[Bug 191515] New: print/cups-base: cupsd incorrectly requests peer's credentials

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191515

            Bug ID: 191515
           Summary: print/cups-base: cupsd incorrectly requests peer's
                    credentials
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: KOT at MATPOCKuH.Ru

To receive peer's credentials in scheduler/auth.c uses this code:
if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize))

But on FreeBSD getsockopt() can't return peer's credentials.
As result cupsd can't verify peer's credentials and some applications like
cups-browsed will fail to communicate with cupsd.
In /var/log/cups/messages I see messages like this:
E [30/Jun/2014:19:24:32 +0400] [Client 11] Invalid peer credentials for "root"
- got 556557241, expected 0!

To fix this problem I used this simple and dumb patch:
--- scheduler/auth.c.orig       2014-06-30 19:17:02.796524975 +0400
+++ scheduler/auth.c    2014-06-30 19:18:00.818031410 +0400
@@ -559,7 +559,7 @@
 #  ifdef __APPLE__
     if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize))
 #  else
-    if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred,
&peersize))
+    if (getpeereid(con->http.fd, &(peercred.cr_uid),
&(peercred.cr_groups[0])))
 #  endif /* __APPLE__ */
     {
       cupsdLogMessage(CUPSD_LOG_ERROR,

But this solution may be incomplete.
Also required escalation of this problem to Apple.

-- 
You are receiving this mail because:
You are the assignee for the bug.