Index: systemv/cupstestppd.c =================================================================== --- systemv/cupstestppd.c (revision 8833) +++ systemv/cupstestppd.c (working copy) @@ -101,6 +101,17 @@ /* + * File permissions... + */ + +#define MODE_WRITE 0002 /* Other write */ +#define MODE_MASK 0555 /* Owner/group/other read+exec/search */ +#define MODE_DATAFILE 0444 /* Owner/group/other read */ +#define MODE_DIRECTORY 0555 /* Owner/group/other read+search */ +#define MODE_PROGRAM 0555 /* Owner/group/other read+exec */ + + +/* * Standard Adobe media keywords (must remain sorted)... */ @@ -357,7 +368,7 @@ root = argv[i]; break; - case 'W' : /* Turn errors into warnings */ + case 'W' : /* Turn errors into warnings */ i ++; if (i >= argc) @@ -1387,18 +1398,18 @@ { check_basics(argv[i]); + if (warn & WARN_DEFAULTS) + errors = check_defaults(ppd, errors, verbose, 1); + if (warn & WARN_CONSTRAINTS) errors = check_constraints(ppd, errors, verbose, 1); - if (warn & WARN_DEFAULTS) - errors = check_defaults(ppd, errors, verbose, 1); + if (warn & WARN_FILTERS) + errors = check_filters(ppd, root, errors, verbose, 1); if (warn & WARN_PROFILES) errors = check_profiles(ppd, root, errors, verbose, 1); - if (warn & WARN_FILTERS) - errors = check_filters(ppd, root, errors, verbose, 1); - if (warn & WARN_SIZES) errors = check_sizes(ppd, errors, verbose, 1); else @@ -2411,6 +2422,7 @@ pathprog[1024]; /* Complete path to program/filter */ int cost; /* Cost of filter */ const char *prefix; /* WARN/FAIL prefix */ + struct stat fileinfo; /* File information */ prefix = warn ? " WARN " : "**FAIL**"; @@ -2452,18 +2464,32 @@ program); } - if (access(pathprog, X_OK)) + if (stat(pathprog, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); if (verbose >= 0) _cupsLangPrintf(stdout, _(" %s Missing cupsFilter " - "file \"%s\"\n"), prefix, program); + "file \"%s\"\n"), prefix, pathprog); if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_PROGRAM) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on cupsFilter " + "file \"%s\"\n"), prefix, pathprog); + + if (!warn) + errors ++; + } else errors = valid_path("cupsFilter", pathprog, errors, verbose, warn); } @@ -2523,18 +2549,33 @@ program); } - if (access(pathprog, X_OK)) + if (stat(pathprog, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); if (verbose >= 0) _cupsLangPrintf(stdout, _(" %s Missing cupsPreFilter " - "file \"%s\"\n"), prefix, program); + "file \"%s\"\n"), prefix, pathprog); if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_PROGRAM) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on " + "cupsPreFilter file \"%s\"\n"), prefix, + pathprog); + + if (!warn) + errors ++; + } else errors = valid_path("cupsPreFilter", pathprog, errors, verbose, warn); } @@ -2562,8 +2603,11 @@ if (!warn) errors ++; } + + snprintf(pathprog, sizeof(pathprog), "%s%s", root, + attr->value ? attr->value : "(null)"); - if (!attr->value || access(attr->value, 0)) + if (!attr->value || stat(pathprog, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); @@ -2571,13 +2615,28 @@ if (verbose >= 0) _cupsLangPrintf(stdout, _(" %s Missing " "APDialogExtension file \"%s\"\n"), - prefix, attr->value ? attr->value : ""); + prefix, pathprog); if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_DIRECTORY) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on " + "APDialogExtension file \"%s\"\n"), prefix, + pathprog); + + if (!warn) + errors ++; + } else - errors = valid_path("APDialogExtension", attr->value, errors, verbose, + errors = valid_path("APDialogExtension", pathprog, errors, verbose, warn); } @@ -2601,7 +2660,10 @@ errors ++; } - if (!attr->value || access(attr->value, 0)) + snprintf(pathprog, sizeof(pathprog), "%s%s", root, + attr->value ? attr->value : "(null)"); + + if (!attr->value || stat(pathprog, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); @@ -2609,13 +2671,28 @@ if (verbose >= 0) _cupsLangPrintf(stdout, _(" %s Missing " "APPrinterIconPath file \"%s\"\n"), - prefix, attr->value ? attr->value : ""); + prefix, pathprog); if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_DATAFILE) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on " + "APPrinterIconPath file \"%s\"\n"), prefix, + pathprog); + + if (!warn) + errors ++; + } else - errors = valid_path("APPrinterIconPath", attr->value, errors, verbose, + errors = valid_path("APPrinterIconPath", pathprog, errors, verbose, warn); } @@ -2639,7 +2716,10 @@ errors ++; } - if (!attr->value || access(attr->value, 0)) + snprintf(pathprog, sizeof(pathprog), "%s%s", root, + attr->value ? attr->value : "(null)"); + + if (!attr->value || stat(pathprog, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); @@ -2647,13 +2727,28 @@ if (verbose >= 0) _cupsLangPrintf(stdout, _(" %s Missing " "APPrinterLowInkTool file \"%s\"\n"), - prefix, attr->value ? attr->value : ""); + prefix, pathprog); if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_DIRECTORY) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on " + "APPrinterLowInkTool file \"%s\"\n"), prefix, + pathprog); + + if (!warn) + errors ++; + } else - errors = valid_path("APPrinterLowInkTool", attr->value, errors, verbose, + errors = valid_path("APPrinterLowInkTool", pathprog, errors, verbose, warn); } @@ -2677,7 +2772,10 @@ errors ++; } - if (!attr->value || access(attr->value, 0)) + snprintf(pathprog, sizeof(pathprog), "%s%s", root, + attr->value ? attr->value : "(null)"); + + if (!attr->value || stat(pathprog, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); @@ -2685,13 +2783,28 @@ if (verbose >= 0) _cupsLangPrintf(stdout, _(" %s Missing " "APPrinterUtilityPath file \"%s\"\n"), - prefix, attr->value ? attr->value : ""); + prefix, pathprog); if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_DIRECTORY) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on " + "APPrinterUtilityPath file \"%s\"\n"), prefix, + pathprog); + + if (!warn) + errors ++; + } else - errors = valid_path("APPrinterUtilityPath", attr->value, errors, verbose, + errors = valid_path("APPrinterUtilityPath", pathprog, errors, verbose, warn); } @@ -2715,7 +2828,7 @@ errors ++; } - if (!attr->value || access(attr->value, 0)) + if (!attr->value || stat(attr->value, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); @@ -2728,6 +2841,21 @@ if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_DIRECTORY) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on " + "APScanAppPath file \"%s\"\n"), prefix, + attr->value); + + if (!warn) + errors ++; + } else errors = valid_path("APScanAppPath", attr->value, errors, verbose, warn); @@ -2768,6 +2896,7 @@ const char *ptr; /* Pointer into string */ const char *prefix; /* WARN/FAIL prefix */ char filename[1024]; /* Profile filename */ + struct stat fileinfo; /* File information */ int num_profiles = 0; /* Number of profiles */ unsigned hash, /* Current hash value */ hashes[1000]; /* Hash values of profile names */ @@ -2822,18 +2951,33 @@ attr->value); } - if (access(filename, 0)) + if (stat(filename, &fileinfo)) { if (!warn && !errors && !verbose) _cupsLangPuts(stdout, _(" FAIL\n")); if (verbose >= 0) _cupsLangPrintf(stdout, _(" %s Missing cupsICCProfile " - "file \"%s\"!\n"), prefix, attr->value); + "file \"%s\"!\n"), prefix, filename); if (!warn) errors ++; } + else if (fileinfo.st_uid != 0 || + (fileinfo.st_mode & MODE_WRITE) || + (fileinfo.st_mode & MODE_MASK) != MODE_DATAFILE) + { + if (!warn && !errors && !verbose) + _cupsLangPuts(stdout, _(" FAIL\n")); + + if (verbose >= 0) + _cupsLangPrintf(stdout, _(" %s Bad permissions on " + "cupsICCProfile file \"%s\"\n"), prefix, + filename); + + if (!warn) + errors ++; + } else errors = valid_path("cupsICCProfile", filename, errors, verbose, warn);