUID
|
@ -0,0 +1,64 @@
|
|||||||
|
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rose <83477269+AtariDreams@users.noreply.github.com>
|
||||||
|
Date: Thu, 1 Jun 2023 11:33:39 -0400
|
||||||
|
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
|
||||||
|
|
||||||
|
httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
|
||||||
|
|
||||||
|
We have to log the hostname first.
|
||||||
|
---
|
||||||
|
scheduler/client.c | 16 +++++++---------
|
||||||
|
1 file changed, 7 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/scheduler/client.c b/scheduler/client.c
|
||||||
|
index 91e441188..327473a4d 100644
|
||||||
|
--- a/scheduler/client.c
|
||||||
|
+++ b/scheduler/client.c
|
||||||
|
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
|
||||||
|
/*
|
||||||
|
* Can't have an unresolved IP address with double-lookups enabled...
|
||||||
|
*/
|
||||||
|
-
|
||||||
|
- httpClose(con->http);
|
||||||
|
-
|
||||||
|
cupsdLogClient(con, CUPSD_LOG_WARN,
|
||||||
|
- "Name lookup failed - connection from %s closed!",
|
||||||
|
+ "Name lookup failed - closing connection from %s!",
|
||||||
|
httpGetHostname(con->http, NULL, 0));
|
||||||
|
|
||||||
|
+ httpClose(con->http);
|
||||||
|
free(con);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
|
||||||
|
* with double-lookups enabled...
|
||||||
|
*/
|
||||||
|
|
||||||
|
- httpClose(con->http);
|
||||||
|
-
|
||||||
|
cupsdLogClient(con, CUPSD_LOG_WARN,
|
||||||
|
- "IP lookup failed - connection from %s closed!",
|
||||||
|
+ "IP lookup failed - closing connection from %s!",
|
||||||
|
httpGetHostname(con->http, NULL, 0));
|
||||||
|
+
|
||||||
|
+ httpClose(con->http);
|
||||||
|
free(con);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
|
||||||
|
|
||||||
|
if (!hosts_access(&wrap_req))
|
||||||
|
{
|
||||||
|
- httpClose(con->http);
|
||||||
|
-
|
||||||
|
cupsdLogClient(con, CUPSD_LOG_WARN,
|
||||||
|
"Connection from %s refused by /etc/hosts.allow and "
|
||||||
|
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
|
||||||
|
+
|
||||||
|
+ httpClose(con->http);
|
||||||
|
free(con);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael R Sweet <michael.r.sweet@gmail.com>
|
||||||
|
Date: Tue, 6 Dec 2022 09:04:01 -0500
|
||||||
|
Subject: [PATCH] Require authentication for CUPS-Get-Document.
|
||||||
|
|
||||||
|
---
|
||||||
|
conf/cupsd.conf.in | 8 +++++++-
|
||||||
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
|
||||||
|
index b25884907..a07536f3e 100644
|
||||||
|
--- a/conf/cupsd.conf.in
|
||||||
|
+++ b/conf/cupsd.conf.in
|
||||||
|
@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
|
||||||
|
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
|
||||||
|
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
|
||||||
|
+ Require user @OWNER @SYSTEM
|
||||||
|
+ Order deny,allow
|
||||||
|
+ </Limit>
|
||||||
|
+
|
||||||
|
+ <Limit CUPS-Get-Document>
|
||||||
|
+ AuthType Default
|
||||||
|
Require user @OWNER @SYSTEM
|
||||||
|
Order deny,allow
|
||||||
|
</Limit>
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bryan Mason <bmason@redhat.com>
|
||||||
|
Date: Tue, 27 Jun 2023 04:18:46 -0700
|
||||||
|
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
|
||||||
|
single job (#742)
|
||||||
|
|
||||||
|
The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
|
||||||
|
operation; however, the correct attribute to use for Cancel-job is
|
||||||
|
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
|
||||||
|
files are not removed from /var/spool/cups when "cancel -x <job>" is
|
||||||
|
executed.
|
||||||
|
|
||||||
|
This patch resolves the issue by adding "purge-job" when the IPP
|
||||||
|
operation is Cancel-Job and "purge-jobs" for other IPP operations
|
||||||
|
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
|
||||||
|
---
|
||||||
|
systemv/cancel.c | 8 +++++++-
|
||||||
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/systemv/cancel.c b/systemv/cancel.c
|
||||||
|
index 572f413e1..f5b8e12b5 100644
|
||||||
|
--- a/systemv/cancel.c
|
||||||
|
+++ b/systemv/cancel.c
|
||||||
|
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
|
||||||
|
* attributes-natural-language
|
||||||
|
* printer-uri + job-id *or* job-uri
|
||||||
|
* [requesting-user-name]
|
||||||
|
+ * [purge-job] or [purge-jobs]
|
||||||
|
*/
|
||||||
|
|
||||||
|
request = ippNewRequest(op);
|
||||||
|
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
|
||||||
|
"requesting-user-name", NULL, cupsUser());
|
||||||
|
|
||||||
|
if (purge)
|
||||||
|
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
|
||||||
|
+ {
|
||||||
|
+ if (op == IPP_CANCEL_JOB)
|
||||||
|
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
|
||||||
|
+ else
|
||||||
|
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Do the request and get back a response...
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/cgi-bin/ipp-var.c b/cgi-bin/ipp-var.c
|
||||||
|
index 92f1501..7edc058 100644
|
||||||
|
--- a/cgi-bin/ipp-var.c
|
||||||
|
+++ b/cgi-bin/ipp-var.c
|
||||||
|
@@ -275,10 +275,7 @@ cgiMoveJobs(http_t *http, /* I - Connection to server */
|
||||||
|
*/
|
||||||
|
|
||||||
|
if ((user = getenv("REMOTE_USER")) == NULL)
|
||||||
|
- {
|
||||||
|
- puts("Status: 401\n");
|
||||||
|
- exit(0);
|
||||||
|
- }
|
||||||
|
+ user = "guest";
|
||||||
|
|
||||||
|
/*
|
||||||
|
* See if the user has already selected a new destination...
|
@ -0,0 +1,35 @@
|
|||||||
|
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
|
||||||
|
Date: Wed, 1 Mar 2023 13:46:28 +0100
|
||||||
|
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
|
||||||
|
#308)
|
||||||
|
|
||||||
|
Use a listen queue size of INT_MAX, which should default to the maximum
|
||||||
|
supported queue size on the system.
|
||||||
|
|
||||||
|
This avoids the problem of the listening backlog queue getting full when
|
||||||
|
there are too many requests at the same time. The problem was observed
|
||||||
|
with the previous backlog size (128) by customers when submitting large
|
||||||
|
batches of print jobs, resulting in some jobs getting lost.
|
||||||
|
|
||||||
|
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
|
||||||
|
---
|
||||||
|
cups/http-addr.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/cups/http-addr.c b/cups/http-addr.c
|
||||||
|
index a61ee0449..6aeeb8074 100644
|
||||||
|
--- a/cups/http-addr.c
|
||||||
|
+++ b/cups/http-addr.c
|
||||||
|
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
|
||||||
|
* Listen...
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if (listen(fd, 128))
|
||||||
|
+ if (listen(fd, INT_MAX))
|
||||||
|
{
|
||||||
|
_cupsSetHTTPError(HTTP_STATUS_ERROR);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,53 @@
|
|||||||
|
From d9924186325c89aefa56e36258f56f246dd2c4ad Mon Sep 17 00:00:00 2001
|
||||||
|
From: Richard Lescak <rlescak@redhat.com>
|
||||||
|
Date: Tue, 11 Jan 2022 10:53:34 +0100
|
||||||
|
Subject: [PATCH] cups/http.c,encode.c: Fix memory leaks
|
||||||
|
|
||||||
|
---
|
||||||
|
CHANGES.md | 3 ++-
|
||||||
|
cups/encode.c | 1 +
|
||||||
|
cups/http.c | 1 +
|
||||||
|
3 files changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/cups/encode.c b/cups/encode.c
|
||||||
|
index 5bcbf6fe5..15b1c6b40 100644
|
||||||
|
--- a/cups/encode.c
|
||||||
|
+++ b/cups/encode.c
|
||||||
|
@@ -655,6 +655,7 @@ _cupsEncodeOption(
|
||||||
|
ippSetCollection(ipp, &attr, i, collection);
|
||||||
|
cupsEncodeOptions2(collection, num_cols, cols, IPP_TAG_JOB);
|
||||||
|
cupsFreeOptions(num_cols, cols);
|
||||||
|
+ ippDelete(collection);
|
||||||
|
break;
|
||||||
|
|
||||||
|
default :
|
||||||
|
diff --git a/cups/http.c b/cups/http.c
|
||||||
|
index bd41e6f8e..4b6a24bd3 100644
|
||||||
|
--- a/cups/http.c
|
||||||
|
+++ b/cups/http.c
|
||||||
|
@@ -4624,6 +4624,7 @@ http_tls_upgrade(http_t *http) /* I - HTTP connection */
|
||||||
|
* Restore the HTTP request data...
|
||||||
|
*/
|
||||||
|
|
||||||
|
+ httpClearFields(http);
|
||||||
|
memcpy(http->_fields, myhttp._fields, sizeof(http->_fields));
|
||||||
|
memcpy(http->fields, myhttp.fields, sizeof(http->fields));
|
||||||
|
|
||||||
|
diff --git a/cups/ppd.c b/cups/ppd.c
|
||||||
|
index 525df3592..54368ac4c 100644
|
||||||
|
--- a/cups/ppd.c
|
||||||
|
+++ b/cups/ppd.c
|
||||||
|
@@ -3430,12 +3430,12 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */
|
||||||
|
srctype[256],
|
||||||
|
dstsuper[16], /* Destination MIME media type */
|
||||||
|
dsttype[256],
|
||||||
|
- program[1024], /* Command to run */
|
||||||
|
*ptr, /* Pointer into command to run */
|
||||||
|
buffer[1024], /* Re-written cupsFilter value */
|
||||||
|
**filter; /* Current filter */
|
||||||
|
int cost; /* Cost of filter */
|
||||||
|
|
||||||
|
+ char program[1024] = { 0 }; /* Command to run */
|
||||||
|
|
||||||
|
DEBUG_printf(("4ppd_update_filters(ppd=%p, cg=%p)", ppd, pg));
|
||||||
|
|
@ -0,0 +1,55 @@
|
|||||||
|
From bdb1ca45454d90410031c4c2054005a995f76180 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||||
|
Date: Wed, 6 Apr 2022 15:04:45 +0200
|
||||||
|
Subject: [PATCH] cups/tls-gnutls.c: Use always GNUTLS_SHUT_WR
|
||||||
|
|
||||||
|
The current mode for `gnutls_bye()` in client use cases strictly
|
||||||
|
follows TLS v1.2 standard, which in this particular part says:
|
||||||
|
|
||||||
|
```
|
||||||
|
Unless some other fatal alert has been transmitted, each party is
|
||||||
|
required to send a close_notify alert before closing the write
|
||||||
|
side of the connection. The other party MUST respond with a
|
||||||
|
close_notify alert of its own and close down the connection immediately,
|
||||||
|
discarding any pending writes. It is not required for the initiator
|
||||||
|
of the close to wait for the responding close_notify alert before
|
||||||
|
closing the read side of the connection.
|
||||||
|
```
|
||||||
|
|
||||||
|
and waits for the other side of TLS connection to confirm the close.
|
||||||
|
|
||||||
|
Unfortunately it can undesired for reasons:
|
||||||
|
- we support switching of TLS versions in CUPS, and this mode strictly
|
||||||
|
follows TLS v1.2 - so for older version this behavior is not expected
|
||||||
|
and can cause delays
|
||||||
|
- even some TLS v1.2 implementations (like Windows Server 2016) don't
|
||||||
|
comply TLS v1.2 behavior even if it says it does - in that case,
|
||||||
|
encrypted printing takes 30s till HTTP timeout is reached, because the
|
||||||
|
other side didn't send confirmation
|
||||||
|
- AFAIU openssl's SSL_shutdown() doesn't make this TLS v1.2 difference,
|
||||||
|
so we could end up with two TLS implementations in CUPS which will
|
||||||
|
behave differently
|
||||||
|
|
||||||
|
Since the standard defines that waiting for confirmation is not required
|
||||||
|
and due the problems above, I would propose using GNUTLS_SHUT_WR mode
|
||||||
|
regardless of HTTP mode.
|
||||||
|
---
|
||||||
|
cups/tls-gnutls.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
|
||||||
|
index c55995b2b..f87b4f4df 100644
|
||||||
|
--- a/cups/tls-gnutls.c
|
||||||
|
+++ b/cups/tls-gnutls.c
|
||||||
|
@@ -1667,7 +1667,7 @@ _httpTLSStop(http_t *http) /* I - Connection to server */
|
||||||
|
int error; /* Error code */
|
||||||
|
|
||||||
|
|
||||||
|
- error = gnutls_bye(http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
|
||||||
|
+ error = gnutls_bye(http->tls, GNUTLS_SHUT_WR);
|
||||||
|
if (error != GNUTLS_E_SUCCESS)
|
||||||
|
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(errno), 0);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||||
|
Date: Thu, 26 May 2022 06:27:04 +0200
|
||||||
|
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
|
||||||
|
CVE-2022-26691)
|
||||||
|
|
||||||
|
The previous algorithm didn't expect the strings can have a different
|
||||||
|
length, so one string can be a substring of the other and such substring
|
||||||
|
was reported as equal to the longer string.
|
||||||
|
---
|
||||||
|
CHANGES.md | 1 +
|
||||||
|
scheduler/cert.c | 9 ++++++++-
|
||||||
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/scheduler/cert.c b/scheduler/cert.c
|
||||||
|
index b268bf1b2..9b65b96c9 100644
|
||||||
|
--- a/scheduler/cert.c
|
||||||
|
+++ b/scheduler/cert.c
|
||||||
|
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
|
||||||
|
b ++;
|
||||||
|
}
|
||||||
|
|
||||||
|
- return (result);
|
||||||
|
+ /*
|
||||||
|
+ * The while loop finishes when *a == '\0' or *b == '\0'
|
||||||
|
+ * so after the while loop either both *a and *b == '\0',
|
||||||
|
+ * or one points inside a string, so when we apply bitwise OR on *a,
|
||||||
|
+ * *b and result, we get a non-zero return value if the compared strings don't match.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ return (result | *a | *b);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.36.1
|
||||||
|
|
@ -0,0 +1,38 @@
|
|||||||
|
From 08e9b6e1f8497a8159d6bd7cd6dc96ae79a2e704 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bryan Mason <bmason@redhat.com>
|
||||||
|
Date: Thu, 15 Jul 2021 16:26:27 -0700
|
||||||
|
Subject: [PATCH] scheduler/job.c: use gziptoany for raw files (not just raw
|
||||||
|
printers)
|
||||||
|
|
||||||
|
---
|
||||||
|
scheduler/job.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/scheduler/job.c b/scheduler/job.c
|
||||||
|
index d8c2efcc6..b448acda5 100644
|
||||||
|
--- a/scheduler/job.c
|
||||||
|
+++ b/scheduler/job.c
|
||||||
|
@@ -501,6 +501,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
|
||||||
|
int backroot; /* Run backend as root? */
|
||||||
|
int pid; /* Process ID of new filter process */
|
||||||
|
int banner_page; /* 1 if banner page, 0 otherwise */
|
||||||
|
+ int raw_file; /* 1 if file type is vnd.cups-raw */
|
||||||
|
int filterfds[2][2] = { { -1, -1 }, { -1, -1 } };
|
||||||
|
/* Pipes used between filters */
|
||||||
|
int envc; /* Number of environment variables */
|
||||||
|
@@ -746,8 +747,11 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
|
||||||
|
* Add decompression/raw filter as needed...
|
||||||
|
*/
|
||||||
|
|
||||||
|
+ raw_file = !strcmp(job->filetypes[job->current_file]->super, "application") &&
|
||||||
|
+ !strcmp(job->filetypes[job->current_file]->type, "vnd.cups-raw");
|
||||||
|
+
|
||||||
|
if ((job->compressions[job->current_file] && (!job->printer->remote || job->num_files == 1)) ||
|
||||||
|
- (!job->printer->remote && job->printer->raw && job->num_files > 1))
|
||||||
|
+ (!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Add gziptoany filter to the front of the list...
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -up cups-1.5b1/scheduler/banners.c.banners cups-1.5b1/scheduler/banners.c
|
||||||
|
--- cups-1.5b1/scheduler/banners.c.banners 2011-05-20 05:49:49.000000000 +0200
|
||||||
|
+++ cups-1.5b1/scheduler/banners.c 2011-05-23 17:35:30.000000000 +0200
|
||||||
|
@@ -110,6 +110,8 @@ cupsdLoadBanners(const char *d) /* I -
|
||||||
|
if ((ext = strrchr(dent->filename, '.')) != NULL)
|
||||||
|
if (!strcmp(ext, ".bck") ||
|
||||||
|
!strcmp(ext, ".bak") ||
|
||||||
|
+ !strcmp(ext, ".rpmnew") ||
|
||||||
|
+ !strcmp(ext, ".rpmsave") ||
|
||||||
|
!strcmp(ext, ".sav"))
|
||||||
|
continue;
|
||||||
|
|
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/scheduler/main.c b/scheduler/main.c
|
||||||
|
index e1fa357..53ca94a 100644
|
||||||
|
--- a/scheduler/main.c
|
||||||
|
+++ b/scheduler/main.c
|
||||||
|
@@ -1760,6 +1760,11 @@ select_timeout(int fds) /* I - Number of descriptors returned */
|
||||||
|
/*
|
||||||
|
* Check for any job activity...
|
||||||
|
*/
|
||||||
|
+ if (JobHistoryUpdate && timeout > JobHistoryUpdate)
|
||||||
|
+ {
|
||||||
|
+ timeout = JobHistoryUpdate;
|
||||||
|
+ why = "update job history";
|
||||||
|
+ }
|
||||||
|
|
||||||
|
for (job = (cupsd_job_t *)cupsArrayFirst(ActiveJobs);
|
||||||
|
job;
|
@ -0,0 +1,177 @@
|
|||||||
|
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
|
||||||
|
index 02b9d9d..669cb65 100644
|
||||||
|
--- a/cgi-bin/admin.c
|
||||||
|
+++ b/cgi-bin/admin.c
|
||||||
|
@@ -619,6 +619,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */
|
||||||
|
*oldinfo; /* Old printer information */
|
||||||
|
const cgi_file_t *file; /* Uploaded file, if any */
|
||||||
|
const char *var; /* CGI variable */
|
||||||
|
+ char *ppd_name = NULL; /* Pointer to PPD name */
|
||||||
|
char uri[HTTP_MAX_URI], /* Device or printer URI */
|
||||||
|
*uriptr, /* Pointer into URI */
|
||||||
|
evefile[1024] = ""; /* IPP Everywhere PPD file */
|
||||||
|
@@ -1124,12 +1125,12 @@ do_am_printer(http_t *http, /* I - HTTP connection */
|
||||||
|
|
||||||
|
if (!file)
|
||||||
|
{
|
||||||
|
- var = cgiGetVariable("PPD_NAME");
|
||||||
|
- if (!strcmp(var, "everywhere"))
|
||||||
|
+ ppd_name = cgiGetVariable("PPD_NAME");
|
||||||
|
+ if (!strcmp(ppd_name, "everywhere"))
|
||||||
|
get_printer_ppd(cgiGetVariable("DEVICE_URI"), evefile, sizeof(evefile));
|
||||||
|
- else if (strcmp(var, "__no_change__"))
|
||||||
|
+ else if (strcmp(ppd_name, "__no_change__"))
|
||||||
|
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "ppd-name",
|
||||||
|
- NULL, var);
|
||||||
|
+ NULL, ppd_name);
|
||||||
|
}
|
||||||
|
|
||||||
|
ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-location",
|
||||||
|
@@ -1219,7 +1220,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */
|
||||||
|
|
||||||
|
cgiCopyTemplateLang("printer-modified.tmpl");
|
||||||
|
}
|
||||||
|
- else
|
||||||
|
+ else if (ppd_name && (strcmp(ppd_name, "everywhere") == 0 || strstr(ppd_name, "driverless")))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Set the printer options...
|
||||||
|
@@ -1229,6 +1230,16 @@ do_am_printer(http_t *http, /* I - HTTP connection */
|
||||||
|
do_set_options(http, 0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * If we don't have an everywhere model, show printer-added
|
||||||
|
+ * template with warning about drivers going away...
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ cgiStartHTML(title);
|
||||||
|
+ cgiCopyTemplateLang("printer-added.tmpl");
|
||||||
|
+ }
|
||||||
|
|
||||||
|
cgiEndHTML();
|
||||||
|
}
|
||||||
|
diff --git a/scheduler/printers.c b/scheduler/printers.c
|
||||||
|
index 3bfe4a8..248bdba 100644
|
||||||
|
--- a/scheduler/printers.c
|
||||||
|
+++ b/scheduler/printers.c
|
||||||
|
@@ -950,6 +950,8 @@ cupsdLoadAllPrinters(void)
|
||||||
|
*value, /* Pointer to value */
|
||||||
|
*valueptr; /* Pointer into value */
|
||||||
|
cupsd_printer_t *p; /* Current printer */
|
||||||
|
+ int found_raw = 0; /* Flag whether raw queue is installed */
|
||||||
|
+ int found_driver = 0; /* Flag whether queue with classic driver is installed */
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -1025,6 +1027,30 @@ cupsdLoadAllPrinters(void)
|
||||||
|
|
||||||
|
cupsdSetPrinterAttrs(p);
|
||||||
|
|
||||||
|
+ if ((p->device_uri && strncmp(p->device_uri, "ipp:", 4) && strncmp(p->device_uri, "ipps:", 5) && strncmp(p->device_uri, "implicitclass:", 14)) ||
|
||||||
|
+ !p->make_model ||
|
||||||
|
+ (p->make_model && strstr(p->make_model, "IPP Everywhere") == NULL && strstr(p->make_model, "driverless") == NULL))
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * Warn users about printer drivers and raw queues will be deprecated.
|
||||||
|
+ * It will warn users in the following scenarios:
|
||||||
|
+ * - the queue doesn't use ipp, ipps or implicitclass backend, which means
|
||||||
|
+ * it doesn't communicate via IPP and is raw or uses a driver for sure
|
||||||
|
+ * - the queue doesn't have make_model - it is raw
|
||||||
|
+ * - the queue uses a correct backend, but the model is not IPP Everywhere/driverless
|
||||||
|
+ */
|
||||||
|
+ if (!p->make_model)
|
||||||
|
+ {
|
||||||
|
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Queue %s is a raw queue, which is deprecated.", p->name);
|
||||||
|
+ found_raw = 1;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Queue %s uses a printer driver, which is deprecated.", p->name);
|
||||||
|
+ found_driver = 1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (strncmp(p->device_uri, "file:", 5) && p->state != IPP_PRINTER_STOPPED)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
@@ -1415,6 +1441,12 @@ cupsdLoadAllPrinters(void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (found_raw)
|
||||||
|
+ cupsdLogMessage(CUPSD_LOG_WARN, "Raw queues are deprecated and will stop working in a future version of CUPS. See https://github.com/OpenPrinting/cups/issues/103");
|
||||||
|
+
|
||||||
|
+ if (found_driver)
|
||||||
|
+ cupsdLogMessage(CUPSD_LOG_WARN, "Printer drivers are deprecated and will stop working in a future version of CUPS. See https://github.com/OpenPrinting/cups/issues/103");
|
||||||
|
+
|
||||||
|
cupsFileClose(fp);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
|
||||||
|
index ca6d386..daf24d5 100644
|
||||||
|
--- a/systemv/lpadmin.c
|
||||||
|
+++ b/systemv/lpadmin.c
|
||||||
|
@@ -632,7 +632,7 @@ main(int argc, /* I - Number of command-line arguments */
|
||||||
|
|
||||||
|
num_options = cupsRemoveOption("ppd-name", num_options, &options);
|
||||||
|
}
|
||||||
|
- else if (ppd_name || file)
|
||||||
|
+ else if ((ppd_name && strncmp(ppd_name, "driverless:", 11)) || file)
|
||||||
|
{
|
||||||
|
_cupsLangPuts(stderr, _("lpadmin: Printer drivers are deprecated and will stop working in a future version of CUPS."));
|
||||||
|
}
|
||||||
|
diff --git a/templates/choose-model.tmpl b/templates/choose-model.tmpl
|
||||||
|
index e916cf8..9c9b71f 100644
|
||||||
|
--- a/templates/choose-model.tmpl
|
||||||
|
+++ b/templates/choose-model.tmpl
|
||||||
|
@@ -39,7 +39,7 @@
|
||||||
|
<TD>
|
||||||
|
<SELECT NAME="PPD_NAME" SIZE="10">
|
||||||
|
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Current Driver - {current_make_and_model}</OPTION>:}
|
||||||
|
-{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model} - IPP Everywhere ™</OPTION>:}
|
||||||
|
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere ™</OPTION>:}
|
||||||
|
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
|
||||||
|
}</SELECT>
|
||||||
|
</TD>
|
||||||
|
diff --git a/templates/printer-added.tmpl b/templates/printer-added.tmpl
|
||||||
|
index 0ccf6d3..9ebc835 100644
|
||||||
|
--- a/templates/printer-added.tmpl
|
||||||
|
+++ b/templates/printer-added.tmpl
|
||||||
|
@@ -1,4 +1,15 @@
|
||||||
|
-<H2 CLASS="title">Add Printer</H2>
|
||||||
|
+<H2 CLASS="title">Add Printer {printer_name}</H2>
|
||||||
|
|
||||||
|
<P>Printer <A HREF="/printers/{printer_name}">{printer_name}</A> has been added
|
||||||
|
successfully.
|
||||||
|
+
|
||||||
|
+<blockquote>
|
||||||
|
+<b>Note:<b>Printer drivers and raw queues are deprecated and will stop working in a future version of CUPS.
|
||||||
|
+</blockquote>
|
||||||
|
+
|
||||||
|
+<FORM ACTION="admin/" METHOD="POST">
|
||||||
|
+<INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}">
|
||||||
|
+<INPUT TYPE="HIDDEN" NAME="OP" VALUE="set-printer-options">
|
||||||
|
+<INPUT TYPE="HIDDEN" NAME="printer_name" VALUE="{printer_name}">
|
||||||
|
+<INPUT TYPE="SUBMIT" VALUE="Set Printer Options">
|
||||||
|
+</FORM>
|
||||||
|
diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
|
||||||
|
index 4498a8c..8776874 100755
|
||||||
|
--- a/test/run-stp-tests.sh
|
||||||
|
+++ b/test/run-stp-tests.sh
|
||||||
|
@@ -1049,10 +1049,10 @@ fi
|
||||||
|
|
||||||
|
# Warning log messages
|
||||||
|
count=`$GREP '^W ' $BASE/log/error_log | $GREP -v CreateProfile | $GREP -v 'libusb error' | $GREP -v ColorManager | $GREP -v 'Avahi client failed' | wc -l | awk '{print $1}'`
|
||||||
|
-if test $count != 8; then
|
||||||
|
- echo "FAIL: $count warning messages, expected 8."
|
||||||
|
+if test $count != 9; then
|
||||||
|
+ echo "FAIL: $count warning messages, expected 9."
|
||||||
|
$GREP '^W ' $BASE/log/error_log
|
||||||
|
- echo " <p>FAIL: $count warning messages, expected 8.</p>" >>$strfile
|
||||||
|
+ echo " <p>FAIL: $count warning messages, expected 9.</p>" >>$strfile
|
||||||
|
echo " <pre>" >>$strfile
|
||||||
|
$GREP '^W ' $BASE/log/error_log | sed -e '1,$s/&/&/g' -e '1,$s/</</g' >>$strfile
|
||||||
|
echo " </pre>" >>$strfile
|
@ -0,0 +1,27 @@
|
|||||||
|
diff -up cups-1.5b1/backend/usb-unix.c.direct-usb cups-1.5b1/backend/usb-unix.c
|
||||||
|
--- cups-1.5b1/backend/usb-unix.c.direct-usb 2011-05-20 05:49:49.000000000 +0200
|
||||||
|
+++ cups-1.5b1/backend/usb-unix.c 2011-05-23 17:52:14.000000000 +0200
|
||||||
|
@@ -102,6 +102,9 @@ print_device(const char *uri, /* I - De
|
||||||
|
_cups_strncasecmp(hostname, "Minolta", 7);
|
||||||
|
#endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */
|
||||||
|
|
||||||
|
+ if (use_bc && !strncmp(uri, "usb:/dev/", 9))
|
||||||
|
+ use_bc = 0;
|
||||||
|
+
|
||||||
|
if ((device_fd = open_device(uri, &use_bc)) == -1)
|
||||||
|
{
|
||||||
|
if (getenv("CLASS") != NULL)
|
||||||
|
@@ -331,12 +334,7 @@ open_device(const char *uri, /* I - Dev
|
||||||
|
if (!strncmp(uri, "usb:/dev/", 9))
|
||||||
|
#ifdef __linux
|
||||||
|
{
|
||||||
|
- /*
|
||||||
|
- * Do not allow direct devices anymore...
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
- errno = ENODEV;
|
||||||
|
- return (-1);
|
||||||
|
+ return (open(uri + 4, O_RDWR | O_EXCL));
|
||||||
|
}
|
||||||
|
else if (!strncmp(uri, "usb://", 6))
|
||||||
|
{
|
@ -0,0 +1,21 @@
|
|||||||
|
diff -up cups-1.7b1/scheduler/ipp.c.driverd-timeout cups-1.7b1/scheduler/ipp.c
|
||||||
|
--- cups-1.7b1/scheduler/ipp.c.driverd-timeout 2013-04-19 12:24:43.003841810 +0200
|
||||||
|
+++ cups-1.7b1/scheduler/ipp.c 2013-04-19 12:24:43.204839107 +0200
|
||||||
|
@@ -4556,7 +4556,7 @@ copy_model(cupsd_client_t *con, /* I -
|
||||||
|
close(temppipe[1]);
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Wait up to 30 seconds for the PPD file to be copied...
|
||||||
|
+ * Wait up to 70 seconds for the PPD file to be copied...
|
||||||
|
*/
|
||||||
|
|
||||||
|
total = 0;
|
||||||
|
@@ -4576,7 +4576,7 @@ copy_model(cupsd_client_t *con, /* I -
|
||||||
|
FD_SET(temppipe[0], &input);
|
||||||
|
FD_SET(CGIPipes[0], &input);
|
||||||
|
|
||||||
|
- timeout.tv_sec = 30;
|
||||||
|
+ timeout.tv_sec = 70;
|
||||||
|
timeout.tv_usec = 0;
|
||||||
|
|
||||||
|
if ((i = select(maxfd, &input, NULL, NULL, &timeout)) < 0)
|
@ -0,0 +1,11 @@
|
|||||||
|
diff -up cups-2.3.1/ppdc/sample.drv.dymo-deviceid cups-2.3.1/ppdc/sample.drv
|
||||||
|
--- cups-2.3.1/ppdc/sample.drv.dymo-deviceid 2019-12-16 09:22:34.476492212 +0100
|
||||||
|
+++ cups-2.3.1/ppdc/sample.drv 2019-12-16 09:23:44.665003895 +0100
|
||||||
|
@@ -129,6 +129,7 @@ Version "2.3"
|
||||||
|
{
|
||||||
|
Manufacturer "DYMO"
|
||||||
|
ModelName "Label Printer"
|
||||||
|
+ Attribute "1284DeviceID" "" "MFG:DYMO;MDL:LabelWriter 400;"
|
||||||
|
Attribute NickName "" "DYMO Label Printer"
|
||||||
|
PCFileName "dymo.ppd"
|
||||||
|
DriverType label
|
@ -0,0 +1,876 @@
|
|||||||
|
diff -up cups-2.3.3/backend/failover.c.failover cups-2.3.3/backend/failover.c
|
||||||
|
--- cups-2.3.3/backend/failover.c.failover 2020-06-11 08:49:20.515264358 +0200
|
||||||
|
+++ cups-2.3.3/backend/failover.c 2020-06-11 08:49:20.515264358 +0200
|
||||||
|
@@ -0,0 +1,837 @@
|
||||||
|
+/*
|
||||||
|
+ * Failover Backend for the Common UNIX Printing System (CUPS).
|
||||||
|
+ *
|
||||||
|
+ * Copyright (c) 2014, Red Hat, Inc.
|
||||||
|
+ * All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
|
+ * modification, are permitted provided that the following conditions
|
||||||
|
+ * are met:
|
||||||
|
+ *
|
||||||
|
+ * * Redistributions of source code must retain the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer.
|
||||||
|
+ * * Redistributions in binary form must reproduce the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ * documentation and/or other materials provided with the distribution.
|
||||||
|
+ * * Neither the name of Red Hat, Inc. nor the names of its contributors
|
||||||
|
+ * may be used to endorse or promote products derived from this software
|
||||||
|
+ * without specific prior written permission.
|
||||||
|
+ *
|
||||||
|
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||||
|
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT,
|
||||||
|
+ * INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||||
|
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
|
||||||
|
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
|
||||||
|
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
||||||
|
+ * DAMAGE.
|
||||||
|
+ *
|
||||||
|
+ * Original version by Clark Hale, Red Hat, Inc.
|
||||||
|
+ *
|
||||||
|
+ * This backend presents a fake printer that will choose the first
|
||||||
|
+ * available printer from a list of IPP URIs.
|
||||||
|
+ *
|
||||||
|
+ * Option failover contains a comma separated list of IPP URIs. The
|
||||||
|
+ * URIs are attempted in-order.
|
||||||
|
+ *
|
||||||
|
+ * Option failover-retries contains an integer that indicates how many
|
||||||
|
+ * times to iterate through the failover list before completely
|
||||||
|
+ * failing.
|
||||||
|
+ *
|
||||||
|
+ * Contents:
|
||||||
|
+ * main() - Checks each printer in a failover list, and
|
||||||
|
+ * sends job data to the first available printer
|
||||||
|
+ * move_job() - Sends and IPP Move-Job request
|
||||||
|
+ * check_printer() - Checks a printer's attributes to see
|
||||||
|
+ * if it's enabled and accepting jobs
|
||||||
|
+ * read_config() - Read the backends configuration from
|
||||||
|
+ * options
|
||||||
|
+ * get_printer_attributes() - Sends an IPP Get-Attributes request to
|
||||||
|
+ * a URI
|
||||||
|
+ * sigterm_handler() - Handle SIGTERM that cancels the job
|
||||||
|
+ * password_cb() - Password call back used to disable password
|
||||||
|
+ * prompt
|
||||||
|
+ */
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <sys/wait.h>
|
||||||
|
+#include <cups/http-private.h>
|
||||||
|
+#include <cups/http.h>
|
||||||
|
+#include "backend-private.h"
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Return Values
|
||||||
|
+ */
|
||||||
|
+typedef enum fo_state_e
|
||||||
|
+{
|
||||||
|
+ FO_PRINTER_GOOD = 0,
|
||||||
|
+ FO_PRINTER_BAD,
|
||||||
|
+ FO_PRINTER_BUSY,
|
||||||
|
+ FO_AUTH_REQUIRED
|
||||||
|
+} fo_state_t;
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Constants
|
||||||
|
+ */
|
||||||
|
+#define FAILOVER_DEFAULT_RETRIES (3)
|
||||||
|
+#define FAILOVER_PASSWORD_RETRIES_MAX (3)
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Local Functions
|
||||||
|
+ */
|
||||||
|
+static int check_printer(const char *device_uri);
|
||||||
|
+static int read_config(cups_array_t *printer_array, int *retries,
|
||||||
|
+ const char *options);
|
||||||
|
+static int get_printer_attributes(const char *device_uri,
|
||||||
|
+ ipp_t **attributes);
|
||||||
|
+static int move_job(int jobid, const char *dest);
|
||||||
|
+static void sigterm_handler(int sig);
|
||||||
|
+static const char *password_cb(const char *);
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Global Variables
|
||||||
|
+ */
|
||||||
|
+static int job_canceled = 0; /* Job canceled */
|
||||||
|
+static char *password = NULL; /* password for device */
|
||||||
|
+static int password_retries = 0;
|
||||||
|
+static const char *auth_info_required = "none";
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * 'main()' - Checks each printer in a failover list, and
|
||||||
|
+ * sends job data to the first available printer
|
||||||
|
+ * Usage:
|
||||||
|
+ * printer-uri job-id user title copies options [file]
|
||||||
|
+ *
|
||||||
|
+ * The printer-uri option is not used, but it still required to fit
|
||||||
|
+ * to the backend(7) standards.
|
||||||
|
+ */
|
||||||
|
+int
|
||||||
|
+main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ const char *selected_uri = NULL; /* URI of selected printer */
|
||||||
|
+ const char *tmp_device_uri; /* Device URI to check */
|
||||||
|
+ cups_array_t *printer_array; /* Array of available printers */
|
||||||
|
+ int printer_count = 0; /* current printer array index */
|
||||||
|
+ int retry_max = 1; /* maximum retries before exit */
|
||||||
|
+ int retry_count = 0; /* current retry number */
|
||||||
|
+ int auth_failed_count = 0; /* auth failures per loop */
|
||||||
|
+ int rc = CUPS_BACKEND_OK;
|
||||||
|
+#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
|
||||||
|
+ struct sigaction action; /* Actions for POSIX signals */
|
||||||
|
+#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Check args
|
||||||
|
+ */
|
||||||
|
+ if (argc == 1)
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * print out discovery data
|
||||||
|
+ */
|
||||||
|
+ char *backendName;
|
||||||
|
+
|
||||||
|
+ if ((backendName = strrchr(argv[0], '/')) != NULL)
|
||||||
|
+ backendName++;
|
||||||
|
+ else
|
||||||
|
+ backendName = argv[0];
|
||||||
|
+
|
||||||
|
+ _cupsLangPrintf(stderr,"network %s \"Unknown\" \"%s (%s)\"\n",
|
||||||
|
+ backendName,
|
||||||
|
+ _cupsLangString(cupsLangDefault(), _("Failover Printer")),
|
||||||
|
+ backendName);
|
||||||
|
+
|
||||||
|
+ return (CUPS_BACKEND_OK);
|
||||||
|
+ }
|
||||||
|
+ else if (argc < 6)
|
||||||
|
+ {
|
||||||
|
+ _cupsLangPrintf(stderr,
|
||||||
|
+ _("Usage: %s job-id user title copies options [file]"),
|
||||||
|
+ argv[0]);
|
||||||
|
+ return (CUPS_BACKEND_STOP);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, "DEBUG: Failover backend starting up.\n");
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Don't buffer status messages
|
||||||
|
+ */
|
||||||
|
+ setbuf(stderr, NULL);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Ignore SIGPIPE and catch SIGTERM signals...
|
||||||
|
+ */
|
||||||
|
+#ifdef HAVE_SIGSET
|
||||||
|
+ sigset(SIGPIPE, SIG_IGN);
|
||||||
|
+ sigset(SIGTERM, sigterm_handler);
|
||||||
|
+#elif defined(HAVE_SIGACTION)
|
||||||
|
+ memset(&action, 0, sizeof(action));
|
||||||
|
+ action.sa_handler = SIG_IGN;
|
||||||
|
+ sigaction(SIGPIPE, &action, NULL);
|
||||||
|
+
|
||||||
|
+ sigemptyset(&action.sa_mask);
|
||||||
|
+ sigaddset(&action.sa_mask, SIGTERM);
|
||||||
|
+ action.sa_handler = sigterm_handler;
|
||||||
|
+ sigaction(SIGTERM, &action, NULL);
|
||||||
|
+#else
|
||||||
|
+ signal(SIGPIPE, SIG_IGN);
|
||||||
|
+ signal(SIGTERM, sigterm_handler);
|
||||||
|
+#endif /* HAVE_SIGSET */
|
||||||
|
+
|
||||||
|
+ printer_array = cupsArrayNew(NULL, NULL);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Read Configuration
|
||||||
|
+ */
|
||||||
|
+ if ((rc = read_config(printer_array, &retry_max,
|
||||||
|
+ argv[5])) != CUPS_BACKEND_OK)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "ERROR: Failed to read configuration options!\n");
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Main Retry Loop
|
||||||
|
+ */
|
||||||
|
+ for (retry_count = 0; retry_count < retry_max; retry_count++)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Retry loop #%d\n", retry_count + 1);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Reset Counters
|
||||||
|
+ */
|
||||||
|
+ printer_count = 0;
|
||||||
|
+ auth_failed_count = 0;
|
||||||
|
+
|
||||||
|
+ tmp_device_uri = (char *)cupsArrayFirst(printer_array);
|
||||||
|
+
|
||||||
|
+ do
|
||||||
|
+ {
|
||||||
|
+ if (job_canceled)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Job Canceled\n");
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ fprintf(stderr,"DEBUG: Checking printer #%d: %s\n",
|
||||||
|
+ printer_count+1, tmp_device_uri);
|
||||||
|
+
|
||||||
|
+ rc = check_printer(tmp_device_uri);
|
||||||
|
+
|
||||||
|
+ // Printer is available and not busy.
|
||||||
|
+ if ( rc == FO_PRINTER_GOOD )
|
||||||
|
+ {
|
||||||
|
+ selected_uri = tmp_device_uri;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ // Printer is busy
|
||||||
|
+ else if (rc == FO_PRINTER_BUSY)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Waiting for job to complete.\n");
|
||||||
|
+ sleep(2);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ // Authorization is required to access the printer.
|
||||||
|
+ else if (rc == FO_AUTH_REQUIRED)
|
||||||
|
+ {
|
||||||
|
+ auth_failed_count++;
|
||||||
|
+ fprintf(stderr, "DEBUG: auth_failed_count = %d\n", auth_failed_count);
|
||||||
|
+ }
|
||||||
|
+ // Printer is stopped or not accepting jobs
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ if (!printer_count)
|
||||||
|
+ fprintf(stderr, "INFO: Primary Printer, %s, not available. "
|
||||||
|
+ "Attempting Failovers...\n",
|
||||||
|
+ tmp_device_uri);
|
||||||
|
+ else
|
||||||
|
+ fprintf(stderr, "INFO: Failover Printer, %s, not available. "
|
||||||
|
+ "Attempting Failovers..\n",
|
||||||
|
+ tmp_device_uri);
|
||||||
|
+ printer_count++;
|
||||||
|
+ tmp_device_uri = (char *)cupsArrayNext(printer_array);
|
||||||
|
+ }
|
||||||
|
+ } while (tmp_device_uri != NULL);
|
||||||
|
+
|
||||||
|
+ if (selected_uri && !printer_count)
|
||||||
|
+ fprintf(stderr, "STATE: -primary-printer-failed\n");
|
||||||
|
+ else
|
||||||
|
+ fprintf(stderr, "STATE: +primary-printer-failed\n");
|
||||||
|
+
|
||||||
|
+ if (job_canceled)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Job Canceled\n");
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!selected_uri && auth_failed_count == printer_count)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "ERROR: All failover printers failed with "
|
||||||
|
+ "authorization issues.\n");
|
||||||
|
+ rc = CUPS_BACKEND_AUTH_REQUIRED;
|
||||||
|
+ fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+ else if (!selected_uri && retry_count + 1 < retry_max)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "INFO: No suitable printer found...retrying...\n");
|
||||||
|
+ sleep(2);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ else if (selected_uri)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Using printer, %s.\n", selected_uri);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!selected_uri)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "ERROR: No suitable printer found. Aborting print\n");
|
||||||
|
+ rc = CUPS_BACKEND_FAILED;
|
||||||
|
+ goto cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = move_job(atoi(argv[1]), selected_uri);
|
||||||
|
+
|
||||||
|
+ if (job_canceled)
|
||||||
|
+ rc = CUPS_BACKEND_OK;
|
||||||
|
+
|
||||||
|
+cleanup :
|
||||||
|
+ if (job_canceled)
|
||||||
|
+ rc = CUPS_BACKEND_OK;
|
||||||
|
+
|
||||||
|
+ tmp_device_uri = (char *)cupsArrayFirst(printer_array);
|
||||||
|
+ do
|
||||||
|
+ {
|
||||||
|
+ free((void *)tmp_device_uri);
|
||||||
|
+ } while ((tmp_device_uri = (char *)cupsArrayNext(printer_array)) != NULL);
|
||||||
|
+
|
||||||
|
+ cupsArrayDelete(printer_array);
|
||||||
|
+ sleep(2);
|
||||||
|
+ return (rc);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * 'check_printer()' - Checks the status of a remote printer and returns
|
||||||
|
+ * back a good/bad/busy status.
|
||||||
|
+ */
|
||||||
|
+int
|
||||||
|
+check_printer(const char *device_uri)
|
||||||
|
+{
|
||||||
|
+ ipp_t *attributes = NULL; /* attributes for device_uri */
|
||||||
|
+ ipp_attribute_t *tmp_attribute; /* for examining attribs */
|
||||||
|
+ int rc = FO_PRINTER_GOOD; /* return code */
|
||||||
|
+ char *reason; /* printer state reason */
|
||||||
|
+ int i;
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, "DEBUG: Checking printer %s\n",device_uri);
|
||||||
|
+
|
||||||
|
+ rc = get_printer_attributes(device_uri, &attributes);
|
||||||
|
+ if ( rc != CUPS_BACKEND_OK )
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Failed to get attributes from printer: %s\n",
|
||||||
|
+ device_uri);
|
||||||
|
+ if ( rc == CUPS_BACKEND_AUTH_REQUIRED )
|
||||||
|
+ return (FO_AUTH_REQUIRED);
|
||||||
|
+ else
|
||||||
|
+ return (FO_PRINTER_BAD);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Check if printer is accepting jobs
|
||||||
|
+ */
|
||||||
|
+ if ((tmp_attribute = ippFindAttribute(attributes,
|
||||||
|
+ "printer-is-accepting-jobs",
|
||||||
|
+ IPP_TAG_BOOLEAN)) != NULL &&
|
||||||
|
+ !tmp_attribute->values[0].boolean)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "DEBUG: Printer, %s, is not accepting jobs.\n",
|
||||||
|
+ device_uri);
|
||||||
|
+
|
||||||
|
+ rc = FO_PRINTER_BAD;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Check if printer is stopped or busy processing
|
||||||
|
+ */
|
||||||
|
+ if ((tmp_attribute = ippFindAttribute(attributes,
|
||||||
|
+ "printer-state",
|
||||||
|
+ IPP_TAG_ENUM)) != NULL)
|
||||||
|
+ {
|
||||||
|
+ // Printer Stopped
|
||||||
|
+ if ( tmp_attribute->values[0].integer == IPP_PRINTER_STOPPED )
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Printer, %s, stopped.\n", device_uri);
|
||||||
|
+ rc = FO_PRINTER_BAD;
|
||||||
|
+ }
|
||||||
|
+ // Printer Busy
|
||||||
|
+ else if ( tmp_attribute->values[0].integer == IPP_PRINTER_PROCESSING )
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Printer %s is busy.\n", device_uri);
|
||||||
|
+ rc = FO_PRINTER_BUSY;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Parse through the printer-state-reasons
|
||||||
|
+ */
|
||||||
|
+ if ((tmp_attribute = ippFindAttribute(attributes, "printer-state-reasons",
|
||||||
|
+ IPP_TAG_KEYWORD)) != NULL)
|
||||||
|
+ {
|
||||||
|
+ for (i = 0; i < tmp_attribute->num_values; i++)
|
||||||
|
+ {
|
||||||
|
+ reason = tmp_attribute->values[i].string.text;
|
||||||
|
+ int len = strlen(reason);
|
||||||
|
+
|
||||||
|
+ if (len > 8 && !strcmp(reason + len - 8, "-warning"))
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Printer Supply Warning, %s\n", reason);
|
||||||
|
+ rc = FO_PRINTER_BAD;
|
||||||
|
+ }
|
||||||
|
+ else if (len > 6 && !strcmp(reason + len - 6, "-error"))
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Printer Supply Error, %s\n", reason);
|
||||||
|
+ rc = FO_PRINTER_BAD;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return (rc);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * 'read_config()' - Parses the failover and failover-retries options
|
||||||
|
+ *
|
||||||
|
+ */
|
||||||
|
+static int
|
||||||
|
+read_config(cups_array_t *printer_array, int *retries, const char *options)
|
||||||
|
+{
|
||||||
|
+
|
||||||
|
+ const char *tmp; /* temporary ptr */
|
||||||
|
+ char *tok_tmp; /* temporary ptr for option parsing */
|
||||||
|
+ int jobopts_count = 0; /* number of options */
|
||||||
|
+ cups_option_t *jobopts = NULL; /* job options */
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, "DEBUG: Reading Configuration.\n");
|
||||||
|
+ jobopts_count = cupsParseOptions(options, 0, &jobopts);
|
||||||
|
+
|
||||||
|
+ if (!jobopts_count)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "ERROR: No job options! Cannot find failover options!\n");
|
||||||
|
+ return (CUPS_BACKEND_STOP);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Get attributes from the primary printer
|
||||||
|
+ */
|
||||||
|
+ fprintf(stderr, "DEBUG: Searching for failover option.\n");
|
||||||
|
+
|
||||||
|
+ if ((tmp = cupsGetOption("failover", jobopts_count, jobopts)) != NULL)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Failover option contents: %s.\n", tmp);
|
||||||
|
+
|
||||||
|
+ tok_tmp = strdup(tmp);
|
||||||
|
+
|
||||||
|
+ tmp = strtok(tok_tmp, ",");
|
||||||
|
+ do
|
||||||
|
+ {
|
||||||
|
+ cupsArrayAdd(printer_array, strdup(tmp));
|
||||||
|
+ } while ((tmp = strtok(NULL,",")) != NULL);
|
||||||
|
+
|
||||||
|
+ free(tok_tmp);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * The queue is misconfigured, so return back CUPS_BACKEND_STOP
|
||||||
|
+ */
|
||||||
|
+ fprintf(stderr, "ERROR: failover option not specified!\n");
|
||||||
|
+ return (CUPS_BACKEND_STOP);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Get the failover-retries value, if it exists.
|
||||||
|
+ */
|
||||||
|
+ fprintf(stderr, "DEBUG: Searching for failover-retries option.\n");
|
||||||
|
+
|
||||||
|
+ if ((tmp = cupsGetOption("failover-retries",
|
||||||
|
+ jobopts_count, jobopts)) != NULL)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: failover-retries option contents: %s.\n", tmp);
|
||||||
|
+ *retries = atoi(tmp);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ *retries = FAILOVER_DEFAULT_RETRIES;
|
||||||
|
+ fprintf(stderr, "DEBUG: Failed to get failover-retries option\n");
|
||||||
|
+ fprintf(stderr, "DEBUG: Defaulted to %d retries\n", *retries);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return (CUPS_BACKEND_OK);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * 'get_printer_attributes()' - Sends an IPP Get-Attributes request to
|
||||||
|
+ * a URI
|
||||||
|
+ */
|
||||||
|
+int
|
||||||
|
+get_printer_attributes(const char *device_uri, ipp_t **attributes)
|
||||||
|
+{
|
||||||
|
+ char uri[HTTP_MAX_URI]; /* Updated URI without login */
|
||||||
|
+ int version; /* IPP version */
|
||||||
|
+ char scheme[256]; /* Scheme in URI */
|
||||||
|
+ ipp_status_t ipp_status; /* Status of IPP request */
|
||||||
|
+ char hostname[1024]; /* Hostname */
|
||||||
|
+ char resource[1024]; /* Resource infoo */
|
||||||
|
+ char addrname[256]; /* Address name */
|
||||||
|
+ int port; /* IPP Port number */
|
||||||
|
+ char portname[255]; /* Port as string */
|
||||||
|
+ http_t *http; /* HTTP connection */
|
||||||
|
+ ipp_t *request; /* IPP request */
|
||||||
|
+ int rc = CUPS_BACKEND_OK; /* Return Code */
|
||||||
|
+ char username[256]; /* Username for device URI */
|
||||||
|
+ char *option_ptr; /* for parsing resource opts */
|
||||||
|
+ const char * const pattrs[] = /* Printer attributes wanted */
|
||||||
|
+ {
|
||||||
|
+ "printer-is-accepting-jobs",
|
||||||
|
+ "printer-state",
|
||||||
|
+ "printer-state-reasons"
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ if (job_canceled)
|
||||||
|
+ return (CUPS_BACKEND_OK);
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n");
|
||||||
|
+ fprintf(stderr, "DEBUG: Device URL %s.\n", device_uri);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Parse device_uri
|
||||||
|
+ */
|
||||||
|
+ if (httpSeparateURI(HTTP_URI_CODING_ALL, device_uri, scheme, sizeof(scheme),
|
||||||
|
+ username, sizeof(username), hostname, sizeof(hostname),
|
||||||
|
+ &port, resource, sizeof(resource)) != HTTP_URI_OK)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "ERROR: Problem parsing device_uri, %s\n", device_uri);
|
||||||
|
+ return (CUPS_BACKEND_STOP);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!port)
|
||||||
|
+ port = IPP_PORT;
|
||||||
|
+
|
||||||
|
+ sprintf(portname, "%d", port);
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n");
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Configure password
|
||||||
|
+ */
|
||||||
|
+ cupsSetPasswordCB(password_cb);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * reset, in case a previous attempt for
|
||||||
|
+ * another printer left residue
|
||||||
|
+ */
|
||||||
|
+ cupsSetUser(NULL);
|
||||||
|
+ password = NULL;
|
||||||
|
+ password_retries = 0;
|
||||||
|
+
|
||||||
|
+ if (*username)
|
||||||
|
+ {
|
||||||
|
+ if ((password = strchr(username, ':')) != NULL)
|
||||||
|
+ {
|
||||||
|
+ *password = '\0';
|
||||||
|
+ password++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ cupsSetUser(username);
|
||||||
|
+ }
|
||||||
|
+ else if (!getuid())
|
||||||
|
+ {
|
||||||
|
+ const char *username_env;
|
||||||
|
+
|
||||||
|
+ if ((username_env = getenv("AUTH_USERNAME")) != NULL)
|
||||||
|
+ {
|
||||||
|
+ cupsSetUser(username_env);
|
||||||
|
+ password = getenv("AUTH_PASSWORD");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Try connecting to the remote server...
|
||||||
|
+ */
|
||||||
|
+ fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port);
|
||||||
|
+ _cupsLangPuts(stderr, _("INFO: Connecting to printer...\n"));
|
||||||
|
+
|
||||||
|
+ http = httpConnectEncrypt(hostname, port, cupsEncryption());
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Deal the socket not being open.
|
||||||
|
+ */
|
||||||
|
+ if (!http)
|
||||||
|
+ {
|
||||||
|
+ int error = errno; /* Connection error */
|
||||||
|
+
|
||||||
|
+ switch (error)
|
||||||
|
+ {
|
||||||
|
+ case EHOSTDOWN :
|
||||||
|
+ _cupsLangPuts(stderr, _("WARNING: "
|
||||||
|
+ "The printer may not exist or "
|
||||||
|
+ "is unavailable at this time.\n"));
|
||||||
|
+ break;
|
||||||
|
+ case EHOSTUNREACH :
|
||||||
|
+ _cupsLangPuts(stderr, _("WARNING: "
|
||||||
|
+ "The printer is unreachable at this "
|
||||||
|
+ "time.\n"));
|
||||||
|
+ break;
|
||||||
|
+ case ECONNREFUSED :
|
||||||
|
+ _cupsLangPuts(stderr, _("WARNING: "
|
||||||
|
+ "Connection Refused.\n"));
|
||||||
|
+ break;
|
||||||
|
+ default :
|
||||||
|
+ fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(errno));
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = CUPS_BACKEND_FAILED;
|
||||||
|
+ sleep(5);
|
||||||
|
+ goto prt_available_cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+#ifdef AF_INET6
|
||||||
|
+ if (http->hostaddr->addr.sa_family == AF_INET6)
|
||||||
|
+ fprintf(stderr, "DEBUG: Connected to [%s]:%d (IPv6)...\n",
|
||||||
|
+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)),
|
||||||
|
+ ntohs(http->hostaddr->ipv6.sin6_port));
|
||||||
|
+ else
|
||||||
|
+#endif /* AF_INET6 */
|
||||||
|
+ if (http->hostaddr->addr.sa_family == AF_INET)
|
||||||
|
+ fprintf(stderr, "DEBUG: Connected to %s:%d (IPv4)...\n",
|
||||||
|
+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)),
|
||||||
|
+ ntohs(http->hostaddr->ipv4.sin_port));
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Search the resource string for options.
|
||||||
|
+ * We only care about version, for the moment.
|
||||||
|
+ */
|
||||||
|
+ version = 11;
|
||||||
|
+
|
||||||
|
+ if ((option_ptr = strchr(resource, '?')) != NULL)
|
||||||
|
+ {
|
||||||
|
+ *option_ptr++ = '\0';
|
||||||
|
+
|
||||||
|
+ if ((option_ptr = strstr(option_ptr, "version="))!=NULL)
|
||||||
|
+ {
|
||||||
|
+ int minor; /* minor version from URI */
|
||||||
|
+ int major; /* major version from URI */
|
||||||
|
+ char *version_str; /* ipp version */
|
||||||
|
+
|
||||||
|
+ option_ptr += 8;
|
||||||
|
+ version_str = option_ptr;
|
||||||
|
+
|
||||||
|
+ while (*option_ptr && *option_ptr != '&' && *option_ptr != '+')
|
||||||
|
+ option_ptr++;
|
||||||
|
+
|
||||||
|
+ if (*option_ptr)
|
||||||
|
+ *option_ptr = '\0';
|
||||||
|
+
|
||||||
|
+ sscanf(version_str, "%d.%d", &major, &minor);
|
||||||
|
+
|
||||||
|
+ version = (major * 10) + minor;
|
||||||
|
+
|
||||||
|
+ switch(version)
|
||||||
|
+ {
|
||||||
|
+ case 10 :
|
||||||
|
+ case 11 :
|
||||||
|
+ case 20 :
|
||||||
|
+ case 21 :
|
||||||
|
+ fprintf(stderr,
|
||||||
|
+ "DEBUG: Set version to %d from URI\n",
|
||||||
|
+ version);
|
||||||
|
+ break;
|
||||||
|
+ default :
|
||||||
|
+ _cupsLangPrintf(stderr,
|
||||||
|
+ _("DEBUG: Invalid version, %d, from URI. "
|
||||||
|
+ "Using default of 1.1 \n"),
|
||||||
|
+ version);
|
||||||
|
+ version = 11;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Build a URI for the printer. We can't use the URI in argv[0]
|
||||||
|
+ * because it might contain username:password information...
|
||||||
|
+ */
|
||||||
|
+ if (httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), scheme, NULL,
|
||||||
|
+ hostname, port, resource) != HTTP_URI_OK)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "ERROR: Problem assembling printer URI from host %s, "
|
||||||
|
+ "port %d, resource %s\n", hostname, port, resource);
|
||||||
|
+ return (CUPS_BACKEND_STOP);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Build the IPP request...
|
||||||
|
+ */
|
||||||
|
+ request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
|
||||||
|
+ request->request.op.version[0] = version / 10;
|
||||||
|
+ request->request.op.version[1] = version % 10;
|
||||||
|
+
|
||||||
|
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri",
|
||||||
|
+ NULL, uri);
|
||||||
|
+
|
||||||
|
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD,
|
||||||
|
+ "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]),
|
||||||
|
+ NULL, pattrs);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Do the request...
|
||||||
|
+ */
|
||||||
|
+ fputs("DEBUG: Getting supported attributes...\n", stderr);
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, "DEBUG: IPP Request Structure Built.\n");
|
||||||
|
+
|
||||||
|
+ *attributes = cupsDoRequest(http, request, resource);
|
||||||
|
+ ipp_status = cupsLastError();
|
||||||
|
+
|
||||||
|
+ fprintf(stderr, "DEBUG: Get-Printer-Attributes: %s (%s)\n",
|
||||||
|
+ ippErrorString(ipp_status), cupsLastErrorString());
|
||||||
|
+
|
||||||
|
+ if (ipp_status > IPP_OK_CONFLICT)
|
||||||
|
+ {
|
||||||
|
+ fprintf(stderr, "DEBUG: Get-Printer-Attributes returned %s.\n",
|
||||||
|
+ ippErrorString(ipp_status));
|
||||||
|
+ switch(ipp_status)
|
||||||
|
+ {
|
||||||
|
+ case IPP_FORBIDDEN :
|
||||||
|
+ case IPP_NOT_AUTHORIZED :
|
||||||
|
+ _cupsLangPuts(stderr, _("ERROR: Not Authorized.\n"));
|
||||||
|
+ rc = CUPS_BACKEND_AUTH_REQUIRED;
|
||||||
|
+ break;
|
||||||
|
+ case IPP_PRINTER_BUSY :
|
||||||
|
+ case IPP_SERVICE_UNAVAILABLE :
|
||||||
|
+ _cupsLangPuts(stderr, _("ERROR: "
|
||||||
|
+ "The printer is not responding.\n"));
|
||||||
|
+ rc = CUPS_BACKEND_FAILED;
|
||||||
|
+ break;
|
||||||
|
+ case IPP_BAD_REQUEST :
|
||||||
|
+ case IPP_VERSION_NOT_SUPPORTED :
|
||||||
|
+ fprintf(stderr, "ERROR: Destination does not support IPP version %d\n",
|
||||||
|
+ version);
|
||||||
|
+ case IPP_NOT_FOUND :
|
||||||
|
+ _cupsLangPuts(stderr, _("ERROR: "
|
||||||
|
+ "The printer configuration is incorrect or the "
|
||||||
|
+ "printer no longer exists.\n"));
|
||||||
|
+ rc = CUPS_BACKEND_STOP;
|
||||||
|
+ break;
|
||||||
|
+ default :
|
||||||
|
+ rc = CUPS_BACKEND_FAILED;
|
||||||
|
+ }
|
||||||
|
+ goto prt_available_cleanup;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+prt_available_cleanup :
|
||||||
|
+ httpClose(http);
|
||||||
|
+ return (rc);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int
|
||||||
|
+move_job(int jobid, /* Job ID */
|
||||||
|
+ const char *dest) /* Destination ipp address */
|
||||||
|
+{
|
||||||
|
+ ipp_t *request; /* IPP Request */
|
||||||
|
+ char job_uri[HTTP_MAX_URI]; /* job-uri */
|
||||||
|
+
|
||||||
|
+ http_t* http = httpConnectEncrypt(cupsServer(), ippPort(), cupsEncryption());
|
||||||
|
+
|
||||||
|
+ if (!http)
|
||||||
|
+ {
|
||||||
|
+ _cupsLangPrintf(stderr,
|
||||||
|
+ _("failover: Unable to connect to server: %s\n"),
|
||||||
|
+ strerror(errno));
|
||||||
|
+ return (CUPS_BACKEND_FAILED);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Build a CUPS_MOVE_JOB request, which requires the following
|
||||||
|
+ * attributes:
|
||||||
|
+ *
|
||||||
|
+ * job-uri/printer-uri
|
||||||
|
+ * job-printer-uri
|
||||||
|
+ * requesting-user-name
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ request = ippNewRequest(CUPS_MOVE_JOB);
|
||||||
|
+
|
||||||
|
+ snprintf(job_uri, sizeof(job_uri), "ipp://localhost/jobs/%d", jobid);
|
||||||
|
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL,
|
||||||
|
+ job_uri);
|
||||||
|
+
|
||||||
|
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
|
||||||
|
+ "requesting-user-name",
|
||||||
|
+ NULL, cupsUser());
|
||||||
|
+
|
||||||
|
+ ippAddString(request, IPP_TAG_JOB, IPP_TAG_URI, "job-printer-uri",
|
||||||
|
+ NULL, dest);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Do the request and get back a response...
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ ippDelete(cupsDoRequest(http, request, "/jobs"));
|
||||||
|
+
|
||||||
|
+ httpClose(http);
|
||||||
|
+
|
||||||
|
+ if (cupsLastError() > IPP_OK_CONFLICT)
|
||||||
|
+ {
|
||||||
|
+ _cupsLangPrintf(stderr, "failover: %s\n", cupsLastErrorString());
|
||||||
|
+ return (CUPS_BACKEND_FAILED);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ return (CUPS_BACKEND_OK);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * 'sigterm_handler()' - handles a sigterm, i.e. job canceled
|
||||||
|
+ */
|
||||||
|
+static void
|
||||||
|
+sigterm_handler(int sig)
|
||||||
|
+{
|
||||||
|
+ if (!job_canceled)
|
||||||
|
+ {
|
||||||
|
+ write(2, "DEBUG: Got SIGTERM.\n", 20);
|
||||||
|
+ job_canceled = 1;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * Job has already been canceled, so just exit
|
||||||
|
+ */
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * 'password_cb()' - Disable the password prompt for cupsDoFileRequest().
|
||||||
|
+ */
|
||||||
|
+static const char * /* O - Password */
|
||||||
|
+password_cb(const char *prompt) /* I - Prompt (not used) */
|
||||||
|
+{
|
||||||
|
+ auth_info_required = "username,password";
|
||||||
|
+ password_retries++;
|
||||||
|
+
|
||||||
|
+ if(password_retries < FAILOVER_PASSWORD_RETRIES_MAX)
|
||||||
|
+ return (password);
|
||||||
|
+ else
|
||||||
|
+ return (NULL);
|
||||||
|
+}
|
||||||
|
diff -up cups-2.3.3/backend/Makefile.failover cups-2.3.3/backend/Makefile
|
||||||
|
--- cups-2.3.3/backend/Makefile.failover 2020-04-27 20:04:29.000000000 +0200
|
||||||
|
+++ cups-2.3.3/backend/Makefile 2020-06-11 08:52:31.212642019 +0200
|
||||||
|
@@ -22,6 +22,7 @@ include ../Makedefs
|
||||||
|
RBACKENDS = \
|
||||||
|
ipp \
|
||||||
|
lpd \
|
||||||
|
+ failover \
|
||||||
|
$(DNSSD_BACKEND)
|
||||||
|
UBACKENDS = \
|
||||||
|
snmp \
|
||||||
|
@@ -45,6 +46,7 @@ LIBOBJS = \
|
||||||
|
OBJS = \
|
||||||
|
ipp.o \
|
||||||
|
lpd.o \
|
||||||
|
+ failover.o \
|
||||||
|
dnssd.o \
|
||||||
|
snmp.o \
|
||||||
|
socket.o \
|
||||||
|
@@ -276,6 +278,15 @@ lpd: lpd.o ../cups/$(LIBCUPS) libbackend
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
+# failover
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
+failover: failover.o ../cups/$(LIBCUPS) libbackend.a
|
||||||
|
+ echo Linking $@...
|
||||||
|
+ $(LD_CC) $(ALL_LDFLAGS) -o failover failover.o libbackend.a $(LINKCUPS)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
# snmp
|
||||||
|
#
|
||||||
|
|
@ -0,0 +1,124 @@
|
|||||||
|
diff --git a/cups/http-support.c b/cups/http-support.c
|
||||||
|
index a4bc079..9ee2309 100644
|
||||||
|
--- a/cups/http-support.c
|
||||||
|
+++ b/cups/http-support.c
|
||||||
|
@@ -1430,6 +1430,12 @@ _httpSetDigestAuthString(
|
||||||
|
* Use old RFC 2069 Digest method...
|
||||||
|
*/
|
||||||
|
|
||||||
|
+ if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5)
|
||||||
|
+ {
|
||||||
|
+ DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled.");
|
||||||
|
+ return (0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* H(A1) = H(username:realm:password) */
|
||||||
|
snprintf(temp, sizeof(temp), "%s:%s:%s", username, http->realm, password);
|
||||||
|
hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
|
||||||
|
diff --git a/cups/md5passwd.c b/cups/md5passwd.c
|
||||||
|
index 9af5de2..5c9a64e 100644
|
||||||
|
--- a/cups/md5passwd.c
|
||||||
|
+++ b/cups/md5passwd.c
|
||||||
|
@@ -19,6 +19,9 @@
|
||||||
|
/*
|
||||||
|
* 'httpMD5()' - Compute the MD5 sum of the username:group:password.
|
||||||
|
*
|
||||||
|
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
|
||||||
|
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
|
||||||
|
+ *
|
||||||
|
* @deprecated@
|
||||||
|
*/
|
||||||
|
|
||||||
|
@@ -28,22 +31,13 @@ httpMD5(const char *username, /* I - User name */
|
||||||
|
const char *passwd, /* I - Password string */
|
||||||
|
char md5[33]) /* O - MD5 string */
|
||||||
|
{
|
||||||
|
- unsigned char sum[16]; /* Sum data */
|
||||||
|
- char line[256]; /* Line to sum */
|
||||||
|
-
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Compute the MD5 sum of the user name, group name, and password.
|
||||||
|
- */
|
||||||
|
+ (void)username;
|
||||||
|
+ (void)realm;
|
||||||
|
+ (void)passwd;
|
||||||
|
|
||||||
|
- snprintf(line, sizeof(line), "%s:%s:%s", username, realm, passwd);
|
||||||
|
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
|
||||||
|
+ md5[0] = '\0';
|
||||||
|
|
||||||
|
- /*
|
||||||
|
- * Return the sum...
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
|
||||||
|
+ return (NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -52,6 +46,9 @@ httpMD5(const char *username, /* I - User name */
|
||||||
|
* with the server-supplied nonce value, method, and
|
||||||
|
* request-uri.
|
||||||
|
*
|
||||||
|
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
|
||||||
|
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
|
||||||
|
+ *
|
||||||
|
* @deprecated@
|
||||||
|
*/
|
||||||
|
|
||||||
|
@@ -61,35 +58,22 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
|
||||||
|
const char *resource, /* I - Resource path */
|
||||||
|
char md5[33]) /* IO - MD5 sum */
|
||||||
|
{
|
||||||
|
- unsigned char sum[16]; /* Sum data */
|
||||||
|
- char line[1024]; /* Line of data */
|
||||||
|
- char a2[33]; /* Hash of method and resource */
|
||||||
|
-
|
||||||
|
+ (void)nonce;
|
||||||
|
+ (void)method;
|
||||||
|
+ (void)resource;
|
||||||
|
|
||||||
|
- /*
|
||||||
|
- * First compute the MD5 sum of the method and resource...
|
||||||
|
- */
|
||||||
|
+ md5[0] = '\0';
|
||||||
|
|
||||||
|
- snprintf(line, sizeof(line), "%s:%s", method, resource);
|
||||||
|
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
|
||||||
|
- cupsHashString(sum, sizeof(sum), a2, sizeof(a2));
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Then combine A1 (MD5 of username, realm, and password) with the nonce
|
||||||
|
- * and A2 (method + resource) values to get the final MD5 sum for the
|
||||||
|
- * request...
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
- snprintf(line, sizeof(line), "%s:%s:%s", md5, nonce, a2);
|
||||||
|
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
|
||||||
|
-
|
||||||
|
- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
|
||||||
|
+ return (NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 'httpMD5String()' - Convert an MD5 sum to a character string.
|
||||||
|
*
|
||||||
|
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
|
||||||
|
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
|
||||||
|
+ *
|
||||||
|
* @deprecated@
|
||||||
|
*/
|
||||||
|
|
||||||
|
@@ -98,5 +82,9 @@ httpMD5String(const unsigned char *sum, /* I - MD5 sum data */
|
||||||
|
char md5[33])
|
||||||
|
/* O - MD5 sum in hex */
|
||||||
|
{
|
||||||
|
- return ((char *)cupsHashString(sum, 16, md5, 33));
|
||||||
|
+ (void)sum;
|
||||||
|
+
|
||||||
|
+ md5[0] = '\0';
|
||||||
|
+
|
||||||
|
+ return (NULL);
|
||||||
|
}
|
@ -0,0 +1,15 @@
|
|||||||
|
diff -up cups-2.0.2/cups/http-addr.c.freebind cups-2.0.2/cups/http-addr.c
|
||||||
|
--- cups-2.0.2/cups/http-addr.c.freebind 2015-02-10 14:46:33.000000000 +0100
|
||||||
|
+++ cups-2.0.2/cups/http-addr.c 2015-02-10 14:50:35.074759141 +0100
|
||||||
|
@@ -186,6 +186,10 @@ httpAddrListen(http_addr_t *addr, /* I -
|
||||||
|
val = 1;
|
||||||
|
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, CUPS_SOCAST &val, sizeof(val));
|
||||||
|
|
||||||
|
+#ifdef __linux
|
||||||
|
+ setsockopt(fd, IPPROTO_IP, IP_FREEBIND, CUPS_SOCAST &val, sizeof(val));
|
||||||
|
+#endif /* __linux */
|
||||||
|
+
|
||||||
|
#ifdef IPV6_V6ONLY
|
||||||
|
if (addr->addr.sa_family == AF_INET6)
|
||||||
|
setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, CUPS_SOCAST &val, sizeof(val));
|
||||||
|
diff -up cups-2.0.2/scheduler/listen.c.freebind cups-2.0.2/scheduler/listen.c
|
@ -0,0 +1,49 @@
|
|||||||
|
diff --git a/config-scripts/cups-compiler.m4 b/config-scripts/cups-compiler.m4
|
||||||
|
index 733b06c..bb770f0 100644
|
||||||
|
--- a/config-scripts/cups-compiler.m4
|
||||||
|
+++ b/config-scripts/cups-compiler.m4
|
||||||
|
@@ -123,21 +123,35 @@ if test -n "$GCC"; then
|
||||||
|
OPTIM="-fPIC $OPTIM"
|
||||||
|
fi
|
||||||
|
|
||||||
|
- # The -fstack-protector option is available with some versions of
|
||||||
|
- # GCC and adds "stack canaries" which detect when the return address
|
||||||
|
- # has been overwritten, preventing many types of exploit attacks.
|
||||||
|
- AC_MSG_CHECKING(whether compiler supports -fstack-protector)
|
||||||
|
+ # The -fstack-protector-strong and -fstack-protector options are available
|
||||||
|
+ # with some versions of# GCC and adds "stack canaries" which detect
|
||||||
|
+ # when the return address has been overwritten, preventing many types of exploit attacks.
|
||||||
|
+ # First check for -fstack-protector-strong, then for -fstack-protector...
|
||||||
|
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector-strong])
|
||||||
|
OLDCFLAGS="$CFLAGS"
|
||||||
|
- CFLAGS="$CFLAGS -fstack-protector"
|
||||||
|
- AC_TRY_LINK(,,
|
||||||
|
+ CFLAGS="$CFLAGS -fstack-protector-strong"
|
||||||
|
+ AC_TRY_LINK(,,[
|
||||||
|
if test "x$LSB_BUILD" = xy; then
|
||||||
|
# Can't use stack-protector with LSB binaries...
|
||||||
|
OPTIM="$OPTIM -fno-stack-protector"
|
||||||
|
else
|
||||||
|
- OPTIM="$OPTIM -fstack-protector"
|
||||||
|
+ OPTIM="$OPTIM -fstack-protector-strong"
|
||||||
|
fi
|
||||||
|
- AC_MSG_RESULT(yes),
|
||||||
|
- AC_MSG_RESULT(no))
|
||||||
|
+ AC_MSG_RESULT(yes)
|
||||||
|
+ ], [
|
||||||
|
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector])
|
||||||
|
+ CFLAGS="$OLDCFLAGS -fstack-protector"
|
||||||
|
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()], [
|
||||||
|
+ AS_IF([test "x$LSB_BUILD" = xy], [
|
||||||
|
+ # Can't use stack-protector with LSB binaries...
|
||||||
|
+ OPTIM="$OPTIM -fno-stack-protector"
|
||||||
|
+ ], [
|
||||||
|
+ OPTIM="$OPTIM -fstack-protector"
|
||||||
|
+ ])
|
||||||
|
+ ], [
|
||||||
|
+ AC_MSG_RESULT([no])
|
||||||
|
+ ])
|
||||||
|
+ ])
|
||||||
|
CFLAGS="$OLDCFLAGS"
|
||||||
|
|
||||||
|
if test "x$LSB_BUILD" != xy; then
|
@ -0,0 +1,15 @@
|
|||||||
|
diff -up cups-1.7.0/backend/ipp.c.ipp-multifile cups-1.7.0/backend/ipp.c
|
||||||
|
--- cups-1.7.0/backend/ipp.c.ipp-multifile 2013-10-24 15:52:00.745814354 +0100
|
||||||
|
+++ cups-1.7.0/backend/ipp.c 2013-10-24 15:53:46.463266724 +0100
|
||||||
|
@@ -1758,7 +1758,10 @@ main(int argc, /* I - Number of comm
|
||||||
|
ippAddBoolean(request, IPP_TAG_OPERATION, "last-document",
|
||||||
|
(i + 1) >= num_files);
|
||||||
|
|
||||||
|
- if (document_format)
|
||||||
|
+ if (num_files > 1)
|
||||||
|
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_MIMETYPE,
|
||||||
|
+ "document-format", NULL, "application/octet-stream");
|
||||||
|
+ else if (document_format)
|
||||||
|
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_MIMETYPE,
|
||||||
|
"document-format", NULL, document_format);
|
||||||
|
|
@ -0,0 +1,115 @@
|
|||||||
|
diff --git a/cups/auth.c b/cups/auth.c
|
||||||
|
index db45bbb..b6fec6b 100644
|
||||||
|
--- a/cups/auth.c
|
||||||
|
+++ b/cups/auth.c
|
||||||
|
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
|
||||||
|
# define cups_gss_printf(major, minor, message)
|
||||||
|
# endif /* DEBUG */
|
||||||
|
#endif /* HAVE_GSSAPI */
|
||||||
|
+static int cups_is_local_connection(http_t *http);
|
||||||
|
static int cups_local_auth(http_t *http);
|
||||||
|
|
||||||
|
|
||||||
|
@@ -174,10 +175,10 @@ cupsDoAuthentication(
|
||||||
|
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
|
||||||
|
|
||||||
|
#ifdef HAVE_GSSAPI
|
||||||
|
- if (!_cups_strcasecmp(scheme, "Negotiate"))
|
||||||
|
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
- * Kerberos authentication...
|
||||||
|
+ * Kerberos authentication to remote server...
|
||||||
|
*/
|
||||||
|
|
||||||
|
int gss_status; /* Auth status */
|
||||||
|
@@ -201,7 +202,9 @@ cupsDoAuthentication(
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* HAVE_GSSAPI */
|
||||||
|
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
|
||||||
|
+ if (_cups_strcasecmp(scheme, "Basic") &&
|
||||||
|
+ _cups_strcasecmp(scheme, "Digest") &&
|
||||||
|
+ _cups_strcasecmp(scheme, "Negotiate"))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Other schemes not yet supported...
|
||||||
|
@@ -215,7 +218,7 @@ cupsDoAuthentication(
|
||||||
|
* See if we should retry the current username:password...
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
|
||||||
|
+ if (http->digest_tries > 1 || !http->userpass[0])
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Nope - get a new password from the user...
|
||||||
|
@@ -295,7 +298,7 @@ cupsDoAuthentication(
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (http->authstring)
|
||||||
|
+ if (http->authstring && http->authstring[0])
|
||||||
|
{
|
||||||
|
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
|
||||||
|
|
||||||
|
@@ -916,6 +919,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
|
||||||
|
# endif /* DEBUG */
|
||||||
|
#endif /* HAVE_GSSAPI */
|
||||||
|
|
||||||
|
+static int /* O - 0 if not a local connection */
|
||||||
|
+ /* 1 if local connection */
|
||||||
|
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
|
||||||
|
+{
|
||||||
|
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
|
||||||
|
+ return 0;
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 'cups_local_auth()' - Get the local authorization certificate if
|
||||||
|
@@ -958,7 +969,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
|
||||||
|
* See if we are accessing localhost...
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
|
||||||
|
+ if (!cups_is_local_connection(http))
|
||||||
|
{
|
||||||
|
DEBUG_puts("8cups_local_auth: Not a local connection!");
|
||||||
|
return (1);
|
||||||
|
@@ -1032,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
|
||||||
|
}
|
||||||
|
# endif /* HAVE_AUTHORIZATION_H */
|
||||||
|
|
||||||
|
-# ifdef HAVE_GSSAPI
|
||||||
|
- if (cups_auth_find(www_auth, "Negotiate"))
|
||||||
|
- return (1);
|
||||||
|
-# endif /* HAVE_GSSAPI */
|
||||||
|
-
|
||||||
|
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
|
||||||
|
/*
|
||||||
|
* See if we can authenticate using the peer credentials provided over a
|
||||||
|
diff --git a/scheduler/client.c b/scheduler/client.c
|
||||||
|
index 89c76bf..40708d9 100644
|
||||||
|
--- a/scheduler/client.c
|
||||||
|
+++ b/scheduler/client.c
|
||||||
|
@@ -2244,18 +2244,13 @@ cupsdSendHeader(
|
||||||
|
}
|
||||||
|
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
|
||||||
|
{
|
||||||
|
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
|
||||||
|
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
|
||||||
|
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
|
||||||
|
- else
|
||||||
|
-#endif /* SO_PEERCRED && AF_LOCAL */
|
||||||
|
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
|
||||||
|
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
- * Add a "trc" (try root certification) parameter for local non-Kerberos
|
||||||
|
+ * Add a "trc" (try root certification) parameter for local
|
||||||
|
* requests when the request requires system group membership - then the
|
||||||
|
* client knows the root certificate can/should be used.
|
||||||
|
*
|
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/scheduler/log.c b/scheduler/log.c
|
||||||
|
index 17331ff02..41ddb4cb9 100644
|
||||||
|
--- a/scheduler/log.c
|
||||||
|
+++ b/scheduler/log.c
|
||||||
|
@@ -569,11 +569,7 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */
|
||||||
|
* Format and write the log message...
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
|
||||||
|
- if (job && strcmp(ErrorLog, "syslog"))
|
||||||
|
-#else
|
||||||
|
if (job)
|
||||||
|
-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
|
||||||
|
snprintf(jobmsg, sizeof(jobmsg), "[Job %d] %s", job->id, message);
|
||||||
|
else
|
||||||
|
strlcpy(jobmsg, message, sizeof(jobmsg));
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,14 @@
|
|||||||
|
diff -up cups-2.3.0/cups-config.in.multilib cups-2.3.0/cups-config.in
|
||||||
|
--- cups-2.3.0/cups-config.in.multilib 2019-10-07 12:10:09.508859587 +0200
|
||||||
|
+++ cups-2.3.0/cups-config.in 2019-10-07 12:11:56.614025934 +0200
|
||||||
|
@@ -17,7 +17,9 @@ prefix=@prefix@
|
||||||
|
exec_prefix=@exec_prefix@
|
||||||
|
bindir=@bindir@
|
||||||
|
includedir=@includedir@
|
||||||
|
-libdir=@libdir@
|
||||||
|
+# Fetch libdir from gnutls's pkg-config script. This is a bit
|
||||||
|
+# of a cheat, but the cups-devel package requires gnutls-devel anyway.
|
||||||
|
+libdir=`pkg-config --variable=libdir gnutls`
|
||||||
|
datarootdir=@datadir@
|
||||||
|
datadir=@datadir@
|
||||||
|
sysconfdir=@sysconfdir@
|
@ -0,0 +1,10 @@
|
|||||||
|
diff -up cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs cups-2.2b2/config-scripts/cups-ssl.m4
|
||||||
|
--- cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs 2016-06-27 15:06:22.299980753 +0200
|
||||||
|
+++ cups-2.2b2/config-scripts/cups-ssl.m4 2016-06-27 15:08:00.953154042 +0200
|
||||||
|
@@ -102,5 +102,5 @@ AC_SUBST(IPPALIASES)
|
||||||
|
AC_SUBST(SSLFLAGS)
|
||||||
|
AC_SUBST(SSLLIBS)
|
||||||
|
|
||||||
|
-EXPORT_SSLLIBS="$SSLLIBS"
|
||||||
|
+EXPORT_SSLLIBS=""
|
||||||
|
AC_SUBST(EXPORT_SSLLIBS)
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/scheduler/cups.service.in b/scheduler/cups.service.in
|
||||||
|
index a3fa0e8..baff51b 100644
|
||||||
|
--- a/scheduler/cups.service.in
|
||||||
|
+++ b/scheduler/cups.service.in
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
[Unit]
|
||||||
|
Description=CUPS Scheduler
|
||||||
|
Documentation=man:cupsd(8)
|
||||||
|
-After=network.target sssd.service ypbind.service nslcd.service
|
||||||
|
+After=network.target nss-user-lookup.target nslcd.service
|
||||||
|
Requires=cups.socket
|
||||||
|
|
||||||
|
[Service]
|
@ -0,0 +1,20 @@
|
|||||||
|
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
|
||||||
|
index e0dbc4a..5e9a985 100644
|
||||||
|
--- a/scheduler/ipp.c
|
||||||
|
+++ b/scheduler/ipp.c
|
||||||
|
@@ -9891,11 +9891,10 @@ restart_job(cupsd_client_t *con, /* I - Client connection */
|
||||||
|
cupsdLogJob(job, CUPSD_LOG_DEBUG,
|
||||||
|
"Restarted by \"%s\" with job-hold-until=%s.",
|
||||||
|
username, attr->values[0].string.text);
|
||||||
|
- cupsdSetJobHoldUntil(job, attr->values[0].string.text, 0);
|
||||||
|
-
|
||||||
|
- cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED | CUPSD_EVENT_JOB_STATE,
|
||||||
|
- NULL, job, "Job restarted by user with job-hold-until=%s",
|
||||||
|
- attr->values[0].string.text);
|
||||||
|
+ cupsdSetJobHoldUntil(job, attr->values[0].string.text, 1);
|
||||||
|
+ cupsdSetJobState(job, IPP_JOB_HELD, CUPSD_JOB_DEFAULT,
|
||||||
|
+ "Job restarted by user with job-hold-until=%s",
|
||||||
|
+ attr->values[0].string.text);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
@ -0,0 +1,38 @@
|
|||||||
|
diff -up cups-1.5b1/conf/cups.password-auth.system-auth cups-1.5b1/conf/cups.password-auth
|
||||||
|
--- cups-1.5b1/conf/cups.password-auth.system-auth 2011-05-23 17:27:27.000000000 +0200
|
||||||
|
+++ cups-1.5b1/conf/cups.password-auth 2011-05-23 17:27:27.000000000 +0200
|
||||||
|
@@ -0,0 +1,4 @@
|
||||||
|
+#%PAM-1.0
|
||||||
|
+# Use password-auth common PAM configuration for the daemon
|
||||||
|
+auth include password-auth
|
||||||
|
+account include password-auth
|
||||||
|
diff -up cups-1.5b1/conf/cups.system-auth.system-auth cups-1.5b1/conf/cups.system-auth
|
||||||
|
--- cups-1.5b1/conf/cups.system-auth.system-auth 2011-05-23 17:27:27.000000000 +0200
|
||||||
|
+++ cups-1.5b1/conf/cups.system-auth 2011-05-23 17:27:27.000000000 +0200
|
||||||
|
@@ -0,0 +1,3 @@
|
||||||
|
+#%PAM-1.0
|
||||||
|
+auth include system-auth
|
||||||
|
+account include system-auth
|
||||||
|
diff -up cups-1.5b1/conf/Makefile.system-auth cups-1.5b1/conf/Makefile
|
||||||
|
--- cups-1.5b1/conf/Makefile.system-auth 2011-05-12 07:21:56.000000000 +0200
|
||||||
|
+++ cups-1.5b1/conf/Makefile 2011-05-23 17:27:27.000000000 +0200
|
||||||
|
@@ -90,10 +90,16 @@ install-data:
|
||||||
|
done
|
||||||
|
-if test x$(PAMDIR) != x; then \
|
||||||
|
$(INSTALL_DIR) -m 755 $(BUILDROOT)$(PAMDIR); \
|
||||||
|
- if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \
|
||||||
|
- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \
|
||||||
|
+ if test -f /etc/pam.d/password-auth; then \
|
||||||
|
+ $(INSTALL_DATA) cups.password-auth $(BUILDROOT)$(PAMDIR)/cups; \
|
||||||
|
+ elif test -f /etc/pam.d/system-auth; then \
|
||||||
|
+ $(INSTALL_DATA) cups.system-auth $(BUILDROOT)$(PAMDIR)/cups; \
|
||||||
|
else \
|
||||||
|
- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \
|
||||||
|
+ if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \
|
||||||
|
+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \
|
||||||
|
+ else \
|
||||||
|
+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \
|
||||||
|
+ fi ; \
|
||||||
|
fi ; \
|
||||||
|
fi
|
||||||
|
|
@ -0,0 +1,51 @@
|
|||||||
|
diff -up cups-1.5b1/backend/usb-unix.c.uri-compat cups-1.5b1/backend/usb-unix.c
|
||||||
|
--- cups-1.5b1/backend/usb-unix.c.uri-compat 2011-05-24 15:59:05.000000000 +0200
|
||||||
|
+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 16:02:03.000000000 +0200
|
||||||
|
@@ -63,11 +63,34 @@ print_device(const char *uri, /* I - De
|
||||||
|
int device_fd; /* USB device */
|
||||||
|
ssize_t tbytes; /* Total number of bytes written */
|
||||||
|
struct termios opts; /* Parallel port options */
|
||||||
|
+ char *fixed_uri = strdup (uri);
|
||||||
|
+ char *p;
|
||||||
|
|
||||||
|
|
||||||
|
(void)argc;
|
||||||
|
(void)argv;
|
||||||
|
|
||||||
|
+ p = strchr (fixed_uri, ':');
|
||||||
|
+ if (p++ != NULL)
|
||||||
|
+ {
|
||||||
|
+ char *e;
|
||||||
|
+ p += strspn (p, "/");
|
||||||
|
+ e = strchr (p, '/');
|
||||||
|
+ if (e > p)
|
||||||
|
+ {
|
||||||
|
+ size_t mfrlen = e - p;
|
||||||
|
+ e++;
|
||||||
|
+ if (!strncasecmp (e, p, mfrlen))
|
||||||
|
+ {
|
||||||
|
+ char *x = e + mfrlen;
|
||||||
|
+ if (!strncmp (x, "%20", 3))
|
||||||
|
+ /* Take mfr name out of mdl name for compatibility with
|
||||||
|
+ * Fedora 11 before bug #507244 was fixed. */
|
||||||
|
+ strcpy (e, x + 3); puts(fixed_uri);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Open the USB port device...
|
||||||
|
*/
|
||||||
|
@@ -107,10 +130,10 @@ print_device(const char *uri, /* I - De
|
||||||
|
_cups_strncasecmp(hostname, "Minolta", 7);
|
||||||
|
#endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */
|
||||||
|
|
||||||
|
- if (use_bc && !strncmp(uri, "usb:/dev/", 9))
|
||||||
|
+ if (use_bc && !strncmp(fixed_uri, "usb:/dev/", 9))
|
||||||
|
use_bc = 0;
|
||||||
|
|
||||||
|
- if ((device_fd = open_device(uri, &use_bc)) == -1)
|
||||||
|
+ if ((device_fd = open_device(fixed_uri, &use_bc)) == -1)
|
||||||
|
{
|
||||||
|
if (getenv("CLASS") != NULL)
|
||||||
|
{
|
@ -0,0 +1,52 @@
|
|||||||
|
diff -up cups-1.5b1/backend/usb-unix.c.usb-paperout cups-1.5b1/backend/usb-unix.c
|
||||||
|
--- cups-1.5b1/backend/usb-unix.c.usb-paperout 2011-05-24 15:51:39.000000000 +0200
|
||||||
|
+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 15:51:39.000000000 +0200
|
||||||
|
@@ -30,6 +30,11 @@
|
||||||
|
|
||||||
|
#include <sys/select.h>
|
||||||
|
|
||||||
|
+#ifdef __linux
|
||||||
|
+#include <sys/ioctl.h>
|
||||||
|
+#include <linux/lp.h>
|
||||||
|
+#endif /* __linux */
|
||||||
|
+
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Local functions...
|
||||||
|
@@ -334,7 +339,19 @@ open_device(const char *uri, /* I - Dev
|
||||||
|
if (!strncmp(uri, "usb:/dev/", 9))
|
||||||
|
#ifdef __linux
|
||||||
|
{
|
||||||
|
- return (open(uri + 4, O_RDWR | O_EXCL));
|
||||||
|
+ fd = open(uri + 4, O_RDWR | O_EXCL);
|
||||||
|
+
|
||||||
|
+ if (fd != -1)
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * Tell the driver to return from write() with errno==ENOSPACE
|
||||||
|
+ * on paper-out.
|
||||||
|
+ */
|
||||||
|
+ unsigned int t = 1;
|
||||||
|
+ ioctl (fd, LPABORT, &t);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return fd;
|
||||||
|
}
|
||||||
|
else if (!strncmp(uri, "usb://", 6))
|
||||||
|
{
|
||||||
|
@@ -400,7 +417,14 @@ open_device(const char *uri, /* I - Dev
|
||||||
|
if (!strcmp(uri, device_uri))
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
- * Yes, return this file descriptor...
|
||||||
|
+ * Yes, tell the driver to return from write() with
|
||||||
|
+ * errno==ENOSPACE on paper-out.
|
||||||
|
+ */
|
||||||
|
+ unsigned int t = 1;
|
||||||
|
+ ioctl (fd, LPABORT, &t);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Return this file descriptor...
|
||||||
|
*/
|
||||||
|
|
||||||
|
fprintf(stderr, "DEBUG: Printer using device file \"%s\"...\n",
|
@ -0,0 +1,27 @@
|
|||||||
|
diff -up cups-2.3.3op2/backend/ipp.c.validate-retry cups-2.3.3op2/backend/ipp.c
|
||||||
|
--- cups-2.3.3op2/backend/ipp.c.validate-retry 2021-03-11 12:55:46.461135739 +0100
|
||||||
|
+++ cups-2.3.3op2/backend/ipp.c 2021-03-11 13:29:09.312859343 +0100
|
||||||
|
@@ -256,6 +256,7 @@ main(int argc, /* I - Number of comm
|
||||||
|
get_job_attrs = 0, /* Does printer support Get-Job-Attributes? */
|
||||||
|
send_document = 0, /* Does printer support Send-Document? */
|
||||||
|
validate_job = 0, /* Does printer support Validate-Job? */
|
||||||
|
+ validation_retried = 0, /* Indicate whether Validate-Job was retried */
|
||||||
|
copies, /* Number of copies for job */
|
||||||
|
copies_remaining; /* Number of copies remaining */
|
||||||
|
const char *content_type, /* CONTENT_TYPE environment variable */
|
||||||
|
@@ -1559,7 +1560,15 @@ main(int argc, /* I - Number of comm
|
||||||
|
ipp_status == IPP_STATUS_ERROR_BAD_REQUEST)
|
||||||
|
break;
|
||||||
|
else if (job_auth == NULL && ipp_status > IPP_STATUS_ERROR_BAD_REQUEST)
|
||||||
|
+ {
|
||||||
|
+ if (!validation_retried)
|
||||||
|
+ {
|
||||||
|
+ validation_retried = 1;
|
||||||
|
+ sleep(10);
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
goto cleanup;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
@ -0,0 +1,19 @@
|
|||||||
|
diff -up cups-1.7rc1/cgi-bin/admin.c.web-devices-timeout cups-1.7rc1/cgi-bin/admin.c
|
||||||
|
--- cups-1.7rc1/cgi-bin/admin.c.web-devices-timeout 2013-05-29 12:51:34.000000000 +0100
|
||||||
|
+++ cups-1.7rc1/cgi-bin/admin.c 2013-08-16 16:01:17.308264287 +0100
|
||||||
|
@@ -1019,13 +1019,13 @@ do_am_printer(http_t *http, /* I - HTTP
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Scan for devices for up to 30 seconds...
|
||||||
|
+ * Scan for devices for up to 10 seconds...
|
||||||
|
*/
|
||||||
|
|
||||||
|
fputs("DEBUG: Getting list of devices...\n", stderr);
|
||||||
|
|
||||||
|
current_device = 0;
|
||||||
|
- if (cupsGetDevices(http, 5, CUPS_INCLUDE_ALL, CUPS_EXCLUDE_NONE,
|
||||||
|
+ if (cupsGetDevices(http, 10, CUPS_INCLUDE_ALL, CUPS_EXCLUDE_NONE,
|
||||||
|
(cups_device_cb_t)choose_device_cb,
|
||||||
|
(void *)title) == IPP_OK)
|
||||||
|
{
|
@ -0,0 +1 @@
|
|||||||
|
%_cups_serverbin %(/usr/bin/cups-config --serverbin)
|
@ -0,0 +1,171 @@
|
|||||||
|
@PYTHON_SHEBANG@
|
||||||
|
|
||||||
|
"""
|
||||||
|
Upgrade script to enable authentication for CUPS-Get-Document in
|
||||||
|
default policy
|
||||||
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
from shutil import copy
|
||||||
|
|
||||||
|
|
||||||
|
def get_cupsd_conf():
|
||||||
|
"""
|
||||||
|
Get all lines from cupsd.conf
|
||||||
|
"""
|
||||||
|
if not os.path.exists('/etc/cups/cupsd.conf'):
|
||||||
|
return None
|
||||||
|
|
||||||
|
lines = []
|
||||||
|
with open('/etc/cups/cupsd.conf', 'r') as conf:
|
||||||
|
lines = conf.readlines()
|
||||||
|
|
||||||
|
return lines
|
||||||
|
|
||||||
|
|
||||||
|
def get_default_policy(lines):
|
||||||
|
"""
|
||||||
|
Get the default policy lines
|
||||||
|
|
||||||
|
:param list lines: lines from cupsd.conf
|
||||||
|
"""
|
||||||
|
default_policy = []
|
||||||
|
in_policy = False
|
||||||
|
|
||||||
|
for line in lines:
|
||||||
|
if not in_policy and not line.lstrip().startswith('<Policy default>'):
|
||||||
|
continue
|
||||||
|
|
||||||
|
default_policy.append(line)
|
||||||
|
|
||||||
|
if line.lstrip().startswith('</Policy>'):
|
||||||
|
return default_policy
|
||||||
|
|
||||||
|
in_policy = True
|
||||||
|
|
||||||
|
return default_policy
|
||||||
|
|
||||||
|
|
||||||
|
def get_limit_with_document(lines):
|
||||||
|
"""
|
||||||
|
Get <Limit> scope which defines CUPS-Get-Document operation
|
||||||
|
|
||||||
|
:param list lines: Lines containing the default policy
|
||||||
|
"""
|
||||||
|
limit = []
|
||||||
|
in_limit = False
|
||||||
|
|
||||||
|
for line in lines:
|
||||||
|
if not in_limit and not line.lstrip().startswith('<Limit'):
|
||||||
|
continue
|
||||||
|
|
||||||
|
if (not in_limit and line.lstrip().startswith('<Limit') and
|
||||||
|
not 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
|
||||||
|
continue
|
||||||
|
|
||||||
|
limit.append(line)
|
||||||
|
|
||||||
|
if line.lstrip().startswith('</Limit>'):
|
||||||
|
return limit
|
||||||
|
|
||||||
|
in_limit = True
|
||||||
|
|
||||||
|
return limit
|
||||||
|
|
||||||
|
|
||||||
|
def check_for_authtype(lines):
|
||||||
|
"""
|
||||||
|
Check if <Limit> defining CUPS-Get-Document defines
|
||||||
|
any authentication
|
||||||
|
|
||||||
|
:param list lines: Lines of <Limit> scope which defines CUPS-Get-Document
|
||||||
|
"""
|
||||||
|
for line in lines:
|
||||||
|
if line.lstrip().startswith('AuthType'):
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def migrate_cupsd_conf(lines):
|
||||||
|
"""
|
||||||
|
Make changes to cupsd.conf contents to use authentication
|
||||||
|
for CUPS-Get-Document
|
||||||
|
|
||||||
|
:param list lines: Lines from cupsd.conf
|
||||||
|
"""
|
||||||
|
new_lines = []
|
||||||
|
in_policy = False
|
||||||
|
create_document_limit = False
|
||||||
|
|
||||||
|
for line in lines:
|
||||||
|
if (in_policy and line.lstrip().startswith('<Limit') and
|
||||||
|
not line.lstrip().startswith('<Limit CUPS-Get-Document>') and
|
||||||
|
'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
|
||||||
|
line = line.replace(' CUPS-Get-Document', '')
|
||||||
|
create_document_limit = True
|
||||||
|
|
||||||
|
if in_policy and line.lstrip().startswith('</Policy>') and create_document_limit:
|
||||||
|
new_lines.append('\n')
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
|
||||||
|
'# added during upgrade\n')
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
|
||||||
|
'<Limit CUPS-Get-Document>\n')
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
|
||||||
|
'AuthType Default\n')
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
|
||||||
|
'Require user @OWNER @SYSTEM\n')
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
|
||||||
|
'Order deny,allow\n')
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
|
||||||
|
'</Limit>\n')
|
||||||
|
create_document_limit = False
|
||||||
|
|
||||||
|
new_lines.append(line)
|
||||||
|
|
||||||
|
if not in_policy:
|
||||||
|
if line.lstrip().startswith('<Policy default>'):
|
||||||
|
in_policy = True
|
||||||
|
continue
|
||||||
|
|
||||||
|
if line.lstrip().startswith('<Limit CUPS-Get-Document>'):
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
|
||||||
|
'# added during upgrade\n')
|
||||||
|
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
|
||||||
|
'AuthType Default\n')
|
||||||
|
continue
|
||||||
|
|
||||||
|
if line.lstrip().startswith('</Policy>'):
|
||||||
|
in_policy = False
|
||||||
|
continue
|
||||||
|
|
||||||
|
return new_lines
|
||||||
|
|
||||||
|
|
||||||
|
def apply_changes(lines):
|
||||||
|
"""
|
||||||
|
Backup the original file if there is no .rpmsave already and
|
||||||
|
apply changes to the actual cupsd.conf
|
||||||
|
|
||||||
|
:param list lines: New lines for cupsd.conf
|
||||||
|
"""
|
||||||
|
if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'):
|
||||||
|
copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave')
|
||||||
|
|
||||||
|
with open('/etc/cups/cupsd.conf', 'w') as conf:
|
||||||
|
conf.writelines(lines)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
content = get_cupsd_conf()
|
||||||
|
if content is None:
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if check_for_authtype(get_limit_with_document(get_default_policy(content))):
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
new_content = migrate_cupsd_conf(content)
|
||||||
|
|
||||||
|
apply_changes(new_content)
|
||||||
|
|
||||||
|
sys.exit(0)
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue