Letting any user remove jobs

Thu Oct 21 10:57:19 PDT 2004

I need to allow any user to modify the print queues on my cups server, but the only way I could come up with required a patch (A) and a modified cupsd.conf (B). Isn't there a simpler way?

Regards

Anders


A. Patch

--- cups-1.1.22rc2/scheduler/auth.c     2004-10-11 21:29:40.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/auth.c 2004-10-21 19:15:29.529417056 +0200
@@ -180,6 +180,10 @@
   loc->num_names ++;
 }

+void RunAs(location_t *loc, char *user) {
+  loc->run_as = strdup(user);
+  LogMessage(L_DEBUG, "RunAs: %s", user);
+}

 /*
  * 'AllowHost()' - Add a host name that is allowed to access the location.
@@ -200,6 +204,7 @@
   if (strcasecmp(name, "@LOCAL") == 0)
   {
    /*
+
     * Allow *interface*...
     */

diff -urb cups-1.1.22rc2/scheduler/auth.h cups-1.1.22rc2.mod/scheduler/auth.h
--- cups-1.1.22rc2/scheduler/auth.h     2004-08-23 20:00:59.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/auth.h 2004-10-21 18:57:17.414443768 +0200
@@ -98,6 +98,7 @@
   int          num_deny;               /* Number of Deny lines */
   authmask_t   *deny;                  /* Deny lines */
   http_encryption_t encryption;                /* To encrypt or not to encrypt... */
+  char          *run_as;
 } location_t;


@@ -132,7 +133,7 @@
 extern char            *GetMD5Passwd(const char *username, const char *group,
                                      char passwd[33]);
 extern http_status_t   IsAuthorized(client_t *con);
-
+extern void             RunAs(location_t *loc, char *name);

 /*
  * End of "$Id: auth.h,v 1.24 2004/08/23 18:00:59 mike Exp $".
diff -urb cups-1.1.22rc2/scheduler/client.c cups-1.1.22rc2.mod/scheduler/client.c
--- cups-1.1.22rc2/scheduler/client.c   2004-10-04 21:40:35.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/client.c       2004-10-21 19:20:32.453365616 +0200
@@ -1129,6 +1129,7 @@

     decode_auth(con);

+
     if (strncmp(con->http.fields[HTTP_FIELD_CONNECTION], "Keep-Alive", 10) == 0 &&
         KeepAlive)
       con->http.keep_alive = HTTP_KEEPALIVE_ON;
@@ -1227,6 +1228,14 @@
        SendError(con, status);
        return (CloseClient(con));
       }
+      {
+       best = FindBest(con->uri, con->http.state);
+       if (best->run_as != NULL) {
+         strlcpy(con->username, best->run_as, sizeof(con->username));
+       }
+        LogMessage(L_DEBUG2, "user: %s\n", con->username);
+
+      }

       switch (con->http.state)
       {
diff -urb cups-1.1.22rc2/scheduler/conf.c cups-1.1.22rc2.mod/scheduler/conf.c
--- cups-1.1.22rc2/scheduler/conf.c     2004-08-23 20:00:59.000000000 +0200
+++ cups-1.1.22rc2.mod/scheduler/conf.c 2004-10-21 18:56:27.361053040 +0200
@@ -1983,6 +1983,8 @@
     }
     else if (strcasecmp(name, "AuthGroupName") == 0)
       AddName(loc, value);
+    else if (strcasecmp(name, "RunAs") == 0)
+      RunAs(loc, value);
     else if (strcasecmp(name, "Require") == 0)
     {
      /*


B. Part of config file:

<Location /jobs/?op>
# Allow anybody to modify jobs
RunAs root
Allow From x.y.z.w/24
</Location>

<Location /admin/?op=stop-printer>
# Allow anybody to stop printers
Allow From x.y.z.w/24
</Location>
<Location /admin/?op=start-printer>
# Allow anybody to start printers
Allow From x.y.z.w/24
</Location>
<Location /admin/>
# Necessary to prevent above to go into infinite loop
Allow From 130.235.83.0/24
</Location>
<Location /admin/?op>
# Disallow all not explicitly allowed printer ops
Deny From 130.235.83.0/24
</Location>



