File ipp-additional-changes-for-the-scheduler-to-substitute-d.patch of Package cups.13211
Index: cups-1.7.5/scheduler/ipp.c
===================================================================
--- cups-1.7.5.orig/scheduler/ipp.c
+++ cups-1.7.5/scheduler/ipp.c
@@ -155,6 +155,7 @@ cupsdProcessIPPRequest(
ipp_attribute_t *uri = NULL; /* Printer or job URI attribute */
ipp_attribute_t *username; /* requesting-user-name attr */
int sub_id; /* Subscription ID */
+ int valid = 1; /* Valid request? */
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -393,20 +394,55 @@ cupsdProcessIPPRequest(
else
{
/*
- * OK, all the checks pass so far; make sure requesting-user-name is
- * not "root" from a remote host...
+ * OK, all the checks pass so far; validate "requesting-user-name"
+ * attribute value...
*/
- if ((username = ippFindAttribute(con->request, "requesting-user-name",
- IPP_TAG_NAME)) != NULL)
- {
- /*
- * Check for root user...
- */
-
- if (!strcmp(username->values[0].string.text, "root") &&
- _cups_strcasecmp(con->http.hostname, "localhost") &&
- strcmp(con->username, "root"))
+ if ((username = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_ZERO)) != NULL)
+ {
+ /*
+ * Validate "requesting-user-name"...
+ */
+
+ if (username->group_tag != IPP_TAG_OPERATION && StrictConformance)
+ {
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute in wrong group.", IPP_STATUS_ERROR_BAD_REQUEST, con->http.hostname);
+ send_ipp_status(con, IPP_STATUS_ERROR_BAD_REQUEST, _("\"requesting-user-name\" attribute in wrong group."));
+ valid = 0;
+ }
+ else if (username->value_tag != IPP_TAG_NAME && username->value_tag != IPP_TAG_NAMELANG)
+ {
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with wrong syntax.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http.hostname);
+ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
+ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+ valid = 0;
+ }
+ else if (!ippValidateAttribute(username))
+ {
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with bad value.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http.hostname);
+
+ if (StrictConformance)
+ {
+ /*
+ * Throw an error...
+ */
+
+ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
+ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+ valid = 0;
+ }
+ else
+ {
+ /*
+ * Map bad "requesting-user-name" to 'anonymous'...
+ */
+
+ ippSetString(con->request, &username, 0, "anonymous");
+ }
+ }
+ else if (!strcmp(username->values[0].string.text, "root") && _cups_strcasecmp(con->http.hostname, "localhost") && strcmp(con->username, "root"))
{
/*
* Remote unauthenticated user masquerading as local root...
@@ -426,6 +462,11 @@ cupsdProcessIPPRequest(
* Then try processing the operation...
*/
+ if (valid)
+ {
+ /*
+ * Try processing the operation...
+ */
if (uri)
cupsdLogMessage(CUPSD_LOG_DEBUG, "%s %s",
ippOpString(con->request->request.op.operation_id),
@@ -621,6 +662,7 @@ cupsdProcessIPPRequest(
ippOpString(
con->request->request.op.operation_id));
break;
+ }
}
}
}
@@ -1568,22 +1610,6 @@ add_job(cupsd_client_t *con, /* I - Cl
attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
- if (attr && !ippValidateAttribute(attr))
- {
- send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
-
- if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
- attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
-
- if (StrictConformance)
- return (NULL);
-
- /* Don't use invalid attribute */
- ippDeleteAttribute(con->request, attr);
-
- attr = ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "reqeusting-user-name", NULL, "anonymous");
- }
-
if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{
send_ipp_status(con, IPP_INTERNAL_ERROR,
