summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/cups
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/cups')
-rw-r--r--meta/recipes-extended/cups/cups/cups-CVE-2011-2896.patch140
-rw-r--r--meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch54
-rw-r--r--meta/recipes-extended/cups/cups/cups-CVE-2012-5519.patch2965
3 files changed, 0 insertions, 3159 deletions
diff --git a/meta/recipes-extended/cups/cups/cups-CVE-2011-2896.patch b/meta/recipes-extended/cups/cups/cups-CVE-2011-2896.patch
deleted file mode 100644
index 7c6f75bd6c..0000000000
--- a/meta/recipes-extended/cups/cups/cups-CVE-2011-2896.patch
+++ /dev/null
@@ -1,140 +0,0 @@
1cups - CVE-2011-2896
2
3the patch come from:
4http://cups.org/strfiles/3867/str3867.patch
5
6The LZW decompressor in the LWZReadByte function in giftoppm.c
7in the David Koblas GIF decoder in PBMPLUS, as used in the
8gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7,
9the LZWReadByte function in plug-ins/common/file-gif-load.c
10in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c
11in XPCE in SWI-Prolog 5.10.4 and earlier, and other products,
12does not properly handle code words that are absent from the
13decompression table when encountered, which allows remote attackers to
14trigger an infinite loop or a heap-based buffer overflow, and possibly
15execute arbitrary code, via a crafted compressed stream, a related
16issue to CVE-2006-1168 and CVE-2011-2895.
17http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896
18
19Integrated-by: Li Wang <li.wang@windriver.com>
20---
21 filter/image-gif.c | 46 ++++++++++++++++++++--------------------------
22 1 files changed, 20 insertions(+), 26 deletions(-)
23
24diff --git a/filter/image-gif.c b/filter/image-gif.c
25index 3857c21..fa9691e 100644
26--- a/filter/image-gif.c
27+++ b/filter/image-gif.c
28@@ -353,7 +353,7 @@ gif_get_code(FILE *fp, /* I - File to read from */
29 * Read in another buffer...
30 */
31
32- if ((count = gif_get_block (fp, buf + last_byte)) <= 0)
33+ if ((count = gif_get_block(fp, buf + last_byte)) <= 0)
34 {
35 /*
36 * Whoops, no more data!
37@@ -582,19 +582,13 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
38 gif_get_code(fp, 0, 1);
39
40 /*
41- * Wipe the decompressor table...
42+ * Wipe the decompressor table (already mostly 0 due to the calloc above...)
43 */
44
45 fresh = 1;
46
47- for (i = 0; i < clear_code; i ++)
48- {
49- table[0][i] = 0;
50+ for (i = 1; i < clear_code; i ++)
51 table[1][i] = i;
52- }
53-
54- for (; i < 4096; i ++)
55- table[0][i] = table[1][0] = 0;
56
57 sp = stack;
58
59@@ -605,29 +599,30 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
60 fresh = 0;
61
62 do
63+ {
64 firstcode = oldcode = gif_get_code(fp, code_size, 0);
65+ }
66 while (firstcode == clear_code);
67
68- return (firstcode);
69+ return (firstcode & 255);
70 }
71 else if (!table)
72 return (0);
73
74 if (sp > stack)
75- return (*--sp);
76+ return ((*--sp) & 255);
77
78- while ((code = gif_get_code (fp, code_size, 0)) >= 0)
79+ while ((code = gif_get_code(fp, code_size, 0)) >= 0)
80 {
81 if (code == clear_code)
82 {
83- for (i = 0; i < clear_code; i ++)
84- {
85- table[0][i] = 0;
86- table[1][i] = i;
87- }
88+ /*
89+ * Clear/reset the compression table...
90+ */
91
92- for (; i < 4096; i ++)
93- table[0][i] = table[1][i] = 0;
94+ memset(table, 0, 2 * sizeof(gif_table_t));
95+ for (i = 1; i < clear_code; i ++)
96+ table[1][i] = i;
97
98 code_size = set_code_size + 1;
99 max_code_size = 2 * clear_code;
100@@ -637,12 +632,11 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
101
102 firstcode = oldcode = gif_get_code(fp, code_size, 0);
103
104- return (firstcode);
105+ return (firstcode & 255);
106 }
107- else if (code == end_code)
108+ else if (code == end_code || code > max_code)
109 {
110- unsigned char buf[260];
111-
112+ unsigned char buf[260]; /* Block buffer */
113
114 if (!gif_eof)
115 while (gif_get_block(fp, buf) > 0);
116@@ -652,7 +646,7 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
117
118 incode = code;
119
120- if (code >= max_code)
121+ if (code == max_code)
122 {
123 if (sp < (stack + 8192))
124 *sp++ = firstcode;
125@@ -690,10 +684,10 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
126 oldcode = incode;
127
128 if (sp > stack)
129- return (*--sp);
130+ return ((*--sp) & 255);
131 }
132
133- return (code);
134+ return (code & 255);
135 }
136
137
138--
1391.7.0.5
140
diff --git a/meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch b/meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch
deleted file mode 100644
index fd1b95847c..0000000000
--- a/meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch
+++ /dev/null
@@ -1,54 +0,0 @@
1cups CVE-2011-3170
2
3the patch come from:
4http://cups.org/strfiles/3914/str3914.patch
5
6The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
7earlier does not properly handle the first code word in an LZW stream,
8which allows remote attackers to trigger a heap-based buffer overflow,
9and possibly execute arbitrary code, via a crafted stream, a different
10vulnerability than CVE-2011-2896.
11http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
12
13Integrated-by: Li Wang <li.wang@windriver.com>
14---
15 filter/image-gif.c | 14 +++++++++-----
16 1 files changed, 9 insertions(+), 5 deletions(-)
17
18diff --git a/filter/image-gif.c b/filter/image-gif.c
19index 9542704..3857c21 100644
20--- a/filter/image-gif.c
21+++ b/filter/image-gif.c
22@@ -654,11 +654,13 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
23
24 if (code >= max_code)
25 {
26- *sp++ = firstcode;
27- code = oldcode;
28+ if (sp < (stack + 8192))
29+ *sp++ = firstcode;
30+
31+ code = oldcode;
32 }
33
34- while (code >= clear_code)
35+ while (code >= clear_code && sp < (stack + 8192))
36 {
37 *sp++ = table[1][code];
38 if (code == table[0][code])
39@@ -667,8 +669,10 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
40 code = table[0][code];
41 }
42
43- *sp++ = firstcode = table[1][code];
44- code = max_code;
45+ if (sp < (stack + 8192))
46+ *sp++ = firstcode = table[1][code];
47+
48+ code = max_code;
49
50 if (code < 4096)
51 {
52--
531.7.0.5
54
diff --git a/meta/recipes-extended/cups/cups/cups-CVE-2012-5519.patch b/meta/recipes-extended/cups/cups/cups-CVE-2012-5519.patch
deleted file mode 100644
index 6b2887a5c9..0000000000
--- a/meta/recipes-extended/cups/cups/cups-CVE-2012-5519.patch
+++ /dev/null
@@ -1,2965 +0,0 @@
1#! /bin/sh /usr/share/dpatch/dpatch-run
2## DP: Description: Move file, directory, user, and group configuration to a
3## DP: separate file. Also warn about directives that have moved and set
4## DP: default cups-files.conf.
5## DP:
6## DP: Author: Michael Sweet <msweet@apple.com>
7## DP: Origin: http://svn.cups.org/public/cups/branches/branch-1.6@10710
8## DP: Origin: http://svn.cups.org/public/cups/branches/branch-1.6@10713
9## DP:
10## DP: Author: Marc Deslauriers <marc.deslauriers@canonical.com>
11## DP: Author: Tim Waugh <twaugh@redhat.com>
12## DP:
13## DP: Bug-Upstream: https://www.cups.org/str.php?L4223
14## DP: Bug-Debian: http://bugs.debian.org/692791
15## DP: Bug-CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
16
17@DPATCH@
18diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/conf/Makefile cups/conf/Makefile
19--- cups~/conf/Makefile 2012-12-08 00:29:09.000000000 +0100
20+++ cups/conf/Makefile 2012-12-08 00:29:10.000000000 +0100
21@@ -19,7 +19,7 @@
22 # Config files...
23 #
24
25-KEEP = cupsd.conf snmp.conf
26+KEEP = cups-files.conf cupsd.conf snmp.conf
27 REPLACE = mime.convs mime.types
28
29
30diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/conf/cups-files.conf.in cups/conf/cups-files.conf.in
31--- cups~/conf/cups-files.conf.in 1970-01-01 01:00:00.000000000 +0100
32+++ cups/conf/cups-files.conf.in 2012-12-08 00:29:10.000000000 +0100
33@@ -0,0 +1,98 @@
34+#
35+# "$Id$"
36+#
37+# Sample file/directory/user/group configuration file for the CUPS scheduler.
38+# See "man cups-files.conf" for a complete description of this file.
39+#
40+
41+# List of events that are considered fatal errors for the scheduler...
42+#FatalErrors @CUPS_FATAL_ERRORS@
43+
44+# Default user and group for filters/backends/helper programs; this cannot be
45+# any user or group that resolves to ID 0 for security reasons...
46+#User @CUPS_USER@
47+#Group @CUPS_GROUP@
48+
49+# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
50+SystemGroup @CUPS_SYSTEM_GROUPS@
51+@CUPS_SYSTEM_AUTHKEY@
52+
53+# User that is substituted for unauthenticated (remote) root accesses...
54+#RemoteRoot remroot
55+
56+# Do we allow file: device URIs other than to /dev/null?
57+#FileDevice No
58+
59+# Permissions for configuration and log files...
60+#ConfigFilePerm @CUPS_CONFIG_FILE_PERM@
61+#LogFilePerm @CUPS_LOG_FILE_PERM@
62+
63+# Location of the file logging all access to the scheduler; may be the name
64+# "syslog". If not an absolute path, the value of ServerRoot is used as the
65+# root directory. Also see the "AccessLogLevel" directive in cupsd.conf.
66+AccessLog @CUPS_LOGDIR@/access_log
67+
68+# Location of cache files used by the scheduler...
69+#CacheDir @CUPS_CACHEDIR@
70+
71+# Location of data files used by the scheduler...
72+#DataDir @CUPS_DATADIR@
73+
74+# Location of the static web content served by the scheduler...
75+#DocumentRoot @CUPS_DOCROOT@
76+
77+# Location of the file logging all messages produced by the scheduler and any
78+# helper programs; may be the name "syslog". If not an absolute path, the value
79+# of ServerRoot is used as the root directory. Also see the "LogLevel"
80+# directive in cupsd.conf.
81+ErrorLog @CUPS_LOGDIR@/error_log
82+
83+# Location of fonts used by older print filters...
84+#FontPath @CUPS_FONTPATH@
85+
86+# Location of LPD configuration
87+#LPDConfigFile @CUPS_DEFAULT_LPD_CONFIG_FILE@
88+
89+# Location of the file logging all pages printed by the scheduler and any
90+# helper programs; may be the name "syslog". If not an absolute path, the value
91+# of ServerRoot is used as the root directory. Also see the "PageLogFormat"
92+# directive in cupsd.conf.
93+PageLog @CUPS_LOGDIR@/page_log
94+
95+# Location of the file listing all of the local printers...
96+#Printcap @CUPS_DEFAULT_PRINTCAP@
97+
98+# Format of the Printcap file...
99+#PrintcapFormat bsd
100+#PrintcapFormat plist
101+#PrintcapFormat solaris
102+
103+# Location of all spool files...
104+#RequestRoot @CUPS_REQUESTS@
105+
106+# Location of helper programs...
107+#ServerBin @CUPS_SERVERBIN@
108+
109+# SSL/TLS certificate for the scheduler...
110+#ServerCertificate @CUPS_SERVERCERT@
111+
112+# SSL/TLS private key for the scheduler...
113+#ServerKey @CUPS_SERVERKEY@
114+
115+# Location of other configuration files...
116+#ServerRoot @CUPS_SERVERROOT@
117+
118+# Location of Samba configuration file...
119+#SMBConfigFile @CUPS_DEFAULT_SMB_CONFIG_FILE@
120+
121+# Location of scheduler state files...
122+#StateDir @CUPS_STATEDIR@
123+
124+# Location of scheduler/helper temporary files. This directory is emptied on
125+# scheduler startup and cannot be one of the standard (public) temporary
126+# directory locations for security reasons...
127+#TempDir @CUPS_REQUESTS@/tmp
128+
129+#
130+# End of "$Id$".
131+#
132diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/conf/cupsd.conf.in cups/conf/cupsd.conf.in
133--- cups~/conf/cupsd.conf.in 2012-12-08 00:29:09.000000000 +0100
134+++ cups/conf/cupsd.conf.in 2012-12-08 00:29:10.000000000 +0100
135@@ -13,10 +13,6 @@
136 # LogLevel debug2 gets usable now
137 MaxLogSize 0
138
139-# Administrator user group...
140-SystemGroup @CUPS_SYSTEM_GROUPS@
141-@CUPS_SYSTEM_AUTHKEY@
142-
143 # Only listen for connections from the local machine.
144 Listen localhost:@DEFAULT_IPP_PORT@
145 @CUPS_LISTEN_DOMAINSOCKET@
146diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/config-scripts/cups-defaults.m4 cups/config-scripts/cups-defaults.m4
147--- cups~/config-scripts/cups-defaults.m4 2012-12-07 13:00:47.000000000 +0100
148+++ cups/config-scripts/cups-defaults.m4 2012-12-08 00:29:10.000000000 +0100
149@@ -353,6 +353,7 @@
150 fi
151
152 AC_DEFINE_UNQUOTED(CUPS_DEFAULT_LPD_CONFIG_FILE, "$CUPS_DEFAULT_LPD_CONFIG_FILE")
153+AC_SUBST(CUPS_DEFAULT_LPD_CONFIG_FILE)
154
155 dnl Default SMB config file...
156 AC_ARG_WITH(smbconfigfile, [ --with-smbconfigfile set default SMBConfigFile URI],
157@@ -374,6 +375,7 @@
158 fi
159
160 AC_DEFINE_UNQUOTED(CUPS_DEFAULT_SMB_CONFIG_FILE, "$CUPS_DEFAULT_SMB_CONFIG_FILE")
161+AC_SUBST(CUPS_DEFAULT_SMB_CONFIG_FILE)
162
163 dnl Default MaxCopies value...
164 AC_ARG_WITH(max-copies, [ --with-max-copies set default max copies value, default=9999 ],
165diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/config-scripts/cups-ssl.m4 cups/config-scripts/cups-ssl.m4
166--- cups~/config-scripts/cups-ssl.m4 2012-12-07 13:00:47.000000000 +0100
167+++ cups/config-scripts/cups-ssl.m4 2012-12-08 00:29:10.000000000 +0100
168@@ -27,6 +27,8 @@
169 SSLFLAGS=""
170 SSLLIBS=""
171 have_ssl=0
172+CUPS_SERVERCERT=""
173+CUPS_SERVERKEY=""
174
175 if test x$enable_ssl != xno; then
176 dnl Look for CDSA...
177@@ -36,6 +38,7 @@
178 have_ssl=1
179 AC_DEFINE(HAVE_SSL)
180 AC_DEFINE(HAVE_CDSASSL)
181+ CUPS_SERVERCERT="/Library/Keychains/System.keychain"
182
183 dnl Check for the various security headers...
184 AC_CHECK_HEADER(Security/SecPolicy.h,
185@@ -85,6 +88,9 @@
186 fi
187
188 if test $have_ssl = 1; then
189+ CUPS_SERVERCERT="ssl/server.crt"
190+ CUPS_SERVERKEY="ssl/server.key"
191+
192 if $PKGCONFIG --exists gcrypt; then
193 SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
194 SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
195@@ -122,6 +128,9 @@
196 $libcrypto)
197
198 if test "x${SSLLIBS}" != "x"; then
199+ CUPS_SERVERCERT="ssl/server.crt"
200+ CUPS_SERVERKEY="ssl/server.key"
201+
202 break
203 fi
204 done
205@@ -135,6 +144,8 @@
206 AC_MSG_RESULT([ Using SSLFLAGS="$SSLFLAGS"])
207 fi
208
209+AC_SUBST(CUPS_SERVERCERT)
210+AC_SUBST(CUPS_SERVERKEY)
211 AC_SUBST(SSLFLAGS)
212 AC_SUBST(SSLLIBS)
213
214diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/configure.in cups/configure.in
215--- cups~/configure.in 2012-12-07 13:00:47.000000000 +0100
216+++ cups/configure.in 2012-12-08 00:29:10.000000000 +0100
217@@ -63,14 +63,14 @@
218 AC_SUBST(UNINSTALL_LANGUAGES)
219
220 AC_OUTPUT(Makedefs packaging/cups.list init/cups.sh init/cups-lpd cups-config
221- conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf
222+ conf/cups-files.conf conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf
223 data/testprint
224 desktop/cups.desktop
225 doc/index.html doc/help/ref-cupsd-conf.html doc/help/standard.html
226 init/org.cups.cups-lpd.plist init/cups.xml
227 man/client.conf.man man/cups-deviced.man man/cups-driverd.man
228 man/cups-lpd.man man/cupsaddsmb.man man/cupsd.man
229- man/cupsd.conf.man man/lpoptions.man
230+ man/cups-files.conf.man man/cupsd.conf.man man/lpoptions.man
231 templates/header.tmpl
232 $LANGFILES)
233
234diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/doc/help/ref-cups-files-conf.html.in cups/doc/help/ref-cups-files-conf.html.in
235--- cups~/doc/help/ref-cups-files-conf.html.in 1970-01-01 01:00:00.000000000 +0100
236+++ cups/doc/help/ref-cups-files-conf.html.in 2012-12-08 00:29:10.000000000 +0100
237@@ -0,0 +1,531 @@
238+<HTML>
239+<!-- SECTION: References -->
240+<HEAD>
241+ <TITLE>cups-files.conf</TITLE>
242+ <LINK REL="STYLESHEET" TYPE="text/css" HREF="../cups-printable.css">
243+</HEAD>
244+<BODY>
245+
246+<H1 CLASS="title">cups-files.conf</H1>
247+
248+<P>The <VAR>/etc/cups/cups-files.conf</VAR> file contains configuration <I>directives</I> that control the files, directories. users. and groups that are used by the CUPS scheduler, <CODE>cupsd(8)</CODE>. Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.</P>
249+
250+<H2 CLASS="title"><A NAME="AccessLog">AccessLog</A></H2>
251+
252+<H3>Examples</H3>
253+
254+<PRE CLASS="command">
255+AccessLog /var/log/cups/access_log
256+AccessLog /var/log/cups/access_log-%s
257+AccessLog syslog
258+</PRE>
259+
260+<H3>Description</H3>
261+
262+<P>The <CODE>AccessLog</CODE> directive sets the name of the
263+access log file. If the filename is not absolute then it is
264+assumed to be relative to the <A
265+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
266+access log file is stored in "common log format" and can be used
267+by any web access reporting tool to generate a report on CUPS
268+server activity.</P>
269+
270+<P>The server name can be included in the filename by using
271+<CODE>%s</CODE> in the name.</P>
272+
273+<P>The special name "syslog" can be used to send the access
274+information to the system log instead of a plain file.</P>
275+
276+<P>The default access log file is
277+<VAR>@CUPS_LOGDIR@/access_log</VAR>.</P>
278+
279+
280+<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.15</SPAN><A NAME="ConfigFilePerm">ConfigFilePerm</A></H2>
281+
282+<H3>Examples</H3>
283+
284+<PRE CLASS="command">
285+ConfigFilePerm 0644
286+ConfigFilePerm 0640
287+</PRE>
288+
289+<H3>Description</H3>
290+
291+<P>The <CODE>ConfigFilePerm</CODE> directive specifies the permissions to use when the scheduler writes configuration and cache files, typically in response to IPP or HTTP requests. The default is @CUPS_CONFIG_FILE_PERM@.</P>
292+
293+<BLOCKQUOTE><B>Note:</B>
294+
295+<P>The permissions for the <VAR>printers.conf</VAR> file are always masked to only allow access from the scheduler user (typically root). This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system. There is no way to disable this security feature.</P>
296+
297+</BLOCKQUOTE>
298+
299+
300+<H2 CLASS="title"><A NAME="DataDir">DataDir</A></H2>
301+
302+<H3>Examples</H3>
303+
304+<PRE CLASS="command">
305+DataDir /usr/share/cups
306+</PRE>
307+
308+<H3>Description</H3>
309+
310+<P>The <CODE>DataDir</CODE> directive sets the directory to use
311+for data files.</P>
312+
313+
314+<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2/OS X 10.5</SPAN><A NAME="DefaultAuthType">DefaultAuthType</A></H2>
315+
316+<H3>Examples</H3>
317+
318+<PRE CLASS="command">
319+DefaultAuthType Basic
320+DefaultAuthType BasicDigest
321+DefaultAuthType Digest
322+DefaultAuthType Negotiate
323+</PRE>
324+
325+<H3>Description</H3>
326+
327+<P>The <CODE>DefaultAuthType</CODE> directive specifies the type
328+of authentication to use for IPP operations that require a
329+username. The default is <CODE>Basic</CODE>.</P>
330+
331+
332+<H2 CLASS="title"><A NAME="DocumentRoot">DocumentRoot</A></H2>
333+
334+<H3>Examples</H3>
335+
336+<PRE CLASS="command">
337+DocumentRoot /usr/share/doc/cups
338+DocumentRoot /foo/bar/doc/cups
339+</PRE>
340+
341+<H3>Description</H3>
342+
343+<P>The <CODE>DocumentRoot</CODE> directive specifies the location
344+of web content for the HTTP server in CUPS. If an absolute path
345+is not specified then it is assumed to be relative to the <A
346+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
347+default directory is <VAR>@CUPS_DOCROOT@</VAR>.</P>
348+
349+<P>Documents are first looked up in a sub-directory for the
350+primary language requested by the client (e.g.
351+<VAR>@CUPS_DOCROOT@/fr/...</VAR>) and then directly under
352+the <CODE>DocumentRoot</CODE> directory (e.g.
353+<VAR>@CUPS_DOCROOT@/...</VAR>), so it is possible to
354+localize the web content by providing subdirectories for each
355+language needed.</P>
356+
357+
358+<H2 CLASS="title"><A NAME="ErrorLog">ErrorLog</A></H2>
359+
360+<H3>Examples</H3>
361+
362+<PRE CLASS="command">
363+ErrorLog /var/log/cups/error_log
364+ErrorLog /var/log/cups/error_log-%s
365+ErrorLog syslog
366+</PRE>
367+
368+<H3>Description</H3>
369+
370+<P>The <CODE>ErrorLog</CODE> directive sets the name of the error
371+log file. If the filename is not absolute then it is assumed to
372+be relative to the <A
373+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
374+default error log file is <VAR>@CUPS_LOGDIR@/error_log</VAR>.</P>
375+
376+<P>The server name can be included in the filename by using
377+<CODE>%s</CODE> in the name.</P>
378+
379+<P>The special name "syslog" can be used to send the error
380+information to the system log instead of a plain file.</P>
381+
382+
383+<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.4/OS X 10.6</SPAN><A NAME="FatalErrors">FatalErrors</A></H2>
384+
385+<H3>Examples</H3>
386+
387+<PRE CLASS="command">
388+FatalErrors none
389+FatalErrors all
390+FatalErrors browse
391+FatalErrors config
392+FatalErrors listen
393+FatalErrors log
394+FatalErrors permissions
395+FatalErrors all -permissions
396+FatalErrors config permissions log
397+</PRE>
398+
399+<H3>Description</H3>
400+
401+<P>The <CODE>FatalErrors</CODE> directive determines whether certain kinds of
402+errors are fatal. The following kinds of errors are currently recognized:</P>
403+
404+<UL>
405+
406+ <LI><CODE>none</CODE> - No errors are fatal</LI>
407+
408+ <LI><CODE>all</CODE> - All of the errors below are fatal</LI>
409+
410+ <LI><CODE>browse</CODE> - Browsing initialization errors are fatal,
411+ for example failed binding to the CUPS browse port or failed connections
412+ to LDAP servers</LI>
413+
414+ <LI><CODE>config</CODE> - Configuration file syntax errors are
415+ fatal</LI>
416+
417+ <LI><CODE>listen</CODE> - Listen or Port errors are fatal, except for
418+ IPv6 failures on the loopback or "any" addresses</LI>
419+
420+ <LI><CODE>log</CODE> - Log file creation or write errors are fatal</LI>
421+
422+ <LI><CODE>permissions</CODE> - Bad startup file permissions are
423+ fatal, for example shared SSL certificate and key files with world-
424+ read permissions</LI>
425+
426+</UL>
427+
428+<P>Multiple errors can be listed, and the form "-kind" can be used with
429+<CODE>all</CODE> to remove specific kinds of errors. The default setting is
430+<CODE>@CUPS_FATAL_ERRORS@</CODE>.</P>
431+
432+
433+<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.18</SPAN><A NAME="FileDevice">FileDevice</A></H2>
434+
435+<H3>Examples</H3>
436+
437+<PRE CLASS="command">
438+FileDevice Yes
439+FileDevice No
440+</PRE>
441+
442+<H3>Description</H3>
443+
444+<P>The <CODE>FileDevice</CODE> directive determines whether the
445+scheduler allows new printers to be added using device URIs of
446+the form <CODE>file:/filename</CODE>. File devices are most often
447+used to test new printer drivers and do not support raw file
448+printing.</P>
449+
450+<P>The default setting is <CODE>No</CODE>.</P>
451+
452+<BLOCKQUOTE><B>Note:</B>
453+
454+<P>File devices are managed by the scheduler. Since the
455+scheduler normally runs as the root user, file devices
456+can be used to overwrite system files and potentially
457+gain unauthorized access to the system. If you must
458+create printers using file devices, we recommend that
459+you set the <CODE>FileDevice</CODE> directive to
460+<CODE>Yes</CODE> for only as long as you need to add the
461+printers to the system, and then reset the directive to
462+<CODE>No</CODE>.</P>
463+
464+</BLOCKQUOTE>
465+
466+
467+<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="FontPath">FontPath</A></H2>
468+
469+<H3>Examples</H3>
470+
471+<PRE CLASS="command">
472+FontPath /foo/bar/fonts
473+FontPath /usr/share/cups/fonts:/foo/bar/fonts
474+</PRE>
475+
476+<H3>Description</H3>
477+
478+<P>The <CODE>FontPath</CODE> directive specifies the font path to
479+use when searching for fonts. The default font path is
480+<CODE>/usr/share/cups/fonts</CODE>.</P>
481+
482+
483+<H2 CLASS="title"><A NAME="Group">Group</A></H2>
484+
485+<H3>Examples</H3>
486+
487+<PRE CLASS="command">
488+Group lp
489+Group nobody
490+</PRE>
491+
492+<H3>Description</H3>
493+
494+<P>The <CODE>Group</CODE> directive specifies the UNIX group that
495+filter and CGI programs run as. The default group is
496+system-specific but is usually <CODE>lp</CODE> or
497+<CODE>nobody</CODE>.</P>
498+
499+
500+<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.15</SPAN><A NAME="LogFilePerm">LogFilePerm</A></H2>
501+
502+<H3>Examples</H3>
503+
504+<PRE CLASS="command">
505+LogFilePerm 0644
506+LogFilePerm 0600
507+</PRE>
508+
509+<H3>Description</H3>
510+
511+<P>The <CODE>LogFilePerm</CODE> directive specifies the
512+permissions to use when writing log files. The default
513+is @CUPS_LOG_FILE_PERM@.</P>
514+
515+
516+<H2 CLASS="title"><A NAME="PageLog">PageLog</A></H2>
517+
518+<H3>Examples</H3>
519+
520+<PRE CLASS="command">
521+PageLog /var/log/cups/page_log
522+PageLog /var/log/cups/page_log-%s
523+PageLog syslog
524+</PRE>
525+
526+<H3>Description</H3>
527+
528+<P>The <CODE>PageLog</CODE> directive sets the name of the page
529+log file. If the filename is not absolute then it is assumed to
530+be relative to the <A
531+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
532+default page log file is <VAR>@CUPS_LOGDIR@/page_log</VAR>.</P>
533+
534+<P>The server name can be included in the filename by using
535+<CODE>%s</CODE> in the name.</P>
536+
537+<P>The special name "syslog" can be used to send the page
538+information to the system log instead of a plain file.</P>
539+
540+
541+<H2 CLASS="title"><A NAME="Printcap">Printcap</A></H2>
542+
543+<H3>Examples</H3>
544+
545+<PRE CLASS="command">
546+Printcap
547+Printcap /etc/printcap
548+Printcap /etc/printers.conf
549+Printcap /Library/Preferences/org.cups.printers.plist
550+</PRE>
551+
552+<H3>Description</H3>
553+
554+<P>The <CODE>Printcap</CODE> directive controls whether or not a
555+printcap file is automatically generated and updated with a list
556+of available printers. If specified with no value, then no
557+printcap file will be generated. The default is to generate a
558+file named <VAR>@CUPS_DEFAULT_PRINTCAP@</VAR>.</P>
559+
560+<P>When a filename is specified (e.g. <VAR>@CUPS_DEFAULT_PRINTCAP@</VAR>),
561+the printcap file is written whenever a printer is added or
562+removed. The printcap file can then be used by applications that
563+are hardcoded to look at the printcap file for the available
564+printers.</P>
565+
566+
567+<H2 CLASS="title"><A NAME="PrintcapFormat">PrintcapFormat</A></H2>
568+
569+<H3>Examples</H3>
570+
571+<PRE CLASS="command">
572+PrintcapFormat BSD
573+PrintcapFormat Solaris
574+PrintcapFormat plist
575+</PRE>
576+
577+<H3>Description</H3>
578+
579+<P>The <CODE>PrintcapFormat</CODE> directive controls the output format of the
580+printcap file. The default is to generate the plist format on OS X, the
581+Solaris format on Solaris, and the BSD format on other operating systems.</P>
582+
583+
584+<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="RemoteRoot">RemoteRoot</A></H2>
585+
586+<H3>Examples</H3>
587+
588+<PRE CLASS="command">
589+RemoteRoot remroot
590+RemoteRoot root
591+</PRE>
592+
593+<H3>Description</H3>
594+
595+<P>The <CODE>RemoteRoot</CODE> directive sets the username for
596+unauthenticated root requests from remote hosts. The default
597+username is <VAR>remroot</VAR>. Setting <CODE>RemoteRoot</CODE>
598+to <VAR>root</VAR> effectively disables this security
599+mechanism.</P>
600+
601+
602+<H2 CLASS="title"><A NAME="RequestRoot">RequestRoot</A></H2>
603+
604+<H3>Examples</H3>
605+
606+<PRE CLASS="command">
607+RequestRoot /var/spool/cups
608+RequestRoot /foo/bar/spool/cups
609+</PRE>
610+
611+<H3>Description</H3>
612+
613+<P>The <CODE>RequestRoot</CODE> directive sets the directory for
614+incoming IPP requests and HTML forms. If an absolute path is not
615+provided then it is assumed to be relative to the <A
616+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
617+default request directory is <VAR>@CUPS_REQUESTS@</VAR>.</P>
618+
619+
620+<H2 CLASS="title"><A NAME="ServerBin">ServerBin</A></H2>
621+
622+<H3>Examples</H3>
623+
624+<PRE CLASS="command">
625+ServerBin /usr/lib/cups
626+ServerBin /foo/bar/lib/cups
627+</PRE>
628+
629+<H3>Description</H3>
630+
631+<P>The <CODE>ServerBin</CODE> directive sets the directory for
632+server-run executables. If an absolute path is not provided then
633+it is assumed to be relative to the <A
634+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
635+default executable directory is <VAR>/usr/lib/cups</VAR>,
636+<VAR>/usr/lib32/cups</VAR>, or <VAR>/usr/libexec/cups</VAR>
637+depending on the operating system.</P>
638+
639+
640+<H2 CLASS="title"><A NAME="ServerCertificate">ServerCertificate</A></H2>
641+
642+<H3>Examples</H3>
643+
644+<PRE CLASS="command">
645+ServerCertificate /etc/cups/ssl/server.crt
646+</PRE>
647+
648+<H3>Description</H3>
649+
650+<P>The <CODE>ServerCertificate</CODE> directive specifies the
651+location of the SSL certificate file used by the server when
652+negotiating encrypted connections. The certificate must not be
653+encrypted (password protected) since the scheduler normally runs
654+in the background and will be unable to ask for a password.</P>
655+
656+<P>The default certificate file is
657+<VAR>/etc/cups/ssl/server.crt</VAR>.</P>
658+
659+
660+<H2 CLASS="title"><A NAME="ServerKey">ServerKey</A></H2>
661+
662+<H3>Examples</H3>
663+
664+<PRE CLASS="command">
665+ServerKey /etc/cups/ssl/server.key
666+</PRE>
667+
668+<H3>Description</H3>
669+
670+<P>The <CODE>ServerKey</CODE> directive specifies the location of
671+the SSL private key file used by the server when negotiating
672+encrypted connections.</P>
673+
674+<P>The default key file is
675+<VAR>/etc/cups/ssl/server.crt</VAR>.</P>
676+
677+
678+<H2 CLASS="title"><A NAME="ServerRoot">ServerRoot</A></H2>
679+
680+<H3>Examples</H3>
681+
682+<PRE CLASS="command">
683+ServerRoot /etc/cups
684+ServerRoot /foo/bar/cups
685+</PRE>
686+
687+<H3>Description</H3>
688+
689+<P>The <CODE>ServerRoot</CODE> directive specifies the absolute
690+path to the server configuration and state files. It is also used
691+to resolve relative paths in the <VAR>cupsd.conf</VAR> file. The
692+default server directory is <VAR>/etc/cups</VAR>.</P>
693+
694+
695+<H2 CLASS="title"><A NAME="SystemGroup">SystemGroup</A></H2>
696+
697+<H3>Examples</H3>
698+
699+<PRE CLASS="command">
700+SystemGroup lpadmin
701+SystemGroup sys
702+SystemGroup system
703+SystemGroup root
704+SystemGroup root lpadmin
705+</PRE>
706+
707+<H3>Description</H3>
708+
709+<P>The <CODE>SystemGroup</CODE> directive specifies the system
710+administration group for <CODE>System</CODE> authentication.
711+Multiple groups can be listed, separated with spaces. The default
712+group list is <CODE>@CUPS_SYSTEM_GROUPS@</CODE>.</P>
713+
714+
715+<H2 CLASS="title"><A NAME="TempDir">TempDir</A></H2>
716+
717+<H3>Examples</H3>
718+
719+<PRE CLASS="command">
720+TempDir /var/tmp
721+TempDir /foo/bar/tmp
722+</PRE>
723+
724+<H3>Description</H3>
725+
726+<P>The <CODE>TempDir</CODE> directive specifies an absolute path
727+for the directory to use for temporary files. The default
728+directory is <VAR>@CUPS_REQUESTS@/tmp</VAR>.</P>
729+
730+<P>Temporary directories must be world-writable and should have
731+the "sticky" permission bit enabled so that other users cannot
732+delete filter temporary files. The following commands will create
733+an appropriate temporary directory called
734+<VAR>/foo/bar/tmp</VAR>:</P>
735+
736+<PRE CLASS="command">
737+<KBD>mkdir /foo/bar/tmp</KBD>
738+<KBD>chmod a+rwxt /foo/bar/tmp</KBD>
739+</PRE>
740+
741+
742+<H2 CLASS="title"><A NAME="User">User</A></H2>
743+
744+<H3>Examples</H3>
745+
746+<PRE CLASS="command">
747+User lp
748+User guest
749+</PRE>
750+
751+<H3>Description</H3>
752+
753+<P>The <CODE>User</CODE> directive specifies the UNIX user that
754+filter and CGI programs run as. The default user is
755+<CODE>@CUPS_USER@</CODE>.</P>
756+
757+<BLOCKQUOTE><B>Note:</B>
758+
759+<P>You may not use user <CODE>root</CODE>, as that would expose
760+the system to unacceptable security risks. The scheduler will
761+automatically choose user <CODE>nobody</CODE> if you specify a
762+user whose ID is 0.</P>
763+
764+</BLOCKQUOTE>
765+
766+
767+</BODY>
768+</HTML>
769diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/doc/help/ref-cupsd-conf.html.in cups/doc/help/ref-cupsd-conf.html.in
770--- cups~/doc/help/ref-cupsd-conf.html.in 2012-12-07 13:00:48.000000000 +0100
771+++ cups/doc/help/ref-cupsd-conf.html.in 2012-12-08 00:29:10.000000000 +0100
772@@ -191,82 +191,6 @@
773 HREF="#Limit"><CODE>Limit</CODE></A> section.</P>
774
775
776-<H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthClass">AuthClass</A></H2>
777-
778-<H3>Examples</H3>
779-
780-<PRE CLASS="command">
781-&lt;Location /path&gt;
782- ...
783- AuthClass Anonymous
784- AuthClass User
785- AuthClass System
786- AuthClass Group
787-&lt;/Location&gt;
788-</PRE>
789-
790-<H3>Description</H3>
791-
792-<P>The <CODE>AuthClass</CODE> directive defines what level of
793-authentication is required:</P>
794-
795-<UL>
796-
797- <LI><CODE>Anonymous</CODE> - No authentication should be
798- performed (default)</LI>
799-
800- <LI><CODE>User</CODE> - A valid username and password is
801- required</LI>
802-
803- <LI><CODE>System</CODE> - A valid username and password
804- is required, and the username must belong to the "sys"
805- group; this can be changed using the <A
806- HREF="#SystemGroup"><CODE>SystemGroup</CODE></A>
807- directive</LI>
808-
809- <LI><CODE>Group</CODE> - A valid username and password is
810- required, and the username must belong to the group named
811- by the <A
812- HREF="#AuthGroupName"><CODE>AuthGroupName</CODE></A>
813- directive</LI>
814-
815-</UL>
816-
817-<P>The <CODE>AuthClass</CODE> directive must appear inside a <A
818-HREF="#Location"><CODE>Location</CODE></A> or <A
819-HREF="#Limit"><CODE>Limit</CODE></A> section.</P>
820-
821-<P><B>This directive is deprecated and will be removed from a
822-future release of CUPS.</B> Consider using the more flexible <A
823-HREF="#Require"><CODE>Require</CODE></A> directive instead.</P>
824-
825-
826-<H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthGroupName">AuthGroupName</A></H2>
827-
828-<H3>Examples</H3>
829-
830-<PRE CLASS="command">
831-&lt;Location /path&gt;
832- ...
833- AuthGroupName mygroup
834- AuthGroupName lp
835-&lt;/Location&gt;
836-</PRE>
837-
838-<H3>Description</H3>
839-
840-<P>The <CODE>AuthGroupName</CODE> directive sets the group to use
841-for <CODE>Group</CODE> authentication.</P>
842-
843-<P>The <CODE>AuthGroupName</CODE> directive must appear inside a
844-<A HREF="#Location"><CODE>Location</CODE></A> or <A
845-HREF="#Limit"><CODE>Limit</CODE></A> section.</P>
846-
847-<P><B>This directive is deprecated and will be removed from a
848-future release of CUPS.</B> Consider using the more flexible <A
849-HREF="#Require"><CODE>Require</CODE></A> directive instead.</P>
850-
851-
852 <H2 CLASS="title"><A NAME="AuthType">AuthType</A></H2>
853
854 <H3>Examples</H3>
855@@ -2494,65 +2418,6 @@
856 files as soon as each job is completed, canceled, or aborted.</P>
857
858
859-<H2 CLASS="title"><A NAME="Printcap">Printcap</A></H2>
860-
861-<H3>Examples</H3>
862-
863-<PRE CLASS="command">
864-Printcap
865-Printcap /etc/printcap
866-Printcap /etc/printers.conf
867-Printcap /Library/Preferences/org.cups.printers.plist
868-</PRE>
869-
870-<H3>Description</H3>
871-
872-<P>The <CODE>Printcap</CODE> directive controls whether or not a
873-printcap file is automatically generated and updated with a list
874-of available printers. If specified with no value, then no
875-printcap file will be generated. The default is to generate a
876-file named <VAR>@CUPS_DEFAUL_PRINTCAP@</VAR>.</P>
877-
878-<P>When a filename is specified (e.g. <VAR>@CUPS_DEFAULT_PRINTCAP@</VAR>),
879-the printcap file is written whenever a printer is added or
880-removed. The printcap file can then be used by applications that
881-are hardcoded to look at the printcap file for the available
882-printers.</P>
883-
884-
885-<H2 CLASS="title"><A NAME="PrintcapFormat">PrintcapFormat</A></H2>
886-
887-<H3>Examples</H3>
888-
889-<PRE CLASS="command">
890-PrintcapFormat BSD
891-PrintcapFormat Solaris
892-PrintcapFormat plist
893-</PRE>
894-
895-<H3>Description</H3>
896-
897-<P>The <CODE>PrintcapFormat</CODE> directive controls the output format of the
898-printcap file. The default is to generate the plist format on Mac OS X, the
899-Solaris format on Solaris, and the BSD format on other operating systems.</P>
900-
901-
902-<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.13</SPAN><A NAME="PrintcapGUI">PrintcapGUI</A></H2>
903-
904-<H3>Examples</H3>
905-
906-<PRE CLASS="command">
907-PrintGUI /usr/bin/glpoptions
908-</PRE>
909-
910-<H3>Description</H3>
911-
912-<P>The <CODE>PrintcapGUI</CODE> directive sets the program to
913-associate with the IRIX printer GUI interface script which is
914-used by IRIX applications to display printer-specific options.
915-There is no default program.</P>
916-
917-
918 <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.21</SPAN><A NAME="ReloadTimeout">ReloadTimeout</A></H2>
919
920 <H3>Examples</H3>
921@@ -2569,42 +2434,6 @@
922 before doing a restart. The default is 30 seconds.</P>
923
924
925-<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="RemoteRoot">RemoteRoot</A></H2>
926-
927-<H3>Examples</H3>
928-
929-<PRE CLASS="command">
930-RemoteRoot remroot
931-RemoteRoot root
932-</PRE>
933-
934-<H3>Description</H3>
935-
936-<P>The <CODE>RemoteRoot</CODE> directive sets the username for
937-unauthenticated root requests from remote hosts. The default
938-username is <VAR>remroot</VAR>. Setting <CODE>RemoteRoot</CODE>
939-to <VAR>root</VAR> effectively disables this security
940-mechanism.</P>
941-
942-
943-<H2 CLASS="title"><A NAME="RequestRoot">RequestRoot</A></H2>
944-
945-<H3>Examples</H3>
946-
947-<PRE CLASS="command">
948-RequestRoot /var/spool/cups
949-RequestRoot /foo/bar/spool/cups
950-</PRE>
951-
952-<H3>Description</H3>
953-
954-<P>The <CODE>RequestRoot</CODE> directive sets the directory for
955-incoming IPP requests and HTML forms. If an absolute path is not
956-provided then it is assumed to be relative to the <A
957-HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
958-default request directory is <VAR>@CUPS_REQUESTS@</VAR>.</P>
959-
960-
961 <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Require">Require</A></H2>
962
963 <H3>Examples</H3>
964@@ -2759,64 +2588,6 @@
965 </BLOCKQUOTE>
966
967
968-<H2 CLASS="title"><A NAME="ServerBin">ServerBin</A></H2>
969-
970-<H3>Examples</H3>
971-
972-<PRE CLASS="command">
973-ServerBin /usr/lib/cups
974-ServerBin /foo/bar/lib/cups
975-</PRE>
976-
977-<H3>Description</H3>
978-
979-<P>The <CODE>ServerBin</CODE> directive sets the directory for
980-server-run executables. If an absolute path is not provided then
981-it is assumed to be relative to the <A
982-HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
983-default executable directory is <VAR>/usr/lib/cups</VAR>,
984-<VAR>/usr/lib32/cups</VAR>, or <VAR>/usr/libexec/cups</VAR>
985-depending on the operating system.</P>
986-
987-
988-<H2 CLASS="title"><A NAME="ServerCertificate">ServerCertificate</A></H2>
989-
990-<H3>Examples</H3>
991-
992-<PRE CLASS="command">
993-ServerCertificate /etc/cups/ssl/server.crt
994-</PRE>
995-
996-<H3>Description</H3>
997-
998-<P>The <CODE>ServerCertificate</CODE> directive specifies the
999-location of the SSL certificate file used by the server when
1000-negotiating encrypted connections. The certificate must not be
1001-encrypted (password protected) since the scheduler normally runs
1002-in the background and will be unable to ask for a password.</P>
1003-
1004-<P>The default certificate file is
1005-<VAR>/etc/cups/ssl/server.crt</VAR>.</P>
1006-
1007-
1008-<H2 CLASS="title"><A NAME="ServerKey">ServerKey</A></H2>
1009-
1010-<H3>Examples</H3>
1011-
1012-<PRE CLASS="command">
1013-ServerKey /etc/cups/ssl/server.key
1014-</PRE>
1015-
1016-<H3>Description</H3>
1017-
1018-<P>The <CODE>ServerKey</CODE> directive specifies the location of
1019-the SSL private key file used by the server when negotiating
1020-encrypted connections.</P>
1021-
1022-<P>The default key file is
1023-<VAR>/etc/cups/ssl/server.crt</VAR>.</P>
1024-
1025-
1026 <H2 CLASS="title"><A NAME="ServerName">ServerName</A></H2>
1027
1028 <H3>Examples</H3>
1029@@ -2833,23 +2604,6 @@
1030 hostname.</P>
1031
1032
1033-<H2 CLASS="title"><A NAME="ServerRoot">ServerRoot</A></H2>
1034-
1035-<H3>Examples</H3>
1036-
1037-<PRE CLASS="command">
1038-ServerRoot /etc/cups
1039-ServerRoot /foo/bar/cups
1040-</PRE>
1041-
1042-<H3>Description</H3>
1043-
1044-<P>The <CODE>ServerRoot</CODE> directive specifies the absolute
1045-path to the server configuration and state files. It is also used
1046-to resolve relative paths in the <VAR>cupsd.conf</VAR> file. The
1047-default server directory is <VAR>/etc/cups</VAR>.</P>
1048-
1049-
1050 <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.21</SPAN><A NAME="ServerTokens">ServerTokens</A></H2>
1051
1052 <H3>Examples</H3>
1053@@ -2985,53 +2739,6 @@
1054 can be specified to listen on multiple ports.</P>
1055
1056
1057-<H2 CLASS="title"><A NAME="SystemGroup">SystemGroup</A></H2>
1058-
1059-<H3>Examples</H3>
1060-
1061-<PRE CLASS="command">
1062-SystemGroup lpadmin
1063-SystemGroup sys
1064-SystemGroup system
1065-SystemGroup root
1066-SystemGroup root lpadmin
1067-</PRE>
1068-
1069-<H3>Description</H3>
1070-
1071-<P>The <CODE>SystemGroup</CODE> directive specifies the system
1072-administration group for <CODE>System</CODE> authentication.
1073-Multiple groups can be listed, separated with spaces. The default
1074-group list is <CODE>@CUPS_SYSTEM_GROUPS@</CODE>.</P>
1075-
1076-
1077-<H2 CLASS="title"><A NAME="TempDir">TempDir</A></H2>
1078-
1079-<H3>Examples</H3>
1080-
1081-<PRE CLASS="command">
1082-TempDir /var/tmp
1083-TempDir /foo/bar/tmp
1084-</PRE>
1085-
1086-<H3>Description</H3>
1087-
1088-<P>The <CODE>TempDir</CODE> directive specifies an absolute path
1089-for the directory to use for temporary files. The default
1090-directory is <VAR>@CUPS_REQUESTS@/tmp</VAR>.</P>
1091-
1092-<P>Temporary directories must be world-writable and should have
1093-the "sticky" permission bit enabled so that other users cannot
1094-delete filter temporary files. The following commands will create
1095-an appropriate temporary directory called
1096-<VAR>/foo/bar/tmp</VAR>:</P>
1097-
1098-<PRE CLASS="command">
1099-<KBD>mkdir /foo/bar/tmp</KBD>
1100-<KBD>chmod a+rwxt /foo/bar/tmp</KBD>
1101-</PRE>
1102-
1103-
1104 <H2 CLASS="title"><A NAME="Timeout">Timeout</A></H2>
1105
1106 <H3>Examples</H3>
1107@@ -3048,52 +2755,5 @@
1108 default timeout is 300 seconds.</P>
1109
1110
1111-<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2/Mac OS X 10.5</SPAN><A NAME="UseNetworkDefault">UseNetworkDefault</A></H2>
1112-
1113-<H3>Examples</H3>
1114-
1115-<PRE CLASS="command">
1116-UseNetworkDefault yes
1117-UseNetworkDefault no
1118-</PRE>
1119-
1120-<H3>Description</H3>
1121-
1122-<P>The <CODE>UseNetworkDefault</CODE> directive controls whether
1123-the client will use a network/remote printer as a default
1124-printer. If enabled, the default printer of a server is used as
1125-the default printer on a client. When multiple servers are
1126-advertising a default printer, the client's default printer is
1127-set to the first discovered printer, or to the implicit class for
1128-the same printer available from multiple servers.</P>
1129-
1130-<P>The default is <CODE>@CUPS_USE_NETWORK_DEFAULT@</CODE>.</P>
1131-
1132-
1133-<H2 CLASS="title"><A NAME="User">User</A></H2>
1134-
1135-<H3>Examples</H3>
1136-
1137-<PRE CLASS="command">
1138-User lp
1139-User guest
1140-</PRE>
1141-
1142-<H3>Description</H3>
1143-
1144-<P>The <CODE>User</CODE> directive specifies the UNIX user that
1145-filter and CGI programs run as. The default user is
1146-<CODE>@CUPS_USER@</CODE>.</P>
1147-
1148-<BLOCKQUOTE><B>Note:</B>
1149-
1150-<P>You may not use user <CODE>root</CODE>, as that would expose
1151-the system to unacceptable security risks. The scheduler will
1152-automatically choose user <CODE>nobody</CODE> if you specify a
1153-user whose ID is 0.</P>
1154-
1155-</BLOCKQUOTE>
1156-
1157-
1158 </BODY>
1159 </HTML>
1160diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_da.po cups/locale/cups_da.po
1161--- cups~/locale/cups_da.po 2012-12-07 13:00:48.000000000 +0100
1162+++ cups/locale/cups_da.po 2012-12-08 01:01:31.675672771 +0100
1163@@ -2881,10 +2881,10 @@
1164 #, c-format
1165 msgid ""
1166 "File device URIs have been disabled! To enable, see the FileDevice directive "
1167-"in \"%s/cupsd.conf\"."
1168+"in \"%s/cups-files.conf\"."
1169 msgstr ""
1170 "Arkivets enheds-URI'er er blevet slået fra! Du slår det til ved at se i "
1171-"FileDevice-direktivet i \"%s/cupsd.conf\"."
1172+"FileDevice-direktivet i \"%s/cups-files.conf\"."
1173
1174 msgid "Folio"
1175 msgstr "8,5 x 13\""
1176diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_de.po cups/locale/cups_de.po
1177--- cups~/locale/cups_de.po 2012-12-07 13:00:48.000000000 +0100
1178+++ cups/locale/cups_de.po 2012-12-08 00:56:57.515682472 +0100
1179@@ -2909,10 +2909,10 @@
1180 #, c-format
1181 msgid ""
1182 "File device URIs have been disabled! To enable, see the FileDevice directive "
1183-"in \"%s/cupsd.conf\"."
1184+"in \"%s/cups-files.conf\"."
1185 msgstr ""
1186 "Dateigeräte-URIs wurden deaktiviert! Infos zum Aktivieren finden Sie im "
1187-"FileDevice-Verzeichnis unter „%s/cupsd.conf“."
1188+"FileDevice-Verzeichnis unter „%s/cups-files.conf“."
1189
1190 msgid "Folio"
1191 msgstr "Folio"
1192diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_es.po cups/locale/cups_es.po
1193--- cups~/locale/cups_es.po 2012-12-07 13:00:48.000000000 +0100
1194+++ cups/locale/cups_es.po 2012-12-08 00:57:31.903681255 +0100
1195@@ -2941,10 +2941,10 @@
1196 #, c-format
1197 msgid ""
1198 "File device URIs have been disabled! To enable, see the FileDevice directive "
1199-"in \"%s/cupsd.conf\"."
1200+"in \"%s/cups-files.conf\"."
1201 msgstr ""
1202 "Los URIs del dispositivo de archivo han sido deshabilitados. Para "
1203-"habilitarlos, vea la directiva FileDevice en \"%s/cupsd.conf\"."
1204+"habilitarlos, vea la directiva FileDevice en \"%s/cups-files.conf\"."
1205
1206 msgid "Folio"
1207 msgstr "Folio"
1208diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_eu.po cups/locale/cups_eu.po
1209--- cups~/locale/cups_eu.po 2012-12-07 13:00:48.000000000 +0100
1210+++ cups/locale/cups_eu.po 2012-12-08 00:58:35.175679014 +0100
1211@@ -3793,10 +3793,10 @@
1212 #, c-format
1213 msgid ""
1214 "File device URIs have been disabled! To enable, see the FileDevice directive "
1215-"in \"%s/cupsd.conf\"."
1216+"in \"%s/cups-files.conf\"."
1217 msgstr ""
1218 "Fitxategiaren gailuaren URIak desgaitu egin dira. Gaitzeko, ikus FileDevice "
1219-"direktiba \"%s/cupsd.conf\" fitxategian."
1220+"direktiba \"%s/cups-files.conf\" fitxategian."
1221
1222 #: ppdc/sample.c:92
1223 msgid "Folio"
1224diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_fi.po cups/locale/cups_fi.po
1225--- cups~/locale/cups_fi.po 2012-12-07 13:00:48.000000000 +0100
1226+++ cups/locale/cups_fi.po 2012-12-08 01:02:01.039671731 +0100
1227@@ -2886,10 +2886,10 @@
1228 #, c-format
1229 msgid ""
1230 "File device URIs have been disabled! To enable, see the FileDevice directive "
1231-"in \"%s/cupsd.conf\"."
1232+"in \"%s/cups-files.conf\"."
1233 msgstr ""
1234 "Tiedostolaitteiden osoitteet on poistettu käytöstä! Voit ottaa ne käyttöön ”%"
1235-"s/cupsd.conf”-tiedoston FileDevice-säännöllä."
1236+"s/cups-files.conf”-tiedoston FileDevice-säännöllä."
1237
1238 msgid "Folio"
1239 msgstr "Folio"
1240diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_fr.po cups/locale/cups_fr.po
1241--- cups~/locale/cups_fr.po 2012-12-07 13:00:48.000000000 +0100
1242+++ cups/locale/cups_fr.po 2012-12-08 01:03:03.287669533 +0100
1243@@ -2925,10 +2925,10 @@
1244 #, c-format
1245 msgid ""
1246 "File device URIs have been disabled! To enable, see the FileDevice directive "
1247-"in \"%s/cupsd.conf\"."
1248+"in \"%s/cups-files.conf\"."
1249 msgstr ""
1250 "Les URI des périphériques de fichier ont été désactivés. Pour l’activer, "
1251-"reportez-vous à la directive FileDevice dans « %s/cupsd.conf »."
1252+"reportez-vous à la directive FileDevice dans « %s/cups-files.conf »."
1253
1254 msgid "Folio"
1255 msgstr "Folio"
1256diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_id.po cups/locale/cups_id.po
1257--- cups~/locale/cups_id.po 2012-12-07 13:00:48.000000000 +0100
1258+++ cups/locale/cups_id.po 2012-12-08 01:03:26.919668695 +0100
1259@@ -3712,10 +3712,10 @@
1260 #, c-format
1261 msgid ""
1262 "File device URIs have been disabled! To enable, see the FileDevice directive "
1263-"in \"%s/cupsd.conf\"."
1264+"in \"%s/cups-files.conf\"."
1265 msgstr ""
1266 "Berkas URI perangkat telah dinonaktifkan! Untuk mengaktifkannya, lihatlah "
1267-"petunjuk FileDevice dalam \"%s/cupsd.conf\"."
1268+"petunjuk FileDevice dalam \"%s/cups-files.conf\"."
1269
1270 #: ppdc/sample.c:92
1271 msgid "Folio"
1272diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_it.po cups/locale/cups_it.po
1273--- cups~/locale/cups_it.po 2012-12-07 13:00:48.000000000 +0100
1274+++ cups/locale/cups_it.po 2012-12-08 01:04:46.011665881 +0100
1275@@ -2819,8 +2819,8 @@
1276 msgstr "Cartella documento: 9/16 x 3 7/16\""
1277
1278 #, c-format
1279-msgid "File device URIs have been disabled! To enable, see the FileDevice directive in \"%s/cupsd.conf\"."
1280-msgstr "Gli URI del dispositivo documento sono stati disabilitati! Per abilitarli, consulta l'istruzione del FileDevice in \"%s/cupsd.conf\"."
1281+msgid "File device URIs have been disabled! To enable, see the FileDevice directive in \"%s/cups-files.conf\"."
1282+msgstr "Gli URI del dispositivo documento sono stati disabilitati! Per abilitarli, consulta l'istruzione del FileDevice in \"%s/cups-files.conf\"."
1283
1284 msgid "Folio"
1285 msgstr "Foglio"
1286diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_ja.po cups/locale/cups_ja.po
1287--- cups~/locale/cups_ja.po 2012-12-07 13:00:48.000000000 +0100
1288+++ cups/locale/cups_ja.po 2012-12-08 01:05:34.883664166 +0100
1289@@ -2867,8 +2867,8 @@
1290 msgstr "ファイルフォルダー - 9/16 x 3 7/16\""
1291
1292 #, c-format
1293-msgid "File device URIs have been disabled! To enable, see the FileDevice directive in \"%s/cupsd.conf\"."
1294-msgstr "ファイルデバイス URI は無効になっています! 有効にするには、\"%s/cupsd.conf\" の FileDevice ディレクティブを参照してください。"
1295+msgid "File device URIs have been disabled! To enable, see the FileDevice directive in \"%s/cups-files.conf\"."
1296+msgstr "ファイルデバイス URI は無効になっています! 有効にするには、\"%s/cups-files.conf\" の FileDevice ディレクティブを参照してください。"
1297
1298 msgid "Folio"
1299 msgstr "フォリオ"
1300diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_ko.po cups/locale/cups_ko.po
1301--- cups~/locale/cups_ko.po 2012-12-07 13:00:48.000000000 +0100
1302+++ cups/locale/cups_ko.po 2012-12-08 01:06:35.647662090 +0100
1303@@ -2866,9 +2866,9 @@
1304 #, c-format
1305 msgid ""
1306 "File device URIs have been disabled! To enable, see the FileDevice directive "
1307-"in \"%s/cupsd.conf\"."
1308+"in \"%s/cups-files.conf\"."
1309 msgstr ""
1310-"파일 장비 URI가 비활성화되었습니다! 활성화하려면, \"%s/cupsd.conf\"에 있는 "
1311+"파일 장비 URI가 비활성화되었습니다! 활성화하려면, \"%s/cups-files.conf\"에 있는 "
1312 "FileDevice 지시문을 보십시오."
1313
1314 msgid "Folio"
1315diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_nl.po cups/locale/cups_nl.po
1316--- cups~/locale/cups_nl.po 2012-12-07 13:00:48.000000000 +0100
1317+++ cups/locale/cups_nl.po 2012-12-08 01:07:07.987660903 +0100
1318@@ -2910,10 +2910,10 @@
1319 #, c-format
1320 msgid ""
1321 "File device URIs have been disabled! To enable, see the FileDevice directive "
1322-"in \"%s/cupsd.conf\"."
1323+"in \"%s/cups-files.conf\"."
1324 msgstr ""
1325 "File device-URI&aops;s zijn uitgeschakeld! Raadpleeg als u de URI&aops;s "
1326-"weer wilt inschakelen de richtlijn voor FileDevice in \"%s/cupsd.conf\"."
1327+"weer wilt inschakelen de richtlijn voor FileDevice in \"%s/cups-files.conf\"."
1328
1329 msgid "Folio"
1330 msgstr "Folio"
1331diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_no.po cups/locale/cups_no.po
1332--- cups~/locale/cups_no.po 2012-12-07 13:00:48.000000000 +0100
1333+++ cups/locale/cups_no.po 2012-12-08 01:07:18.003660528 +0100
1334@@ -2871,10 +2871,10 @@
1335 #, c-format
1336 msgid ""
1337 "File device URIs have been disabled! To enable, see the FileDevice directive "
1338-"in \"%s/cupsd.conf\"."
1339+"in \"%s/cups-files.conf\"."
1340 msgstr ""
1341 "Enhets-URIer for filer er deaktivert! Hvis du vil aktivere funksjonen, leser "
1342-"du FileDevice-direktivet i «%s/cupsd.conf»."
1343+"du FileDevice-direktivet i «%s/cups-files.conf»."
1344
1345 msgid "Folio"
1346 msgstr "Folio"
1347diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_pl.po cups/locale/cups_pl.po
1348--- cups~/locale/cups_pl.po 2012-12-07 13:00:48.000000000 +0100
1349+++ cups/locale/cups_pl.po 2012-12-08 01:07:24.747660332 +0100
1350@@ -2895,10 +2895,10 @@
1351 #, c-format
1352 msgid ""
1353 "File device URIs have been disabled! To enable, see the FileDevice directive "
1354-"in \"%s/cupsd.conf\"."
1355+"in \"%s/cups-files.conf\"."
1356 msgstr ""
1357 "URI pliku urządzenia zostało wyłączone! Aby włączyć, zobacz dyrektywę "
1358-"FileDevice w \"%s/cupsd.conf\"."
1359+"FileDevice w \"%s/cups-files.conf\"."
1360
1361 msgid "Folio"
1362 msgstr "Folio"
1363diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_pt.po cups/locale/cups_pt.po
1364--- cups~/locale/cups_pt.po 2012-12-07 13:00:48.000000000 +0100
1365+++ cups/locale/cups_pt.po 2012-12-08 01:07:37.875659840 +0100
1366@@ -2897,10 +2897,10 @@
1367 #, c-format
1368 msgid ""
1369 "File device URIs have been disabled! To enable, see the FileDevice directive "
1370-"in \"%s/cupsd.conf\"."
1371+"in \"%s/cups-files.conf\"."
1372 msgstr ""
1373 "URIs do periférico do ficheiro foram desactivados! Para activar, consulte a "
1374-"directiva FileDevice em \"%s/cupsd.conf\"."
1375+"directiva FileDevice em \"%s/cups-files.conf\"."
1376
1377 msgid "Folio"
1378 msgstr "Fólio"
1379diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_pt_BR.po cups/locale/cups_pt_BR.po
1380--- cups~/locale/cups_pt_BR.po 2012-12-07 13:00:48.000000000 +0100
1381+++ cups/locale/cups_pt_BR.po 2012-12-08 01:07:31.707660026 +0100
1382@@ -2904,10 +2904,10 @@
1383 #, c-format
1384 msgid ""
1385 "File device URIs have been disabled! To enable, see the FileDevice directive "
1386-"in \"%s/cupsd.conf\"."
1387+"in \"%s/cups-files.conf\"."
1388 msgstr ""
1389 "URIs de dispositivo de arquivo foram desativados! Para ativá-los, consulte a "
1390-"diretiva FileDevice em \"%s/cupsd.conf\"."
1391+"diretiva FileDevice em \"%s/cups-files.conf\"."
1392
1393 msgid "Folio"
1394 msgstr "Fólio"
1395diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_ru.po cups/locale/cups_ru.po
1396--- cups~/locale/cups_ru.po 2012-12-07 13:00:48.000000000 +0100
1397+++ cups/locale/cups_ru.po 2012-12-08 01:07:51.439659296 +0100
1398@@ -2884,10 +2884,10 @@
1399 #, c-format
1400 msgid ""
1401 "File device URIs have been disabled! To enable, see the FileDevice directive "
1402-"in \"%s/cupsd.conf\"."
1403+"in \"%s/cups-files.conf\"."
1404 msgstr ""
1405 "URI-адреса файлового устройства отключены! Чтобы включить их, используйте "
1406-"директиву FileDevice в «%s/cupsd.conf»."
1407+"директиву FileDevice в «%s/cups-files.conf»."
1408
1409 msgid "Folio"
1410 msgstr "Фолио"
1411diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_sv.po cups/locale/cups_sv.po
1412--- cups~/locale/cups_sv.po 2012-12-07 13:00:48.000000000 +0100
1413+++ cups/locale/cups_sv.po 2012-12-08 01:07:58.247659102 +0100
1414@@ -2875,10 +2875,10 @@
1415 #, c-format
1416 msgid ""
1417 "File device URIs have been disabled! To enable, see the FileDevice directive "
1418-"in \"%s/cupsd.conf\"."
1419+"in \"%s/cups-files.conf\"."
1420 msgstr ""
1421 "Filenhets URI:er har blivit avaktiverade! För att aktivera, se direktivet "
1422-"FileDevice i \"%s/cupsd.conf\"."
1423+"FileDevice i \"%s/cups-files.conf\"."
1424
1425 msgid "Folio"
1426 msgstr "Folio"
1427diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_zh.po cups/locale/cups_zh.po
1428--- cups~/locale/cups_zh.po 2012-12-07 13:00:48.000000000 +0100
1429+++ cups/locale/cups_zh.po 2012-12-08 01:08:56.791657022 +0100
1430@@ -2844,9 +2844,9 @@
1431 #, c-format
1432 msgid ""
1433 "File device URIs have been disabled! To enable, see the FileDevice directive "
1434-"in \"%s/cupsd.conf\"."
1435+"in \"%s/cups-files.conf\"."
1436 msgstr ""
1437-"文件设备 URI 已被停用!要启用,请参阅“%s/cupsd.conf”中的 FileDevice 指令。"
1438+"文件设备 URI 已被停用!要启用,请参阅“%s/cups-files.conf”中的 FileDevice 指令。"
1439
1440 msgid "Folio"
1441 msgstr "对开本"
1442diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/locale/cups_zh_TW.po cups/locale/cups_zh_TW.po
1443--- cups~/locale/cups_zh_TW.po 2012-12-07 13:00:48.000000000 +0100
1444+++ cups/locale/cups_zh_TW.po 2012-12-08 01:09:07.407656652 +0100
1445@@ -2845,9 +2845,9 @@
1446 #, c-format
1447 msgid ""
1448 "File device URIs have been disabled! To enable, see the FileDevice directive "
1449-"in \"%s/cupsd.conf\"."
1450+"in \"%s/cups-files.conf\"."
1451 msgstr ""
1452-"已停用檔案設備 URI!若要啟用,請參閱“%s/cupsd.conf”中的 FileDevice 指示。"
1453+"已停用檔案設備 URI!若要啟用,請參閱“%s/cups-files.conf”中的 FileDevice 指示。"
1454
1455 msgid "Folio"
1456 msgstr "對開紙"
1457diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/man/Makefile cups/man/Makefile
1458--- cups~/man/Makefile 2012-12-08 00:29:09.000000000 +0100
1459+++ cups/man/Makefile 2012-12-08 00:29:10.000000000 +0100
1460@@ -39,6 +39,7 @@
1461 ppdpo.$(MAN1EXT)
1462 MAN5 = classes.conf.$(MAN5EXT) \
1463 client.conf.$(MAN5EXT) \
1464+ cups-files.conf.$(MAN5EXT) \
1465 cups-snmp.conf.$(MAN5EXT) \
1466 cupsd.conf.$(MAN5EXT) \
1467 mailto.conf.$(MAN5EXT) \
1468diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/man/cups-files.conf.man.in cups/man/cups-files.conf.man.in
1469--- cups~/man/cups-files.conf.man.in 1970-01-01 01:00:00.000000000 +0100
1470+++ cups/man/cups-files.conf.man.in 2012-12-08 00:29:10.000000000 +0100
1471@@ -0,0 +1,146 @@
1472+.\"
1473+.\" "$Id$"
1474+.\"
1475+.\" cupsd.conf man page for CUPS.
1476+.\"
1477+.\" Copyright 2007-2012 by Apple Inc.
1478+.\" Copyright 1997-2006 by Easy Software Products.
1479+.\"
1480+.\" These coded instructions, statements, and computer programs are the
1481+.\" property of Apple Inc. and are protected by Federal copyright
1482+.\" law. Distribution and use rights are outlined in the file "LICENSE.txt"
1483+.\" which should have been included with this file. If this file is
1484+.\" file is missing or damaged, see the license at "http://www.cups.org/".
1485+.\"
1486+.TH cups-files.conf 5 "CUPS" "19 November 2012" "Apple Inc."
1487+.SH NAME
1488+cups-files.conf \- file and directory configuration file for cups
1489+.SH DESCRIPTION
1490+The \fIcups-file.conf\fR file configures the files and directories used by the
1491+CUPS scheduler, \fIcupsd(8)\fR. It is normally located in the
1492+\fI@CUPS_SERVERROOT@\fR directory.
1493+.LP
1494+Each line in the file can be a configuration directive, a blank line,
1495+or a comment. Comment lines start with the # character.
1496+.SH DIRECTIVES
1497+The following directives are understood by \fIcupsd(8)\fR. Consult the
1498+on-line help for detailed descriptions:
1499+.TP 5
1500+AccessLog filename
1501+.TP 5
1502+AccessLog syslog
1503+.br
1504+Defines the access log filename.
1505+.TP 5
1506+ConfigFilePerm mode
1507+.br
1508+Specifies the permissions for all configuration files that the scheduler
1509+writes.
1510+.TP 5
1511+DataDir path
1512+.br
1513+Specified the directory where data files can be found.
1514+.TP 5
1515+DocumentRoot directory
1516+.br
1517+Specifies the root directory for the internal web server documents.
1518+.TP 5
1519+ErrorLog filename
1520+.TP 5
1521+ErrorLog syslog
1522+.br
1523+Specifies the error log filename.
1524+.TP 5
1525+FatalErrors none
1526+.TP 5
1527+FatalErrors all -kind [... -kind]
1528+.TP 5
1529+FatalErrors kind [... kind]
1530+.br
1531+Specifies which errors are fatal, causing the scheduler to exit. "Kind" is
1532+"browse", "config", "listen", "log", or "permissions".
1533+.TP 5
1534+FileDevice Yes
1535+.TP 5
1536+FileDevice No
1537+.br
1538+Specifies whether the file pseudo-device can be used for new
1539+printer queues.
1540+.TP 5
1541+FontPath directory[:directory:...]
1542+.br
1543+Specifies the search path for fonts.
1544+.TP 5
1545+Group group-name-or-number
1546+.br
1547+Specifies the group name or ID that will be used when executing
1548+external programs.
1549+.TP 5
1550+LogFilePerm mode
1551+.br
1552+Specifies the permissions for all log files that the scheduler writes.
1553+.TP 5
1554+PageLog filename
1555+.TP 5
1556+PageLog syslog
1557+.br
1558+Specifies the page log filename.
1559+.TP 5
1560+Printcap
1561+.TP 5
1562+Printcap filename
1563+.br
1564+Specifies the filename for a printcap file that is updated
1565+automatically with a list of available printers (needed for
1566+legacy applications); specifying Printcap with no filename
1567+disables printcap generation.
1568+.TP 5
1569+RemoteRoot user-name
1570+.br
1571+Specifies the username that is associated with unauthenticated root
1572+accesses.
1573+.TP 5
1574+RequestRoot directory
1575+.br
1576+Specifies the directory to store print jobs and other HTTP request
1577+data.
1578+.TP 5
1579+ServerBin directory
1580+.br
1581+Specifies the directory where backends, CGIs, daemons, and filters may
1582+be found.
1583+.TP 5
1584+ServerCertificate filename
1585+.br
1586+Specifies the encryption certificate to use.
1587+.TP 5
1588+ServerKey filename
1589+.br
1590+Specifies the encryption key to use.
1591+.TP 5
1592+ServerRoot directory
1593+.br
1594+Specifies the directory where the server configuration files can be found.
1595+.TP 5
1596+SystemGroup group-name [group-name ...]
1597+.br
1598+Specifies the group(s) to use for System class authentication.
1599+.TP 5
1600+TempDir directory
1601+.br
1602+Specifies the directory where temporary files are stored.
1603+.TP 5
1604+User user-name
1605+.br
1606+Specifies the user name or ID that is used when running external programs.
1607+.SH SEE ALSO
1608+\fIclasses.conf(5)\fR, \fIcupsd(8)\fR, \fIcupsd.conf(5)\fR, \fImime.convs(5)\fR,
1609+\fImime.types(5)\fR, \fIprinters.conf(5)\fR,
1610+\fIsubscriptions.conf(5)\fR,
1611+.br
1612+http://localhost:631/help
1613+.SH COPYRIGHT
1614+Copyright 2007-2012 by Apple Inc.
1615+.\"
1616+.\" End of "$Id$".
1617+.\"
1618diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/man/cupsd.conf.man.in cups/man/cupsd.conf.man.in
1619--- cups~/man/cupsd.conf.man.in 2012-12-07 13:00:48.000000000 +0100
1620+++ cups/man/cupsd.conf.man.in 2012-12-08 00:29:10.000000000 +0100
1621@@ -12,13 +12,16 @@
1622 .\" which should have been included with this file. If this file is
1623 .\" file is missing or damaged, see the license at "http://www.cups.org/".
1624 .\"
1625-.TH cupsd.conf 5 "CUPS" "28 January 2010" "Apple Inc."
1626+.TH cupsd.conf 5 "CUPS" "19 November 2012" "Apple Inc."
1627 .SH NAME
1628 cupsd.conf \- server configuration file for cups
1629 .SH DESCRIPTION
1630 The \fIcupsd.conf\fR file configures the CUPS scheduler, \fIcupsd(8)\fR. It
1631-is normally located in the \fI@CUPS_SERVERROOT@\fR directory.
1632-.LP
1633+is normally located in the \fI@CUPS_SERVERROOT@\fR directory. \fBNote:\fR
1634+File, directory, and user configuration directives that used to be allowed in
1635+the \fIcupsd.conf\fR file are now stored in the \fIcups-files.conf(5)\fR instead
1636+in order to prevent certain types of privilege escalation attacks.
1637+LP
1638 Each line in the file can be a configuration directive, a blank line,
1639 or a comment. Comment lines start with the # character. The
1640 configuration directives are intentionally similar to those used by the
1641@@ -27,12 +30,6 @@
1642 The following directives are understood by \fIcupsd(8)\fR. Consult the
1643 on-line help for detailed descriptions:
1644 .TP 5
1645-AccessLog filename
1646-.TP 5
1647-AccessLog syslog
1648-.br
1649-Defines the access log filename.
1650-.TP 5
1651 AccessLogLevel config
1652 .TP 5
1653 AccessLogLevel actions
1654@@ -61,20 +58,6 @@
1655 .br
1656 Allows access from the named hosts or addresses.
1657 .TP 5
1658-AuthClass User
1659-.TP 5
1660-AuthClass Group
1661-.TP 5
1662-AuthClass System
1663-.br
1664-Specifies the authentication class (User, Group, System) -
1665-\fBthis directive is deprecated\fR.
1666-.TP 5
1667-AuthGroupName group-name
1668-.br
1669-Specifies the authentication group - \fBthis directive is
1670-deprecated\fR.
1671-.TP 5
1672 AuthType None
1673 .TP 5
1674 AuthType Basic
1675@@ -220,7 +203,7 @@
1676 .TP 5
1677 Browsing No
1678 .br
1679-Specifies whether or not remote printer browsing should be enabled.
1680+Specifies whether or not shared printers should be advertised.
1681 .TP 5
1682 Classification banner
1683 .br
1684@@ -233,15 +216,6 @@
1685 Specifies whether to allow users to override the classification
1686 of individual print jobs.
1687 .TP 5
1688-ConfigFilePerm mode
1689-.br
1690-Specifies the permissions for all configuration files that the scheduler
1691-writes.
1692-.TP 5
1693-DataDir path
1694-.br
1695-Specified the directory where data files can be found.
1696-.TP 5
1697 DefaultAuthType Basic
1698 .TP 5
1699 DefaultAuthType BasicDigest
1700@@ -309,10 +283,6 @@
1701 causes the update to happen as soon as possible, typically within a few
1702 milliseconds.
1703 .TP 5
1704-DocumentRoot directory
1705-.br
1706-Specifies the root directory for the internal web server documents.
1707-.TP 5
1708 Encryption IfRequested
1709 .TP 5
1710 Encryption Never
1711@@ -322,28 +292,6 @@
1712 Specifies the level of encryption that is required for a particular
1713 location.
1714 .TP 5
1715-ErrorLog filename
1716-.TP 5
1717-ErrorLog syslog
1718-.br
1719-Specifies the error log filename.
1720-.TP 5
1721-FatalErrors none
1722-.TP 5
1723-FatalErrors all -kind [... -kind]
1724-.TP 5
1725-FatalErrors kind [... kind]
1726-.br
1727-Specifies which errors are fatal, causing the scheduler to exit. "Kind" is
1728-"browse", "config", "listen", "log", or "permissions".
1729-.TP 5
1730-FileDevice Yes
1731-.TP 5
1732-FileDevice No
1733-.br
1734-Specifies whether the file pseudo-device can be used for new
1735-printer queues.
1736-.TP 5
1737 FilterLimit limit
1738 .br
1739 Specifies the maximum cost of filters that are run concurrently.
1740@@ -449,10 +397,6 @@
1741 Specifies the number of debugging messages that are logged when an error
1742 occurs in a print job.
1743 .TP 5
1744-LogFilePerm mode
1745-.br
1746-Specifies the permissions for all log files that the scheduler writes.
1747-.TP 5
1748 LogLevel alert
1749 .TP 5
1750 LogLevel crit
1751@@ -526,12 +470,6 @@
1752 .br
1753 Specifies the order of HTTP access control (allow,deny or deny,allow)
1754 .TP 5
1755-PageLog filename
1756-.TP 5
1757-PageLog syslog
1758-.br
1759-Specifies the page log filename.
1760-.TP 5
1761 PageLogFormat format string
1762 .br
1763 Specifies the format of page log lines.
1764@@ -561,15 +499,6 @@
1765 Specifies whether or not to preserve the job history after they are
1766 printed.
1767 .TP 5
1768-Printcap
1769-.TP 5
1770-Printcap filename
1771-.br
1772-Specifies the filename for a printcap file that is updated
1773-automatically with a list of available printers (needed for
1774-legacy applications); specifying Printcap with no filename
1775-disables printcap generation.
1776-.TP 5
1777 PrintcapFormat bsd
1778 .TP 5
1779 PrintcapFormat plist
1780@@ -578,29 +507,11 @@
1781 .br
1782 Specifies the format of the printcap file.
1783 .TP 5
1784-PrintcapGUI
1785-.TP 5
1786-PrintcapGUI gui-program-filename
1787-.br
1788-Specifies whether to generate option panel definition files on
1789-some operating systems. When provided with no program filename,
1790-disables option panel definition files.
1791-.TP 5
1792 ReloadTimeout seconds
1793 .br
1794 Specifies the amount of time to wait for job completion before
1795 restarting the scheduler.
1796 .TP 5
1797-RemoteRoot user-name
1798-.br
1799-Specifies the username that is associated with unauthenticated root
1800-accesses.
1801-.TP 5
1802-RequestRoot directory
1803-.br
1804-Specifies the directory to store print jobs and other HTTP request
1805-data.
1806-.TP 5
1807 Require group group-name-list
1808 .TP 5
1809 Require user user-name-list
1810@@ -630,27 +541,10 @@
1811 Specifies an alternate name that the server is known by. The special name "*"
1812 allows any name to be used.
1813 .TP 5
1814-ServerBin directory
1815-.br
1816-Specifies the directory where backends, CGIs, daemons, and filters may
1817-be found.
1818-.TP 5
1819-ServerCertificate filename
1820-.br
1821-Specifies the encryption certificate to use.
1822-.TP 5
1823-ServerKey filename
1824-.br
1825-Specifies the encryption key to use.
1826-.TP 5
1827 ServerName hostname-or-ip-address
1828 .br
1829 Specifies the fully-qualified hostname of the server.
1830 .TP 5
1831-ServerRoot directory
1832-.br
1833-Specifies the directory where the server configuration files can be found.
1834-.TP 5
1835 ServerTokens Full
1836 .TP 5
1837 ServerTokens Major
1838@@ -686,14 +580,6 @@
1839 .br
1840 Listens on the specified port for encrypted connections.
1841 .TP 5
1842-SystemGroup group-name [group-name ...]
1843-.br
1844-Specifies the group(s) to use for System class authentication.
1845-.TP 5
1846-TempDir directory
1847-.br
1848-Specifies the directory where temporary files are stored.
1849-.TP 5
1850 Timeout seconds
1851 .br
1852 Specifies the HTTP request timeout in seconds.
1853@@ -702,7 +588,7 @@
1854 .br
1855 Specifies the user name or ID that is used when running external programs.
1856 .SH SEE ALSO
1857-\fIclasses.conf(5)\fR, \fIcupsd(8)\fR, \fImime.convs(5)\fR,
1858+\fIclasses.conf(5)\fR, \fIcups-files.conf(8)\fR, \fIcupsd(8)\fR, \fImime.convs(5)\fR,
1859 \fImime.types(5)\fR, \fIprinters.conf(5)\fR,
1860 \fIsubscriptions.conf(5)\fR,
1861 .br
1862diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/scheduler/client.c cups/scheduler/client.c
1863--- cups~/scheduler/client.c 2012-12-08 00:29:09.000000000 +0100
1864+++ cups/scheduler/client.c 2012-12-08 00:29:10.000000000 +0100
1865@@ -35,7 +35,7 @@
1866 * get_cdsa_certificate() - Get a SSL/TLS certificate from the System
1867 * keychain.
1868 * get_file() - Get a filename and state info.
1869- * install_conf_file() - Install a configuration file.
1870+ * install_cupsd_conf() - Install a configuration file.
1871 * is_cgi() - Is the resource a CGI script/program?
1872 * is_path_absolute() - Is a path absolute and free of relative elements
1873 * (i.e. "..").
1874@@ -102,7 +102,7 @@
1875 #endif /* HAVE_CDSASSL */
1876 static char *get_file(cupsd_client_t *con, struct stat *filestats,
1877 char *filename, int len);
1878-static http_status_t install_conf_file(cupsd_client_t *con);
1879+static http_status_t install_cupsd_conf(cupsd_client_t *con);
1880 static int is_cgi(cupsd_client_t *con, const char *filename,
1881 struct stat *filestats, mime_type_t *type);
1882 static int is_path_absolute(const char *path);
1883@@ -1691,17 +1691,14 @@
1884 * Validate the resource name...
1885 */
1886
1887- if (strncmp(con->uri, "/admin/conf/", 12) ||
1888- strchr(con->uri + 12, '/') ||
1889- strlen(con->uri) == 12)
1890+ if (strcmp(con->uri, "/admin/conf/cupsd.conf"))
1891 {
1892 /*
1893- * PUT can only be done to configuration files under
1894- * /admin/conf...
1895+ * PUT can only be done to the cupsd.conf file...
1896 */
1897
1898 cupsdLogMessage(CUPSD_LOG_ERROR,
1899- "Request for subdirectory \"%s\"!", con->uri);
1900+ "Disallowed PUT request for \"%s\"!", con->uri);
1901
1902 if (!cupsdSendError(con, HTTP_FORBIDDEN, CUPSD_AUTH_NONE))
1903 {
1904@@ -2019,7 +2016,7 @@
1905 * Install the configuration file...
1906 */
1907
1908- status = install_conf_file(con);
1909+ status = install_cupsd_conf(con);
1910
1911 /*
1912 * Return the status to the client...
1913@@ -3685,11 +3682,11 @@
1914
1915
1916 /*
1917- * 'install_conf_file()' - Install a configuration file.
1918+ * 'install_cupsd_conf()' - Install a configuration file.
1919 */
1920
1921 static http_status_t /* O - Status */
1922-install_conf_file(cupsd_client_t *con) /* I - Connection */
1923+install_cupsd_conf(cupsd_client_t *con) /* I - Connection */
1924 {
1925 cups_file_t *in, /* Input file */
1926 *out; /* Output file */
1927@@ -3705,9 +3702,9 @@
1928 * First construct the filenames...
1929 */
1930
1931- snprintf(conffile, sizeof(conffile), "%s%s", ServerRoot, con->uri + 11);
1932- snprintf(newfile, sizeof(newfile), "%s%s.N", ServerRoot, con->uri + 11);
1933- snprintf(oldfile, sizeof(oldfile), "%s%s.O", ServerRoot, con->uri + 11);
1934+ snprintf(conffile, sizeof(conffile), "%s/cupsd.conf", ServerRoot);
1935+ snprintf(newfile, sizeof(newfile), "%s/cupsd.conf.N", ServerRoot);
1936+ snprintf(oldfile, sizeof(oldfile), "%s/cupsd.conf.O", ServerRoot);
1937
1938 cupsdLogMessage(CUPSD_LOG_INFO, "Installing config file \"%s\"...", conffile);
1939
1940@@ -3829,14 +3826,10 @@
1941 }
1942
1943 /*
1944- * If the cupsd.conf file was updated, set the NeedReload flag...
1945+ * Set the NeedReload flag...
1946 */
1947
1948- if (!strcmp(con->uri, "/admin/conf/cupsd.conf"))
1949- NeedReload = RELOAD_CUPSD;
1950- else
1951- NeedReload = RELOAD_ALL;
1952-
1953+ NeedReload = RELOAD_CUPSD;
1954 ReloadTime = time(NULL);
1955
1956 /*
1957--- a/scheduler/conf.c
1958+++ b/scheduler/conf.c
1959@@ -26,7 +26,9 @@
1960 * parse_fatal_errors() - Parse FatalErrors values in a string.
1961 * parse_groups() - Parse system group names in a string.
1962 * parse_protocols() - Parse browse protocols in a string.
1963- * read_configuration() - Read a configuration file.
1964+ * parse_variable() - Parse a variable line.
1965+ * read_cupsd_conf() - Read the cupsd.conf configuration file.
1966+ * read_cups_files_conf() - Read the cups-files.conf configuration file.
1967 * read_location() - Read a <Location path> definition.
1968 * read_policy() - Read a <Policy name> definition.
1969 */
1970@@ -79,9 +81,8 @@
1971 * Local globals...
1972 */
1973
1974-static const cupsd_var_t variables[] =
1975+static const cupsd_var_t cupsd_vars[] =
1976 {
1977- { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
1978 #ifdef __APPLE__
1979 { "AppleQuotas", &AppleQuotas, CUPSD_VARTYPE_BOOLEAN },
1980 #endif /* __APPLE__ */
1981@@ -103,24 +104,17 @@
1982 { "BrowseTimeout", &BrowseTimeout, CUPSD_VARTYPE_INTEGER },
1983 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
1984 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
1985- { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
1986 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
1987 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
1988- { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
1989- { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
1990 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
1991 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_INTEGER },
1992 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
1993 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
1994 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
1995 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_INTEGER },
1996- { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
1997- { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
1998 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
1999- { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
2000 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
2001 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
2002- { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
2003 { "HideImplicitMembers", &HideImplicitMembers, CUPSD_VARTYPE_BOOLEAN },
2004 { "ImplicitClasses", &ImplicitClasses, CUPSD_VARTYPE_BOOLEAN },
2005 { "ImplicitAnyClasses", &ImplicitAnyClasses, CUPSD_VARTYPE_BOOLEAN },
2006@@ -135,8 +129,6 @@
2007 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
2008 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
2009 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
2010- { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
2011- { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
2012 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
2013 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
2014 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
2015@@ -154,18 +146,34 @@
2016 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
2017 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
2018 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_INTEGER },
2019- { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
2020 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
2021 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_BOOLEAN },
2022 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_BOOLEAN },
2023- { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
2024- { "PrintcapGUI", &PrintcapGUI, CUPSD_VARTYPE_STRING },
2025 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_INTEGER },
2026- { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
2027- { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
2028 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
2029 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_INTEGER },
2030 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
2031+ { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
2032+ { "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER },
2033+ { "UseNetworkDefault", &UseNetworkDefault, CUPSD_VARTYPE_BOOLEAN }
2034+};
2035+static const cupsd_var_t cupsfiles_vars[] =
2036+{
2037+ { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
2038+ { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
2039+ { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
2040+ { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
2041+ { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
2042+ { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
2043+ { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
2044+ { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
2045+ { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
2046+ { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
2047+ { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
2048+ { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
2049+ { "PrintcapGUI", &PrintcapGUI, CUPSD_VARTYPE_STRING },
2050+ { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
2051+ { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
2052 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
2053 #ifdef HAVE_SSL
2054 { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME },
2055@@ -173,7 +181,6 @@
2056 { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
2057 # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
2058 #endif /* HAVE_SSL */
2059- { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
2060 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
2061 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
2062 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
2063@@ -181,11 +188,7 @@
2064 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
2065 #endif /* HAVE_AUTHORIZATION_H */
2066 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME },
2067- { "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER },
2068- { "UseNetworkDefault", &UseNetworkDefault, CUPSD_VARTYPE_BOOLEAN }
2069 };
2070-#define NUM_VARS (sizeof(variables) / sizeof(variables[0]))
2071-
2072
2073 static const unsigned ones[4] =
2074 {
2075@@ -209,7 +212,12 @@
2076 static int parse_fatal_errors(const char *s);
2077 static int parse_groups(const char *s);
2078 static int parse_protocols(const char *s);
2079-static int read_configuration(cups_file_t *fp);
2080+static int parse_variable(const char *filename, int linenum,
2081+ const char *line, const char *value,
2082+ size_t num_vars,
2083+ const cupsd_var_t *vars);
2084+static int read_cupsd_conf(cups_file_t *fp);
2085+static int read_cups_files_conf(cups_file_t *fp);
2086 static int read_location(cups_file_t *fp, char *name, int linenum);
2087 static int read_policy(cups_file_t *fp, char *name, int linenum);
2088
2089@@ -695,18 +703,59 @@
2090 #endif /* __APPLE__ */
2091
2092 /*
2093- * Read the configuration file...
2094+ * Read the cups-files.conf file...
2095+ */
2096+
2097+ if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
2098+ {
2099+ status = read_cups_files_conf(fp);
2100+
2101+ cupsFileClose(fp);
2102+
2103+ if (!status)
2104+ {
2105+ if (TestConfigFile)
2106+ printf("%s contains errors\n", CupsFilesFile);
2107+ else
2108+ cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to read %s", CupsFilesFile);
2109+ return (0);
2110+ }
2111+ }
2112+ else if (errno == ENOENT)
2113+ cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
2114+ else
2115+ {
2116+ cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to open %s: %s", CupsFilesFile,
2117+ strerror(errno));
2118+ return (0);
2119+ }
2120+
2121+ if (!ErrorLog)
2122+ cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
2123+
2124+ /*
2125+ * Read the cupsd.conf file...
2126 */
2127
2128 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
2129+ {
2130+ cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to open %s: %s", ConfigurationFile,
2131+ strerror(errno));
2132 return (0);
2133+ }
2134
2135- status = read_configuration(fp);
2136+ status = read_cupsd_conf(fp);
2137
2138 cupsFileClose(fp);
2139
2140 if (!status)
2141+ {
2142+ if (TestConfigFile)
2143+ printf("%s contains errors\n", ConfigurationFile);
2144+ else
2145+ cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to read %s", ConfigurationFile);
2146 return (0);
2147+ }
2148
2149 RunUser = getuid();
2150
2151@@ -826,6 +875,13 @@
2152 BrowseACL = cupsdFindLocation("CUPS_INTERNAL_BROWSE_ACL");
2153
2154 /*
2155+ * Make sure ConfigFilePerm and LogFilePerm have sane values...
2156+ */
2157+
2158+ ConfigFilePerm &= 0664;
2159+ LogFilePerm &= 0664;
2160+
2161+ /*
2162 * Open the system log for cupsd if necessary...
2163 */
2164
2165@@ -2398,13 +2454,174 @@
2166
2167
2168 /*
2169- * 'read_configuration()' - Read a configuration file.
2170+ * 'parse_variable()' - Parse a variable line.
2171 */
2172
2173 static int /* O - 1 on success, 0 on failure */
2174-read_configuration(cups_file_t *fp) /* I - File to read from */
2175+parse_variable(
2176+ const char *filename, /* I - Name of configuration file */
2177+ int linenum, /* I - Line in configuration file */
2178+ const char *line, /* I - Line from configuration file */
2179+ const char *value, /* I - Value from configuration file */
2180+ size_t num_vars, /* I - Number of variables */
2181+ const cupsd_var_t *vars) /* I - Variables */
2182+{
2183+ size_t i; /* Looping var */
2184+ const cupsd_var_t *var; /* Variables */
2185+ char temp[1024]; /* Temporary string */
2186+
2187+
2188+ for (i = num_vars, var = vars; i > 0; i --, var ++)
2189+ if (!strcasecmp(line, var->name))
2190+ break;
2191+
2192+ if (i == 0)
2193+ {
2194+ /*
2195+ * Unknown directive! Output an error message and continue...
2196+ */
2197+
2198+ if (!value)
2199+ cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2200+ line, linenum, filename);
2201+ else
2202+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2203+ line, linenum, filename);
2204+
2205+ return (0);
2206+ }
2207+
2208+ switch (var->type)
2209+ {
2210+ case CUPSD_VARTYPE_INTEGER :
2211+ if (!value)
2212+ {
2213+ cupsdLogMessage(CUPSD_LOG_ERROR,
2214+ "Missing integer value for %s on line %d of %s.",
2215+ line, linenum, filename);
2216+ return (0);
2217+ }
2218+ else if (!isdigit(*value & 255))
2219+ {
2220+ cupsdLogMessage(CUPSD_LOG_ERROR,
2221+ "Bad integer value for %s on line %d of %s.",
2222+ line, linenum, filename);
2223+ return (0);
2224+ }
2225+ else
2226+ {
2227+ int n; /* Number */
2228+ char *units; /* Units */
2229+
2230+ n = strtol(value, &units, 0);
2231+
2232+ if (units && *units)
2233+ {
2234+ if (tolower(units[0] & 255) == 'g')
2235+ n *= 1024 * 1024 * 1024;
2236+ else if (tolower(units[0] & 255) == 'm')
2237+ n *= 1024 * 1024;
2238+ else if (tolower(units[0] & 255) == 'k')
2239+ n *= 1024;
2240+ else if (tolower(units[0] & 255) == 't')
2241+ n *= 262144;
2242+ else
2243+ {
2244+ cupsdLogMessage(CUPSD_LOG_ERROR,
2245+ "Unknown integer value for %s on line %d of %s.",
2246+ line, linenum, filename);
2247+ return (0);
2248+ }
2249+ }
2250+
2251+ if (n < 0)
2252+ {
2253+ cupsdLogMessage(CUPSD_LOG_ERROR,
2254+ "Bad negative integer value for %s on line %d of "
2255+ "%s.", line, linenum, filename);
2256+ return (0);
2257+ }
2258+ else
2259+ {
2260+ *((int *)var->ptr) = n;
2261+ }
2262+ }
2263+ break;
2264+
2265+ case CUPSD_VARTYPE_BOOLEAN :
2266+ if (!value)
2267+ {
2268+ cupsdLogMessage(CUPSD_LOG_ERROR,
2269+ "Missing boolean value for %s on line %d of %s.",
2270+ line, linenum, filename);
2271+ return (0);
2272+ }
2273+ else if (!strcasecmp(value, "true") ||
2274+ !strcasecmp(value, "on") ||
2275+ !strcasecmp(value, "enabled") ||
2276+ !strcasecmp(value, "yes") ||
2277+ atoi(value) != 0)
2278+ {
2279+ *((int *)var->ptr) = TRUE;
2280+ }
2281+ else if (!strcasecmp(value, "false") ||
2282+ !strcasecmp(value, "off") ||
2283+ !strcasecmp(value, "disabled") ||
2284+ !strcasecmp(value, "no") ||
2285+ !strcasecmp(value, "0"))
2286+ {
2287+ *((int *)var->ptr) = FALSE;
2288+ }
2289+ else
2290+ {
2291+ cupsdLogMessage(CUPSD_LOG_ERROR,
2292+ "Unknown boolean value %s on line %d of %s.",
2293+ value, linenum, filename);
2294+ return (0);
2295+ }
2296+ break;
2297+
2298+ case CUPSD_VARTYPE_PATHNAME :
2299+ if (!value)
2300+ {
2301+ cupsdLogMessage(CUPSD_LOG_ERROR,
2302+ "Missing pathname value for %s on line %d of %s.",
2303+ line, linenum, filename);
2304+ return (0);
2305+ }
2306+
2307+ if (value[0] == '/')
2308+ strlcpy(temp, value, sizeof(temp));
2309+ else
2310+ snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2311+
2312+ if (access(temp, 0))
2313+ {
2314+ cupsdLogMessage(CUPSD_LOG_ERROR,
2315+ "File or directory for \"%s %s\" on line %d of %s "
2316+ "does not exist.", line, value, linenum, filename);
2317+ return (0);
2318+ }
2319+
2320+ cupsdSetString((char **)var->ptr, temp);
2321+ break;
2322+
2323+ case CUPSD_VARTYPE_STRING :
2324+ cupsdSetString((char **)var->ptr, value);
2325+ break;
2326+ }
2327+
2328+ return (1);
2329+}
2330+
2331+
2332+/*
2333+ * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2334+ */
2335+
2336+static int /* O - 1 on success, 0 on failure */
2337+read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
2338 {
2339- int i; /* Looping var */
2340 int linenum; /* Current line number */
2341 char line[HTTP_MAX_BUFFER],
2342 /* Line from file */
2343@@ -2416,7 +2633,6 @@
2344 *value, /* Pointer to value */
2345 *valueptr; /* Pointer into value */
2346 int valuelen; /* Length of value */
2347- cupsd_var_t const *var; /* Current variable */
2348 http_addrlist_t *addrlist, /* Address list */
2349 *addr; /* Current address */
2350 unsigned ip[4], /* Address value */
2351@@ -2426,7 +2642,6 @@
2352 cupsd_location_t *location; /* Browse location */
2353 cups_file_t *incfile; /* Include file */
2354 char incname[1024]; /* Include filename */
2355- struct group *group; /* Group */
2356
2357
2358 /*
2359@@ -2458,7 +2673,7 @@
2360 incname, strerror(errno));
2361 else
2362 {
2363- read_configuration(incfile);
2364+ read_cupsd_conf(incfile);
2365 cupsFileClose(incfile);
2366 }
2367 }
2368@@ -2482,8 +2697,6 @@
2369 if (linenum == 0)
2370 return (0);
2371 }
2372- else if (!strcasecmp(line, "FatalErrors"))
2373- FatalErrors = parse_fatal_errors(value);
2374 else if (!strcasecmp(line, "FaxRetryInterval") && value)
2375 {
2376 JobRetryInterval = atoi(value);
2377@@ -3160,81 +3373,6 @@
2378 }
2379 }
2380 #endif /* HAVE_SSL */
2381- else if (!strcasecmp(line, "User") && value)
2382- {
2383- /*
2384- * User ID to run as...
2385- */
2386-
2387- if (isdigit(value[0] & 255))
2388- {
2389- int uid = atoi(value);
2390-
2391- if (!uid)
2392- cupsdLogMessage(CUPSD_LOG_ERROR,
2393- "Will not use User 0 as specified on line %d "
2394- "for security reasons. You must use a non-"
2395- "privileged account instead.",
2396- linenum);
2397- else
2398- User = atoi(value);
2399- }
2400- else
2401- {
2402- struct passwd *p; /* Password information */
2403-
2404- endpwent();
2405- p = getpwnam(value);
2406-
2407- if (p)
2408- {
2409- if (!p->pw_uid)
2410- cupsdLogMessage(CUPSD_LOG_ERROR,
2411- "Will not use User %s (UID=0) as specified on line "
2412- "%d for security reasons. You must use a non-"
2413- "privileged account instead.",
2414- value, linenum);
2415- else
2416- User = p->pw_uid;
2417- }
2418- else
2419- cupsdLogMessage(CUPSD_LOG_ERROR,
2420- "Unknown User \"%s\" on line %d, ignoring!",
2421- value, linenum);
2422- }
2423- }
2424- else if (!strcasecmp(line, "Group") && value)
2425- {
2426- /*
2427- * Group ID to run as...
2428- */
2429-
2430- if (isdigit(value[0]))
2431- Group = atoi(value);
2432- else
2433- {
2434- endgrent();
2435- group = getgrnam(value);
2436-
2437- if (group != NULL)
2438- Group = group->gr_gid;
2439- else
2440- cupsdLogMessage(CUPSD_LOG_ERROR,
2441- "Unknown Group \"%s\" on line %d, ignoring!",
2442- value, linenum);
2443- }
2444- }
2445- else if (!strcasecmp(line, "SystemGroup") && value)
2446- {
2447- /*
2448- * SystemGroup (admin) group(s)...
2449- */
2450-
2451- if (!parse_groups(value))
2452- cupsdLogMessage(CUPSD_LOG_ERROR,
2453- "Unknown SystemGroup \"%s\" on line %d, ignoring!",
2454- value, linenum);
2455- }
2456 else if (!strcasecmp(line, "HostNameLookups") && value)
2457 {
2458 /*
2459@@ -3313,22 +3451,6 @@
2460 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
2461 value, linenum);
2462 }
2463- else if (!strcasecmp(line, "PrintcapFormat") && value)
2464- {
2465- /*
2466- * Format of printcap file?
2467- */
2468-
2469- if (!strcasecmp(value, "bsd"))
2470- PrintcapFormat = PRINTCAP_BSD;
2471- else if (!strcasecmp(value, "plist"))
2472- PrintcapFormat = PRINTCAP_PLIST;
2473- else if (!strcasecmp(value, "solaris"))
2474- PrintcapFormat = PRINTCAP_SOLARIS;
2475- else
2476- cupsdLogMessage(CUPSD_LOG_WARN, "Unknown PrintcapFormat %s on line %d.",
2477- value, linenum);
2478- }
2479 else if (!strcasecmp(line, "ServerTokens") && value)
2480 {
2481 /*
2482@@ -3432,123 +3554,197 @@
2483 "line %d.", value, linenum);
2484 }
2485 #endif /* HAVE_SSL */
2486+ else if (!strcasecmp(line, "AccessLog") ||
2487+ !strcasecmp(line, "CacheDir") ||
2488+ !strcasecmp(line, "ConfigFilePerm") ||
2489+ !strcasecmp(line, "DataDir") ||
2490+ !strcasecmp(line, "DocumentRoot") ||
2491+ !strcasecmp(line, "ErrorLog") ||
2492+ !strcasecmp(line, "FatalErrors") ||
2493+ !strcasecmp(line, "FileDevice") ||
2494+ !strcasecmp(line, "FontPath") ||
2495+ !strcasecmp(line, "Group") ||
2496+ !strcasecmp(line, "LogFilePerm") ||
2497+ !strcasecmp(line, "LPDConfigFile") ||
2498+ !strcasecmp(line, "PageLog") ||
2499+ !strcasecmp(line, "Printcap") ||
2500+ !strcasecmp(line, "PrintcapFormat") ||
2501+ !strcasecmp(line, "RemoteRoot") ||
2502+ !strcasecmp(line, "RequestRoot") ||
2503+ !strcasecmp(line, "ServerBin") ||
2504+ !strcasecmp(line, "ServerCertificate") ||
2505+ !strcasecmp(line, "ServerKey") ||
2506+ !strcasecmp(line, "ServerRoot") ||
2507+ !strcasecmp(line, "SMBConfigFile") ||
2508+ !strcasecmp(line, "StateDir") ||
2509+ !strcasecmp(line, "SystemGroup") ||
2510+ !strcasecmp(line, "SystemGroupAuthKey") ||
2511+ !strcasecmp(line, "TempDir") ||
2512+ !strcasecmp(line, "User"))
2513+ {
2514+ cupsdLogMessage(CUPSD_LOG_WARN,
2515+ "Please move \"%s%s%s\" on line %d of %s to the %s file; "
2516+ "this will become an error in a future release.",
2517+ line, value ? " " : "", value ? value : "", linenum,
2518+ ConfigurationFile, CupsFilesFile);
2519+ }
2520 else
2521+ parse_variable(ConfigurationFile, linenum, line, value,
2522+ sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
2523+ }
2524+
2525+ return (1);
2526+}
2527+
2528+/*
2529+ * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
2530+ */
2531+
2532+static int /* O - 1 on success, 0 on failure */
2533+read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
2534+{
2535+ int linenum; /* Current line number */
2536+ char line[HTTP_MAX_BUFFER], /* Line from file */
2537+ *value; /* Value from line */
2538+ struct group *group; /* Group */
2539+
2540+
2541+ /*
2542+ * Loop through each line in the file...
2543+ */
2544+
2545+ linenum = 0;
2546+
2547+ while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2548+ {
2549+ if (!strcasecmp(line, "FatalErrors"))
2550+ FatalErrors = parse_fatal_errors(value);
2551+ else if (!strcasecmp(line, "Group") && value)
2552 {
2553 /*
2554- * Find a simple variable in the list...
2555+ * Group ID to run as...
2556 */
2557
2558- for (i = NUM_VARS, var = variables; i > 0; i --, var ++)
2559- if (!strcasecmp(line, var->name))
2560- break;
2561-
2562- if (i == 0)
2563+ if (isdigit(value[0]))
2564+ Group = atoi(value);
2565+ else
2566 {
2567- /*
2568- * Unknown directive! Output an error message and continue...
2569- */
2570+ endgrent();
2571+ group = getgrnam(value);
2572
2573- if (!value)
2574- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d.",
2575- line, linenum);
2576+ if (group != NULL)
2577+ Group = group->gr_gid;
2578 else
2579- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d.",
2580- line, linenum);
2581- continue;
2582+ {
2583+ cupsdLogMessage(CUPSD_LOG_ERROR,
2584+ "Unknown Group \"%s\" on line %d of %s.", value,
2585+ linenum, CupsFilesFile);
2586+ if (FatalErrors & CUPSD_FATAL_CONFIG)
2587+ return (0);
2588+ }
2589 }
2590+ }
2591+ else if (!strcasecmp(line, "PrintcapFormat") && value)
2592+ {
2593+ /*
2594+ * Format of printcap file?
2595+ */
2596
2597- switch (var->type)
2598+ if (!strcasecmp(value, "bsd"))
2599+ PrintcapFormat = PRINTCAP_BSD;
2600+ else if (!strcasecmp(value, "plist"))
2601+ PrintcapFormat = PRINTCAP_PLIST;
2602+ else if (!strcasecmp(value, "solaris"))
2603+ PrintcapFormat = PRINTCAP_SOLARIS;
2604+ else
2605 {
2606- case CUPSD_VARTYPE_INTEGER :
2607- if (!value)
2608- cupsdLogMessage(CUPSD_LOG_ERROR,
2609- "Missing integer value for %s on line %d!",
2610- line, linenum);
2611- else
2612- {
2613- int n; /* Number */
2614- char *units; /* Units */
2615-
2616-
2617- n = strtol(value, &units, 0);
2618-
2619- if (units && *units)
2620- {
2621- if (tolower(units[0] & 255) == 'g')
2622- n *= 1024 * 1024 * 1024;
2623- else if (tolower(units[0] & 255) == 'm')
2624- n *= 1024 * 1024;
2625- else if (tolower(units[0] & 255) == 'k')
2626- n *= 1024;
2627- else if (tolower(units[0] & 255) == 't')
2628- n *= 262144;
2629- }
2630-
2631- if (n < 0)
2632- cupsdLogMessage(CUPSD_LOG_ERROR,
2633- "Bad negative integer value for %s on line %d!",
2634- line, linenum);
2635- else
2636- *((int *)var->ptr) = n;
2637- }
2638- break;
2639+ cupsdLogMessage(CUPSD_LOG_ERROR,
2640+ "Unknown PrintcapFormat \"%s\" on line %d of %s.",
2641+ value, linenum, CupsFilesFile);
2642+ if (FatalErrors & CUPSD_FATAL_CONFIG)
2643+ return (0);
2644+ }
2645+ }
2646+ else if (!strcasecmp(line, "SystemGroup") && value)
2647+ {
2648+ /*
2649+ * SystemGroup (admin) group(s)...
2650+ */
2651
2652- case CUPSD_VARTYPE_BOOLEAN :
2653- if (!value)
2654- cupsdLogMessage(CUPSD_LOG_ERROR,
2655- "Missing boolean value for %s on line %d!",
2656- line, linenum);
2657- else if (!strcasecmp(value, "true") ||
2658- !strcasecmp(value, "on") ||
2659- !strcasecmp(value, "enabled") ||
2660- !strcasecmp(value, "yes") ||
2661- atoi(value) != 0)
2662- *((int *)var->ptr) = TRUE;
2663- else if (!strcasecmp(value, "false") ||
2664- !strcasecmp(value, "off") ||
2665- !strcasecmp(value, "disabled") ||
2666- !strcasecmp(value, "no") ||
2667- !strcasecmp(value, "0"))
2668- *((int *)var->ptr) = FALSE;
2669- else
2670- cupsdLogMessage(CUPSD_LOG_ERROR,
2671- "Unknown boolean value %s on line %d.",
2672- value, linenum);
2673- break;
2674+ if (!parse_groups(value))
2675+ {
2676+ cupsdLogMessage(CUPSD_LOG_ERROR,
2677+ "Unknown SystemGroup \"%s\" on line %d of %s.", value,
2678+ linenum, CupsFilesFile);
2679+ if (FatalErrors & CUPSD_FATAL_CONFIG)
2680+ return (0);
2681+ }
2682+ }
2683+ else if (!strcasecmp(line, "User") && value)
2684+ {
2685+ /*
2686+ * User ID to run as...
2687+ */
2688
2689- case CUPSD_VARTYPE_PATHNAME :
2690- if (!value)
2691- {
2692- cupsdLogMessage(CUPSD_LOG_ERROR,
2693- "Missing pathname value for %s on line %d!",
2694- line, linenum);
2695- break;
2696- }
2697+ if (isdigit(value[0] & 255))
2698+ {
2699+ int uid = atoi(value);
2700
2701- if (value[0] == '/')
2702- strlcpy(temp, value, sizeof(temp));
2703- else
2704- snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2705+ if (!uid)
2706+ {
2707+ cupsdLogMessage(CUPSD_LOG_ERROR,
2708+ "Will not use User 0 as specified on line %d of %s "
2709+ "for security reasons. You must use a non-"
2710+ "privileged account instead.",
2711+ linenum, CupsFilesFile);
2712+ if (FatalErrors & CUPSD_FATAL_CONFIG)
2713+ return (0);
2714+ }
2715+ else
2716+ User = atoi(value);
2717+ }
2718+ else
2719+ {
2720+ struct passwd *p; /* Password information */
2721
2722- if (access(temp, 0))
2723- {
2724- cupsdLogMessage(CUPSD_LOG_ERROR,
2725- "File or directory for \"%s %s\" on line %d "
2726- "does not exist!", line, value, linenum);
2727- break;
2728- }
2729+ endpwent();
2730+ p = getpwnam(value);
2731
2732- case CUPSD_VARTYPE_STRING :
2733- cupsdSetString((char **)var->ptr, value);
2734- break;
2735+ if (p)
2736+ {
2737+ if (!p->pw_uid)
2738+ {
2739+ cupsdLogMessage(CUPSD_LOG_ERROR,
2740+ "Will not use User %s (UID=0) as specified on line "
2741+ "%d of %s for security reasons. You must use a "
2742+ "non-privileged account instead.",
2743+ value, linenum, CupsFilesFile);
2744+ if (FatalErrors & CUPSD_FATAL_CONFIG)
2745+ return (0);
2746+ }
2747+ else
2748+ User = p->pw_uid;
2749+ }
2750+ else
2751+ {
2752+ cupsdLogMessage(CUPSD_LOG_ERROR,
2753+ "Unknown User \"%s\" on line %d of %s.",
2754+ value, linenum, CupsFilesFile);
2755+ if (FatalErrors & CUPSD_FATAL_CONFIG)
2756+ return (0);
2757+ }
2758 }
2759 }
2760+ else if (!parse_variable(CupsFilesFile, linenum, line, value,
2761+ sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
2762+ cupsfiles_vars) &&
2763+ (FatalErrors & CUPSD_FATAL_CONFIG))
2764+ return (0);
2765 }
2766
2767 return (1);
2768 }
2769
2770-
2771 /*
2772 * 'read_location()' - Read a <Location path> definition.
2773 */
2774diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/scheduler/conf.h cups/scheduler/conf.h
2775--- cups~/scheduler/conf.h 2012-12-08 00:29:09.000000000 +0100
2776+++ cups/scheduler/conf.h 2012-12-08 00:29:10.000000000 +0100
2777@@ -96,7 +96,9 @@
2778 */
2779
2780 VAR char *ConfigurationFile VALUE(NULL),
2781- /* Configuration file to use */
2782+ /* cupsd.conf file to use */
2783+ *CupsFilesFile VALUE(NULL),
2784+ /* cups-files.conf file to use */
2785 *ServerName VALUE(NULL),
2786 /* FQDN for server */
2787 *ServerAdmin VALUE(NULL),
2788diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/scheduler/ipp.c cups/scheduler/ipp.c
2789--- cups~/scheduler/ipp.c 2012-12-08 00:29:09.000000000 +0100
2790+++ cups/scheduler/ipp.c 2012-12-08 00:54:10.627688371 +0100
2791@@ -2597,7 +2597,7 @@
2792 send_ipp_status(con, IPP_NOT_POSSIBLE,
2793 _("File device URIs have been disabled! "
2794 "To enable, see the FileDevice directive in "
2795- "\"%s/cupsd.conf\"."),
2796+ "\"%s/cups-files.conf\"."),
2797 ServerRoot);
2798 return;
2799 }
2800diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/scheduler/main.c cups/scheduler/main.c
2801--- cups~/scheduler/main.c 2012-12-08 00:29:09.000000000 +0100
2802+++ cups/scheduler/main.c 2012-12-08 00:29:10.000000000 +0100
2803@@ -251,6 +251,35 @@
2804 cupsdSetStringf(&ConfigurationFile, "%s/%s", current, argv[i]);
2805 free(current);
2806 }
2807+
2808+ if (!CupsFilesFile)
2809+ {
2810+ char *filename, /* Copy of cupsd.conf filename */
2811+ *slash; /* Final slash in cupsd.conf filename */
2812+ size_t len; /* Size of buffer */
2813+
2814+ len = strlen(ConfigurationFile) + 15;
2815+ if ((filename = malloc(len)) == NULL)
2816+ {
2817+ _cupsLangPrintf(stderr,
2818+ _("cupsd: Unable to get path to "
2819+ "cups-files.conf file."));
2820+ return (1);
2821+ }
2822+
2823+ strlcpy(filename, ConfigurationFile, len);
2824+ if ((slash = strrchr(filename, '/')) == NULL)
2825+ {
2826+ _cupsLangPrintf(stderr,
2827+ _("cupsd: Unable to get path to "
2828+ "cups-files.conf file."));
2829+ return (1);
2830+ }
2831+
2832+ strlcpy(slash, "/cups-files.conf", len - (slash - filename));
2833+ cupsdSetString(&CupsFilesFile, filename);
2834+ free(filename);
2835+ }
2836 break;
2837
2838 case 'f' : /* Run in foreground... */
2839@@ -289,6 +318,29 @@
2840 UseProfiles = 0;
2841 break;
2842
2843+ case 's' : /* Set cups-files.conf location */
2844+ i ++;
2845+ if (i >= argc)
2846+ {
2847+ _cupsLangPuts(stderr, _("cupsd: Expected cups-files.conf "
2848+ "filename after \"-s\" option."));
2849+ usage(1);
2850+ }
2851+
2852+ if (argv[i][0] != '/')
2853+ {
2854+ /*
2855+ * Relative filename not allowed...
2856+ */
2857+
2858+ _cupsLangPuts(stderr, _("cupsd: Relative cups-files.conf "
2859+ "filename not allowed."));
2860+ usage(1);
2861+ }
2862+
2863+ cupsdSetString(&CupsFilesFile, argv[i]);
2864+ break;
2865+
2866 #ifdef __APPLE__
2867 case 'S' : /* Disable system management functions */
2868 fputs("cupsd: -S (disable system management) for internal "
2869@@ -315,8 +367,40 @@
2870 usage(1);
2871 }
2872
2873- if (!ConfigurationFile)
2874- cupsdSetString(&ConfigurationFile, CUPS_SERVERROOT "/cupsd.conf");
2875+ if (!ConfigurationFile)
2876+ {
2877+ cupsdSetString(&ConfigurationFile, CUPS_SERVERROOT "/cupsd.conf");
2878+ cupsdSetString(&CupsFilesFile, CUPS_SERVERROOT "/cups-files.conf");
2879+ }
2880+
2881+ if (!CupsFilesFile)
2882+ {
2883+ char *filename, /* Copy of cupsd.conf filename */
2884+ *slash; /* Final slash in cupsd.conf filename */
2885+ size_t len; /* Size of buffer */
2886+
2887+ len = strlen(ConfigurationFile) + 15;
2888+ if ((filename = malloc(len)) == NULL)
2889+ {
2890+ _cupsLangPrintf(stderr,
2891+ _("cupsd: Unable to get path to "
2892+ "cups-files.conf file."));
2893+ return (1);
2894+ }
2895+
2896+ strlcpy(filename, ConfigurationFile, len);
2897+ if ((slash = strrchr(filename, '/')) == NULL)
2898+ {
2899+ _cupsLangPrintf(stderr,
2900+ _("cupsd: Unable to get path to "
2901+ "cups-files.conf file."));
2902+ return (1);
2903+ }
2904+
2905+ strlcpy(slash, "/cups-files.conf", len - (slash - filename));
2906+ cupsdSetString(&CupsFilesFile, filename);
2907+ free(filename);
2908+ }
2909
2910 /*
2911 * If the user hasn't specified "-f", run in the background...
2912--- a/test/run-stp-tests.sh
2913+++ b/test/run-stp-tests.sh
2914@@ -326,25 +326,10 @@
2915
2916 cat >/tmp/cups-$user/cupsd.conf <<EOF
2917 Browsing Off
2918-FileDevice yes
2919-Printcap
2920 Listen 127.0.0.1:$port
2921-User $user
2922-ServerRoot /tmp/cups-$user
2923-StateDir /tmp/cups-$user
2924-ServerBin /tmp/cups-$user/bin
2925-CacheDir /tmp/cups-$user/share
2926-DataDir /tmp/cups-$user/share
2927-FontPath /tmp/cups-$user/share/fonts
2928 PassEnv LOCALEDIR
2929-DocumentRoot $root/doc
2930-RequestRoot /tmp/cups-$user/spool
2931-TempDir /tmp/cups-$user/spool/temp
2932 MaxSubscriptions 3
2933 MaxLogSize 0
2934-AccessLog /tmp/cups-$user/log/access_log
2935-ErrorLog /tmp/cups-$user/log/error_log
2936-PageLog /tmp/cups-$user/log/page_log
2937 AccessLogLevel actions
2938 LogLevel debug2
2939 LogTimeFormat usecs
2940@@ -359,6 +344,25 @@
2941 </Policy>
2942 EOF
2943
2944+cat >/tmp/cups-$user/cups-files.conf <<EOF
2945+FileDevice yes
2946+Printcap
2947+User $user
2948+ServerRoot /tmp/cups-$user
2949+StateDir /tmp/cups-$user
2950+ServerBin /tmp/cups-$user/bin
2951+CacheDir /tmp/cups-$user/share
2952+DataDir /tmp/cups-$user/share
2953+FontPath /tmp/cups-$user/share/fonts
2954+DocumentRoot $root/doc
2955+RequestRoot /tmp/cups-$user/spool
2956+TempDir /tmp/cups-$user/spool/temp
2957+PidFile /tmp/cups-$user/cupsd.pid
2958+AccessLog /tmp/cups-$user/log/access_log
2959+ErrorLog /tmp/cups-$user/log/error_log
2960+PageLog /tmp/cups-$user/log/page_log
2961+EOF
2962+
2963 #
2964 # Setup lots of test queues - half with PPD files, half without...
2965 #