diff options
author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-10-26 17:26:36 +0000 |
---|---|---|
committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-10-26 17:26:36 +0000 |
commit | fcad6032691d9985512734e898914a7d48e492fc (patch) | |
tree | 6c3d2e9e917e6fa5037da3e406065e0b6c865440 | |
parent | d8a60ef8deb3da1b1f970bb619bed0f1aed96645 (diff) |
Add /admin/log section to cupsd.conf so that remote admin also controls remote
access to the log files (<rdar://problem/23134415>)
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12938 a1ca3aef-8c08-0410-bb20-df032aa958be
-rw-r--r-- | CHANGES-2.1.txt | 2 | ||||
-rw-r--r-- | conf/cupsd.conf.in | 7 | ||||
-rw-r--r-- | cups/adminutil.c | 47 |
3 files changed, 53 insertions, 3 deletions
diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt index 443557ad5..80fb00333 100644 --- a/CHANGES-2.1.txt +++ b/CHANGES-2.1.txt @@ -9,7 +9,7 @@ CHANGES IN CUPS V2.1.1 <rdar://problem/23133393>, <rdar://problem/23133466>, <rdar://problem/23133833>, <rdar://problem/23133998>, <rdar://problem/23134228>, <rdar://problem/23134299>, - <rdar://problem/23134356>) + <rdar://problem/23134356>, <rdar://problem/23134415>) - The cupsGetPPD* functions did not work with IPP printers (STR #4725) - Some older HP LaserJet printers need a delayed close when printing using the libusb-based USB backend (STR #4549) diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in index e17601446..2fd0de0c3 100644 --- a/conf/cupsd.conf.in +++ b/conf/cupsd.conf.in @@ -39,6 +39,13 @@ WebInterface @CUPS_WEBIF@ Order allow,deny </Location> +# Restrict access to log files... +<Location /admin/log> + AuthType Default + Require user @SYSTEM + Order allow,deny +</Location> + # Set the default printer/job policies... <Policy default> # Job/subscription privacy... diff --git a/cups/adminutil.c b/cups/adminutil.c index 5a7dea092..424c02b4c 100644 --- a/cups/adminutil.c +++ b/cups/adminutil.c @@ -3,7 +3,7 @@ * * Administration utility API definitions for CUPS. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2015 by Apple Inc. * Copyright 2001-2007 by Easy Software Products. * * These coded instructions, statements, and computer programs are the @@ -1175,6 +1175,7 @@ cupsAdminSetServerSettings( in_cancel_job, /* In a cancel-job section? */ in_admin_location, /* In the /admin location? */ in_conf_location, /* In the /admin/conf location? */ + in_log_location, /* In the /admin/log location? */ in_root_location; /* In the / location? */ const char *val; /* Setting value */ int share_printers, /* Share local printers */ @@ -1188,6 +1189,7 @@ cupsAdminSetServerSettings( wrote_loglevel, /* Wrote the LogLevel line? */ wrote_admin_location, /* Wrote the /admin location? */ wrote_conf_location, /* Wrote the /admin/conf location? */ + wrote_log_location, /* Wrote the /admin/log location? */ wrote_root_location; /* Wrote the / location? */ int indent; /* Indentation */ int cupsd_num_settings; /* New number of settings */ @@ -1401,12 +1403,14 @@ cupsAdminSetServerSettings( in_conf_location = 0; in_default_policy = 0; in_location = 0; + in_log_location = 0; in_policy = 0; in_root_location = 0; linenum = 0; wrote_admin_location = 0; wrote_browsing = 0; wrote_conf_location = 0; + wrote_log_location = 0; wrote_loglevel = 0; wrote_policy = 0; wrote_port_listen = 0; @@ -1550,8 +1554,10 @@ cupsAdminSetServerSettings( indent += 2; if (!strcmp(value, "/admin")) in_admin_location = 1; - if (!strcmp(value, "/admin/conf")) + else if (!strcmp(value, "/admin/conf")) in_conf_location = 1; + else if (!strcmp(value, "/admin/log")) + in_log_location = 1; else if (!strcmp(value, "/")) in_root_location = 1; @@ -1593,6 +1599,23 @@ cupsAdminSetServerSettings( cupsFilePrintf(temp, " Allow %s\n", remote_any > 0 ? "all" : "@LOCAL"); } + else if (in_log_location && remote_admin >= 0) + { + wrote_log_location = 1; + + if (remote_admin) + cupsFilePuts(temp, " # Allow remote access to the log " + "files...\n"); + else + cupsFilePuts(temp, " # Restrict access to the log " + "files...\n"); + + cupsFilePuts(temp, " Order allow,deny\n"); + + if (remote_admin) + cupsFilePrintf(temp, " Allow %s\n", + remote_any > 0 ? "all" : "@LOCAL"); + } else if (in_root_location && (remote_admin >= 0 || remote_any > 0 || share_printers >= 0)) { @@ -1619,6 +1642,7 @@ cupsAdminSetServerSettings( in_admin_location = 0; in_conf_location = 0; + in_log_location = 0; in_root_location = 0; cupsFilePuts(temp, "</Location>\n"); @@ -1867,6 +1891,25 @@ cupsAdminSetServerSettings( cupsFilePuts(temp, "</Location>\n"); } + if (!wrote_log_location && remote_admin >= 0) + { + if (remote_admin) + cupsFilePuts(temp, + "# Allow remote access to the log files...\n"); + else + cupsFilePuts(temp, "# Restrict access to the log files...\n"); + + cupsFilePuts(temp, "<Location /admin/log>\n" + " AuthType Default\n" + " Require user @SYSTEM\n" + " Order allow,deny\n"); + + if (remote_admin) + cupsFilePrintf(temp, " Allow %s\n", remote_any > 0 ? "all" : "@LOCAL"); + + cupsFilePuts(temp, "</Location>\n"); + } + if (!wrote_policy && user_cancel_any >= 0) { cupsFilePuts(temp, "<Policy default>\n" |