LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File cups-1.1.21rc2-preauth_security.patch of Package cups (Project DISCONTINUED:openSUSE:11.1)

--- cups-1.1.21rc2/scheduler/client.c.orig	2004-08-31 15:48:47.000000000 +0200
+++ cups-1.1.21rc2/scheduler/client.c	2004-08-31 15:52:54.755695050 +0200
@@ -293,6 +293,74 @@
     }
   }
 
+  /*
+   * Do ACL stuff...
+   */
+
+  if (BrowseACL && (BrowseACL->num_allow || BrowseACL->num_deny))
+  {
+    int		hostlen = strlen(con->http.hostname);
+    int		auth = AUTH_DENY;
+
+    if (address == 0x7f000001)
+    {
+     /*
+      * Access from localhost (127.0.0.1) is always allowed...
+      */
+
+      auth = AUTH_ALLOW;
+    }
+    else
+    {
+     /*
+      * Do authorization checks on the domain/address...
+      */
+
+      switch (BrowseACL->order_type)
+      {
+        default :
+           auth = AUTH_DENY;   /* anti-compiler-warning-code */
+           break;
+
+       case AUTH_ALLOW : /* Order Deny,Allow */
+            auth = AUTH_ALLOW;
+
+            if (CheckAuth(address, con->http.hostname, hostlen,
+                         BrowseACL->num_deny, BrowseACL->deny))
+             auth = AUTH_DENY;
+
+            if (CheckAuth(address, con->http.hostname, hostlen,
+                         BrowseACL->num_allow, BrowseACL->allow))
+             auth = AUTH_ALLOW;
+           break;
+
+       case AUTH_DENY : /* Order Allow,Deny */
+            auth = AUTH_DENY;
+
+            if (CheckAuth(address, con->http.hostname, hostlen,
+                         BrowseACL->num_allow, BrowseACL->allow))
+             auth = AUTH_ALLOW;
+
+            if (CheckAuth(address, con->http.hostname, hostlen,
+                         BrowseACL->num_deny, BrowseACL->deny))
+             auth = AUTH_DENY;
+           break;
+      }
+    }
+
+    if (auth == AUTH_DENY)
+    {
+      LogMessage(L_DEBUG, "AcceptClient(): Refused connection from from %s; please check BrowseAllow/BrowseDeny settings",
+                 con->http.hostname);
+#ifdef WIN32
+      closesocket(con->http.fd);
+#else
+      close(con->http.fd);
+#endif /* WIN32 */
+      return;
+    }
+  }
+
   LogMessage(L_DEBUG, "AcceptClient: %d from %s:%d.", con->http.fd,
              con->http.hostname, ntohs(con->http.hostaddr.sin_port));
 
--- cups-1.1.21rc2/conf/cupsd.conf.in.orig	2004-08-31 15:48:47.000000000 +0200
+++ cups-1.1.21rc2/conf/cupsd.conf.in	2004-08-31 15:55:01.452514988 +0200
@@ -575,6 +575,9 @@
 #BrowseAllow address
 #BrowseDeny address
 
+BrowseAllow @LOCAL
+BrowseDeny All
+
 #
 # BrowseInterval: the time between browsing updates in seconds.  Default
 # is 30 seconds.
@@ -769,6 +772,7 @@
 Deny From All
 Allow From 127.0.0.1
 Allow From 127.0.0.2
+Allow From @LOCAL
 </Location>
 
 #<Location /classes>