[Bug 191515] New: print/cups-base: cupsd incorrectly requests peer's credentials
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jun 30 15:33:09 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191515
Bug ID: 191515
Summary: print/cups-base: cupsd incorrectly requests peer's
credentials
Product: Ports Tree
Version: Latest
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: KOT at MATPOCKuH.Ru
To receive peer's credentials in scheduler/auth.c uses this code:
if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize))
But on FreeBSD getsockopt() can't return peer's credentials.
As result cupsd can't verify peer's credentials and some applications like
cups-browsed will fail to communicate with cupsd.
In /var/log/cups/messages I see messages like this:
E [30/Jun/2014:19:24:32 +0400] [Client 11] Invalid peer credentials for "root"
- got 556557241, expected 0!
To fix this problem I used this simple and dumb patch:
--- scheduler/auth.c.orig 2014-06-30 19:17:02.796524975 +0400
+++ scheduler/auth.c 2014-06-30 19:18:00.818031410 +0400
@@ -559,7 +559,7 @@
# ifdef __APPLE__
if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize))
# else
- if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred,
&peersize))
+ if (getpeereid(con->http.fd, &(peercred.cr_uid),
&(peercred.cr_groups[0])))
# endif /* __APPLE__ */
{
cupsdLogMessage(CUPSD_LOG_ERROR,
But this solution may be incomplete.
Also required escalation of this problem to Apple.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list