[cups/f16: 1/4] Bind to datagram socket as well in systemd cups.socket unit file, to prevent that port being stolen
Tim Waugh
twaugh at fedoraproject.org
Fri Dec 9 12:57:08 UTC 2011
commit 843ebb9de0506ff2c34f52525543b8a7fae25c6e
Author: Tim Waugh <twaugh at redhat.com>
Date: Thu Dec 8 16:31:26 2011 +0000
Bind to datagram socket as well in systemd cups.socket unit file, to prevent that port being stolen by another service (bug #760070).
cups-systemd-socket.patch | 194 ++++++++++++++++++++++++++++++++++++++-------
cups.spec | 6 +-
2 files changed, 171 insertions(+), 29 deletions(-)
---
diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch
index 8e5147d..605f58b 100644
--- a/cups-systemd-socket.patch
+++ b/cups-systemd-socket.patch
@@ -1,6 +1,6 @@
diff -up cups-1.5.0/config.h.in.systemd-socket cups-1.5.0/config.h.in
---- cups-1.5.0/config.h.in.systemd-socket 2011-10-18 15:32:40.741672460 +0100
-+++ cups-1.5.0/config.h.in 2011-10-18 15:32:40.843670530 +0100
+--- cups-1.5.0/config.h.in.systemd-socket 2011-12-08 17:21:46.397159342 +0000
++++ cups-1.5.0/config.h.in 2011-12-08 17:21:46.500157383 +0000
@@ -503,6 +503,13 @@
@@ -16,8 +16,8 @@ diff -up cups-1.5.0/config.h.in.systemd-socket cups-1.5.0/config.h.in
*/
diff -up cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket cups-1.5.0/config-scripts/cups-systemd.m4
---- cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket 2011-10-18 15:32:40.844670511 +0100
-+++ cups-1.5.0/config-scripts/cups-systemd.m4 2011-10-18 15:33:16.861989058 +0100
+--- cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket 2011-12-08 17:21:46.501157363 +0000
++++ cups-1.5.0/config-scripts/cups-systemd.m4 2011-12-08 17:21:46.501157363 +0000
@@ -0,0 +1,36 @@
+dnl
+dnl "$Id$"
@@ -57,7 +57,7 @@ diff -up cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket cups-1.5.0/con
+dnl
diff -up cups-1.5.0/configure.in.systemd-socket cups-1.5.0/configure.in
--- cups-1.5.0/configure.in.systemd-socket 2010-11-20 01:03:46.000000000 +0000
-+++ cups-1.5.0/configure.in 2011-10-18 15:32:40.844670511 +0100
++++ cups-1.5.0/configure.in 2011-12-08 17:21:46.501157363 +0000
@@ -37,6 +37,7 @@ sinclude(config-scripts/cups-pam.m4)
sinclude(config-scripts/cups-largefile.m4)
sinclude(config-scripts/cups-dnssd.m4)
@@ -77,8 +77,8 @@ diff -up cups-1.5.0/configure.in.systemd-socket cups-1.5.0/configure.in
doc/help/ref-cupsd-conf.html
doc/help/standard.html
diff -up cups-1.5.0/cups/usersys.c.systemd-socket cups-1.5.0/cups/usersys.c
---- cups-1.5.0/cups/usersys.c.systemd-socket 2011-10-18 15:32:40.645674277 +0100
-+++ cups-1.5.0/cups/usersys.c 2011-10-18 15:32:40.845670492 +0100
+--- cups-1.5.0/cups/usersys.c.systemd-socket 2011-12-08 17:21:46.312160958 +0000
++++ cups-1.5.0/cups/usersys.c 2011-12-08 17:21:46.502157344 +0000
@@ -770,7 +770,7 @@ cups_read_client_conf(
struct stat sockinfo; /* Domain socket information */
@@ -89,8 +89,8 @@ diff -up cups-1.5.0/cups/usersys.c.systemd-socket cups-1.5.0/cups/usersys.c
else
#endif /* CUPS_DEFAULT_DOMAINSOCKET */
diff -up cups-1.5.0/data/cups.path.in.systemd-socket cups-1.5.0/data/cups.path.in
---- cups-1.5.0/data/cups.path.in.systemd-socket 2011-10-18 15:32:40.846670473 +0100
-+++ cups-1.5.0/data/cups.path.in 2011-10-18 15:32:40.846670473 +0100
+--- cups-1.5.0/data/cups.path.in.systemd-socket 2011-12-08 17:21:46.503157325 +0000
++++ cups-1.5.0/data/cups.path.in 2011-12-08 17:21:46.503157325 +0000
@@ -0,0 +1,8 @@
+[Unit]
+Description=CUPS Printer Service Spool
@@ -101,8 +101,8 @@ diff -up cups-1.5.0/data/cups.path.in.systemd-socket cups-1.5.0/data/cups.path.i
+[Install]
+WantedBy=multi-user.target
diff -up cups-1.5.0/data/cups.service.in.systemd-socket cups-1.5.0/data/cups.service.in
---- cups-1.5.0/data/cups.service.in.systemd-socket 2011-10-18 15:32:40.846670473 +0100
-+++ cups-1.5.0/data/cups.service.in 2011-10-18 15:32:40.846670473 +0100
+--- cups-1.5.0/data/cups.service.in.systemd-socket 2011-12-08 17:21:46.503157325 +0000
++++ cups-1.5.0/data/cups.service.in 2011-12-08 17:21:46.503157325 +0000
@@ -0,0 +1,9 @@
+[Unit]
+Description=CUPS Printing Service
@@ -114,22 +114,23 @@ diff -up cups-1.5.0/data/cups.service.in.systemd-socket cups-1.5.0/data/cups.ser
+Also=cups.socket cups.path
+WantedBy=printer.target
diff -up cups-1.5.0/data/cups.socket.in.systemd-socket cups-1.5.0/data/cups.socket.in
---- cups-1.5.0/data/cups.socket.in.systemd-socket 2011-10-18 15:32:40.847670454 +0100
-+++ cups-1.5.0/data/cups.socket.in 2011-10-18 15:32:40.847670454 +0100
-@@ -0,0 +1,10 @@
+--- cups-1.5.0/data/cups.socket.in.systemd-socket 2011-12-08 17:21:46.504157306 +0000
++++ cups-1.5.0/data/cups.socket.in 2011-12-08 17:21:46.504157306 +0000
+@@ -0,0 +1,11 @@
+[Unit]
+Description=CUPS Printing Service Sockets
+
+[Socket]
+ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
+ListenStream=631
++ListenDatagram=0.0.0.0:631
+BindIPv6Only=ipv6-only
+
+[Install]
+WantedBy=sockets.target
diff -up cups-1.5.0/data/Makefile.systemd-socket cups-1.5.0/data/Makefile
--- cups-1.5.0/data/Makefile.systemd-socket 2011-05-12 06:21:56.000000000 +0100
-+++ cups-1.5.0/data/Makefile 2011-10-18 15:32:40.847670454 +0100
++++ cups-1.5.0/data/Makefile 2011-12-08 17:21:46.504157306 +0000
@@ -112,6 +112,12 @@ install-data:
$(INSTALL_DATA) $$file $(DATADIR)/ppdc; \
done
@@ -154,8 +155,8 @@ diff -up cups-1.5.0/data/Makefile.systemd-socket cups-1.5.0/data/Makefile
#
diff -up cups-1.5.0/Makedefs.in.systemd-socket cups-1.5.0/Makedefs.in
---- cups-1.5.0/Makedefs.in.systemd-socket 2011-10-18 15:32:40.719672876 +0100
-+++ cups-1.5.0/Makedefs.in 2011-10-18 15:32:40.848670435 +0100
+--- cups-1.5.0/Makedefs.in.systemd-socket 2011-12-08 17:21:46.375159760 +0000
++++ cups-1.5.0/Makedefs.in 2011-12-08 17:21:46.505157287 +0000
@@ -143,6 +143,7 @@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
CXXLIBS = @CXXLIBS@
DBUS_NOTIFIER = @DBUS_NOTIFIER@
@@ -182,7 +183,7 @@ diff -up cups-1.5.0/Makedefs.in.systemd-socket cups-1.5.0/Makedefs.in
#
diff -up cups-1.5.0/scheduler/client.h.systemd-socket cups-1.5.0/scheduler/client.h
--- cups-1.5.0/scheduler/client.h.systemd-socket 2011-03-25 21:25:38.000000000 +0000
-+++ cups-1.5.0/scheduler/client.h 2011-10-18 15:32:40.848670435 +0100
++++ cups-1.5.0/scheduler/client.h 2011-12-08 17:21:46.505157287 +0000
@@ -75,6 +75,9 @@ typedef struct
int fd; /* File descriptor for this server */
http_addr_t address; /* Bind address of socket */
@@ -193,9 +194,99 @@ diff -up cups-1.5.0/scheduler/client.h.systemd-socket cups-1.5.0/scheduler/clien
} cupsd_listener_t;
+diff -up cups-1.5.0/scheduler/dirsvc.c.systemd-socket cups-1.5.0/scheduler/dirsvc.c
+--- cups-1.5.0/scheduler/dirsvc.c.systemd-socket 2011-12-08 17:21:46.452158297 +0000
++++ cups-1.5.0/scheduler/dirsvc.c 2011-12-08 17:21:46.510157192 +0000
+@@ -1512,7 +1512,7 @@ cupsdStartBrowsing(void)
+ }
+ }
+
+- if (BrowseSocket >= 0)
++ if (BrowseSocket >= 0 && !BrowseSocketIsSystemd)
+ {
+ /*
+ * Bind the socket to browse port...
+@@ -1556,13 +1556,17 @@ cupsdStartBrowsing(void)
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to set broadcast mode - %s.",
+ strerror(errno));
+
++ if (!BrowseSocketIsSystemd)
++ {
+ #ifdef WIN32
+- closesocket(BrowseSocket);
++ closesocket(BrowseSocket);
+ #else
+- close(BrowseSocket);
++ close(BrowseSocket);
+ #endif /* WIN32 */
+
+- BrowseSocket = -1;
++ BrowseSocket = -1;
++ }
++
+ BrowseLocalProtocols &= ~BROWSE_CUPS;
+ BrowseRemoteProtocols &= ~BROWSE_CUPS;
+
+@@ -1885,15 +1889,22 @@ cupsdStopBrowsing(void)
+ if (((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS) &&
+ BrowseSocket >= 0)
+ {
+- /*
+- * Close the socket and remove it from the input selection set.
+- */
++ if (!BrowseSocketIsSystemd)
++ {
++ /*
++ * Close the socket.
++ */
+
+ #ifdef WIN32
+- closesocket(BrowseSocket);
++ closesocket(BrowseSocket);
+ #else
+- close(BrowseSocket);
++ close(BrowseSocket);
+ #endif /* WIN32 */
++ }
++
++ /*
++ * Remove it from the input selection set.
++ */
+
+ cupsdRemoveSelect(BrowseSocket);
+ BrowseSocket = -1;
+@@ -5683,11 +5694,14 @@ update_cups_browse(void)
+ strerror(errno));
+ cupsdLogMessage(CUPSD_LOG_ERROR, "CUPS browsing turned off.");
+
++ if (!BrowseSocketIsSystemd)
++ {
+ #ifdef WIN32
+- closesocket(BrowseSocket);
++ closesocket(BrowseSocket);
+ #else
+- close(BrowseSocket);
++ close(BrowseSocket);
+ #endif /* WIN32 */
++ }
+
+ cupsdRemoveSelect(BrowseSocket);
+ BrowseSocket = -1;
+diff -up cups-1.5.0/scheduler/dirsvc.h.systemd-socket cups-1.5.0/scheduler/dirsvc.h
+--- cups-1.5.0/scheduler/dirsvc.h.systemd-socket 2011-12-08 17:21:46.454158257 +0000
++++ cups-1.5.0/scheduler/dirsvc.h 2011-12-08 17:21:46.511157174 +0000
+@@ -100,6 +100,8 @@ VAR int Browsing VALUE(TRUE),
+ /* Short names for remote printers? */
+ BrowseSocket VALUE(-1),
+ /* Socket for browsing */
++ BrowseSocketIsSystemd VALUE(0),
++ /* BrowseSocket is systemd-provided? */
+ BrowsePort VALUE(IPP_PORT),
+ /* Port number for broadcasts */
+ BrowseInterval VALUE(DEFAULT_INTERVAL),
diff -up cups-1.5.0/scheduler/listen.c.systemd-socket cups-1.5.0/scheduler/listen.c
--- cups-1.5.0/scheduler/listen.c.systemd-socket 2011-04-16 00:38:13.000000000 +0100
-+++ cups-1.5.0/scheduler/listen.c 2011-10-18 15:32:40.849670416 +0100
++++ cups-1.5.0/scheduler/listen.c 2011-12-08 17:21:46.512157155 +0000
@@ -401,7 +401,11 @@ cupsdStopListening(void)
lis;
lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
@@ -210,8 +301,8 @@ diff -up cups-1.5.0/scheduler/listen.c.systemd-socket cups-1.5.0/scheduler/liste
#ifdef WIN32
closesocket(lis->fd);
diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
---- cups-1.5.0/scheduler/main.c.systemd-socket 2011-10-18 15:32:40.802671306 +0100
-+++ cups-1.5.0/scheduler/main.c 2011-10-18 15:32:40.851670379 +0100
+--- cups-1.5.0/scheduler/main.c.systemd-socket 2011-12-08 17:21:46.467158009 +0000
++++ cups-1.5.0/scheduler/main.c 2011-12-08 17:23:05.944645297 +0000
@@ -26,6 +26,8 @@
* launchd_checkin() - Check-in with launchd and collect the listening
* fds.
@@ -272,7 +363,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
/*
* Startup the server...
*/
-@@ -1584,6 +1609,100 @@ launchd_checkout(void)
+@@ -1584,6 +1609,147 @@ launchd_checkout(void)
}
#endif /* HAVE_LAUNCHD */
@@ -304,14 +395,61 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
+ char s[256];
+
+ r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1);
-+ if (r < 0) {
++ if (r < 0)
++ {
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "systemd_checkin: Unable to verify socket type - %s",
+ strerror(-r));
+ continue;
+ }
+
-+ if (!r) {
++ if (!r)
++ {
++ cupsdLogMessage(CUPSD_LOG_ERROR,
++ "Browsing=%d", Browsing);
++ cupsdLogMessage(CUPSD_LOG_ERROR,
++ "BrowseLocalProtocols=%x", BrowseLocalProtocols);
++ cupsdLogMessage(CUPSD_LOG_ERROR,
++ "BrowseRemoteProtocols=%x", BrowseRemoteProtocols);
++ cupsdLogMessage(CUPSD_LOG_ERROR,
++ "BROWSE_CUPS=%x", BROWSE_CUPS);
++ if (Browsing &&
++ ((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS))
++ {
++ r = sd_is_socket(fd, AF_UNSPEC, SOCK_DGRAM, 0);
++ if (r < 0)
++ {
++ cupsdLogMessage(CUPSD_LOG_ERROR,
++ "systemd_checkin: Unable to verify socket type - %s",
++ strerror(-r));
++ continue;
++ }
++
++ if (r)
++ {
++ /*
++ * This is the browse socket.
++ */
++
++ char addrstr[256];
++ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen))
++ {
++ cupsdLogMessage(CUPSD_LOG_ERROR,
++ "systemd_checkin: Unable to get local address - %s",
++ strerror(errno));
++ continue;
++ }
++
++ httpAddrString (&addr, addrstr, sizeof (addrstr));
++ BrowseSocket = fd;
++ BrowseSocketIsSystemd = 1;
++ cupsdLogMessage(CUPSD_LOG_DEBUG,
++ "systemd_checkin: Matched browse (port %d) with fd %d:%s...",
++ BrowsePort, fd, addrstr);
++ continue;
++ }
++
++ }
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "systemd_checkin: Socket not of the right type");
+ continue;
@@ -325,7 +463,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
+ continue;
+ }
+
-+ /*
++ /*
+ * Try to match the systemd socket address to one of the listeners...
+ */
+
@@ -333,7 +471,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
+ lis;
+ lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
+ if (httpAddrEqual(&lis->address, &addr))
-+ break;
++ break;
+
+ if (lis)
+ {
@@ -374,8 +512,8 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
/*
* 'parent_handler()' - Catch USR1/CHLD signals...
diff -up cups-1.5.0/scheduler/Makefile.systemd-socket cups-1.5.0/scheduler/Makefile
---- cups-1.5.0/scheduler/Makefile.systemd-socket 2011-10-18 15:32:40.817671022 +0100
-+++ cups-1.5.0/scheduler/Makefile 2011-10-18 15:32:40.852670360 +0100
+--- cups-1.5.0/scheduler/Makefile.systemd-socket 2011-12-08 17:21:46.477157820 +0000
++++ cups-1.5.0/scheduler/Makefile 2011-12-08 17:21:46.515157096 +0000
@@ -382,7 +382,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu
$(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \
$(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \
diff --git a/cups.spec b/cups.spec
index 867828c..4750bb0 100644
--- a/cups.spec
+++ b/cups.spec
@@ -13,7 +13,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.5.0
-Release: 22%{?dist}
+Release: 23%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -660,6 +660,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/ipptool.1.gz
%changelog
+* Fri Dec 9 2011 Tim Waugh <twaugh at redhat.com> 1:1.5.0-23
+- Bind to datagram socket as well in systemd cups.socket unit file, to
+ prevent that port being stolen by another service (bug #760070).
+
* Fri Nov 11 2011 Tim Waugh <twaugh at redhat.com> 1:1.5.0-22
- Fixed trigger (bug #748841).
More information about the scm-commits
mailing list