Index: conf.c =================================================================== --- conf.c (revision 6481) +++ conf.c (working copy) @@ -23,9 +23,9 @@ * * Contents: * + * cupsdCheckPermissions() - Fix the mode and ownership of a file or + * directory. * cupsdReadConfiguration() - Read the cupsd.conf file. - * check_permissions() - Fix the mode and ownership of a file or - * directory. * get_address() - Get an address + port number from a line. * get_addr_and_mask() - Get an IP address and netmask. * parse_aaa() - Parse authentication, authorization, and @@ -197,10 +197,6 @@ /* * Local functions... */ -static int check_permissions(const char *filename, - const char *suffix, int mode, - int user, int group, int is_dir, - int create_dir); static http_addrlist_t *get_address(const char *value, int defport); static int get_addr_and_mask(const char *value, unsigned *ip, unsigned *mask); @@ -214,6 +210,115 @@ /* + * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory. + */ + +int /* O - 0 on success, -1 on error, 1 on warning */ +cupsdCheckPermissions( + const char *filename, /* I - File/directory name */ + const char *suffix, /* I - Additional file/directory name */ + int mode, /* I - Permissions */ + int user, /* I - Owner */ + int group, /* I - Group */ + int is_dir, /* I - 1 = directory, 0 = file */ + int create_dir) /* I - 1 = create directory, 0 = not */ +{ + int dir_created = 0; /* Did we create a directory? */ + char pathname[1024]; /* File name with prefix */ + struct stat fileinfo; /* Stat buffer */ + + + /* + * Prepend the given root to the filename before testing it... + */ + + if (suffix) + { + snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix); + filename = pathname; + } + + /* + * See if we can stat the file/directory... + */ + + if (stat(filename, &fileinfo)) + { + if (errno == ENOENT && create_dir) + { + cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"", + filename); + + if (mkdir(filename, mode)) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "Unable to create directory \"%s\" - %s", filename, + strerror(errno)); + return (-1); + } + + dir_created = 1; + } + else + return (create_dir ? -1 : 1); + } + + /* + * Make sure it's a regular file... + */ + + if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode)) + { + cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file!", filename); + return (-1); + } + + if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode)) + { + cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory!", filename); + return (-1); + } + + /* + * Fix owner, group, and mode as needed... + */ + + if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group) + { + cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"", filename); + + if (chown(filename, user, group) && !getuid()) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "Unable to change ownership of \"%s\" - %s", filename, + strerror(errno)); + return (1); + } + } + + if (dir_created || (fileinfo.st_mode & 07777) != mode) + { + cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"", + filename); + + if (chmod(filename, mode)) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "Unable to change permissions of \"%s\" - %s", filename, + strerror(errno)); + return (1); + } + } + + /* + * Everything is OK... + */ + + return (0); +} + + +/* * 'cupsdReadConfiguration()' - Read the cupsd.conf file. */ @@ -658,20 +763,28 @@ * writable by the user and group in the cupsd.conf file... */ - if (check_permissions(CacheDir, NULL, 0775, RunUser, Group, 1, 1) < 0 || - check_permissions(StateDir, NULL, 0755, RunUser, Group, 1, 1) < 0 || - check_permissions(StateDir, "certs", RunUser ? 0711 : 0511, User, - SystemGroupIDs[0], 1, 1) < 0 || - check_permissions(ServerRoot, NULL, 0755, RunUser, Group, 1, 0) < 0 || - check_permissions(ServerRoot, "ppd", 0755, RunUser, Group, 1, 1) < 0 || - check_permissions(ServerRoot, "ssl", 0700, RunUser, Group, 1, 0) < 0 || - check_permissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser, - Group, 0, 0) < 0 || - check_permissions(ServerRoot, "classes.conf", 0600, RunUser, Group, - 0, 0) < 0 || - check_permissions(ServerRoot, "printers.conf", 0600, RunUser, Group, - 0, 0) < 0 || - check_permissions(ServerRoot, "passwd.md5", 0600, User, Group, 0, 0) < 0) + if (cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser, + Group, 1, 1) < 0 || + cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser, + Group, 1, 1) < 0 || + cupsdCheckPermissions(StateDir, NULL, 0755, RunUser, + Group, 1, 1) < 0 || + cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User, + SystemGroupIDs[0], 1, 1) < 0 || + cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser, + Group, 1, 0) < 0 || + cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser, + Group, 1, 1) < 0 || + cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser, + Group, 1, 0) < 0 || + cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser, + Group, 0, 0) < 0 || + cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser, + Group, 0, 0) < 0 || + cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser, + Group, 0, 0) < 0 || + cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User, + Group, 0, 0) < 0) return (0); /* @@ -710,13 +823,9 @@ } /* - * Make sure the request and temporary directories have the right - * permissions... + * Make sure the temporary directory has the right permissions... */ - if (check_permissions(RequestRoot, NULL, 0710, RunUser, Group, 1, 1) < 0) - return (0); - if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) || access(TempDir, 0)) { @@ -725,7 +834,7 @@ * is under the spool directory or does not exist... */ - if (check_permissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0) + if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0) return (0); } @@ -1133,114 +1242,6 @@ /* - * 'check_permissions()' - Fix the mode and ownership of a file or directory. - */ - -static int /* O - 0 on success, -1 on error, 1 on warning */ -check_permissions(const char *filename, /* I - File/directory name */ - const char *suffix, /* I - Additional file/directory name */ - int mode, /* I - Permissions */ - int user, /* I - Owner */ - int group, /* I - Group */ - int is_dir, /* I - 1 = directory, 0 = file */ - int create_dir)/* I - 1 = create directory, 0 = not */ -{ - int dir_created = 0; /* Did we create a directory? */ - char pathname[1024]; /* File name with prefix */ - struct stat fileinfo; /* Stat buffer */ - - - /* - * Prepend the given root to the filename before testing it... - */ - - if (suffix) - { - snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix); - filename = pathname; - } - - /* - * See if we can stat the file/directory... - */ - - if (stat(filename, &fileinfo)) - { - if (errno == ENOENT && create_dir) - { - cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"", - filename); - - if (mkdir(filename, mode)) - { - cupsdLogMessage(CUPSD_LOG_ERROR, - "Unable to create directory \"%s\" - %s", filename, - strerror(errno)); - return (-1); - } - - dir_created = 1; - } - else - return (create_dir ? -1 : 1); - } - - /* - * Make sure it's a regular file... - */ - - if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode)) - { - cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file!", filename); - return (-1); - } - - if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode)) - { - cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory!", filename); - return (-1); - } - - /* - * Fix owner, group, and mode as needed... - */ - - if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group) - { - cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"", filename); - - if (chown(filename, user, group) && !getuid()) - { - cupsdLogMessage(CUPSD_LOG_ERROR, - "Unable to change ownership of \"%s\" - %s", filename, - strerror(errno)); - return (1); - } - } - - if (dir_created || (fileinfo.st_mode & 07777) != mode) - { - cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"", - filename); - - if (chmod(filename, mode)) - { - cupsdLogMessage(CUPSD_LOG_ERROR, - "Unable to change permissions of \"%s\" - %s", filename, - strerror(errno)); - return (1); - } - } - - /* - * Everything is OK... - */ - - return (0); -} - - -/* * 'get_address()' - Get an address + port number from a line. */ Index: conf.h =================================================================== --- conf.h (revision 6481) +++ conf.h (working copy) @@ -218,8 +218,11 @@ * Prototypes... */ +extern int cupsdCheckPermissions(const char *filename, + const char *suffix, int mode, + int user, int group, int is_dir, + int create_dir); extern char *cupsdGetDateTime(time_t t); -extern int cupsdReadConfiguration(void); #ifdef HAVE_GSSAPI extern int cupsdLogGSSMessage(int level, int major_status, int minor_status, @@ -232,6 +235,7 @@ ; extern int cupsdLogPage(cupsd_job_t *job, const char *page); extern int cupsdLogRequest(cupsd_client_t *con, http_status_t code); +extern int cupsdReadConfiguration(void); /* Index: log.c =================================================================== --- log.c (revision 6481) +++ log.c (working copy) @@ -3,7 +3,7 @@ * * Log file routines for the Common UNIX Printing System (CUPS). * - * Copyright 1997-2006 by Easy Software Products, all rights reserved. + * Copyright 1997-2007 by Easy Software Products, all rights reserved. * * These coded instructions, statements, and computer programs are the * property of Easy Software Products and are protected by Federal @@ -546,10 +546,23 @@ if ((*lf = cupsFileOpen(filename, "a")) == NULL) { - syslog(LOG_ERR, "Unable to open log file \"%s\" - %s", filename, - strerror(errno)); + /* + * If the file is in CUPS_LOGDIR then try to create a missing directory... + */ - return (0); + if (!strncmp(filename, CUPS_LOGDIR, strlen(CUPS_LOGDIR))) + { + cupsdCheckPermissions(CUPS_LOGDIR, NULL, 0755, RunUser, Group, 1, 1); + + *lf = cupsFileOpen(filename, "a"); + } + + if (*lf == NULL) + { + syslog(LOG_ERR, "Unable to open log file \"%s\" - %s", filename, + strerror(errno)); + return (0); + } } if (strncmp(filename, "/dev/", 5))